Money transfers: Security and user experience solutions
Organizations looking to thrive must maintain focus on customer experiences that fuel growth. For decades, technological innovation has been a key enabler in this respect. The cloud and the shift toward Web3 in particular have escalated the pace of innovation, notably when it comes to facilitating “anywhere, anytime” experiences.
However, risks are lurking in the wake of this innovation, with customers being exposed to pervasive and well-resourced threats. In fact, today’s customer experiences represent a vulnerable attack surface. As OneSpan CEO Matt Moynahan wrote recently, "there is a growing concern that hackers will increasingly manipulate the integrity of digital agreements and their underlying artifacts, essentially the foundation of business and our capital markets.”
The good news is that there are dedicated solutions to help organizations establish trusted customer relationships, through identity verification and high-assurance user authentication, to help protect them and their customers throughout the customer lifecycle.
And while high-assurance security is often seen as one end of a spectrum, with the “delightful” customer experience being at the other end, this is not necessarily the case. That’s exactly why today’s FIs (financial institutions) are facing intense competitive pressure to find the right balance between security and experience, so they can unlock their capacity for better, more profitable customer experiences.
Money transfers: what’s at stake?
At the core of their business, FIs are fueled by trust. That’s why security is so critical – it serves to protect and build client trust across in-person, digital, and mobile channels for financial transactions of all stripes.
If that were all that was required, things would perhaps be straightforward, if not necessarily easy. But alongside robust security measures, FIs are looking to boost competitiveness in ever-more crowded markets, by improving productivity and reducing transaction execution time for clients who otherwise might abandon the process altogether.
Seemingly at odds, these two realities can in fact be complementary. This is especially true given that clients do not necessarily expect – or want – a wholly frictionless experience.
As OneSpan Field CTO Dan McLoughlin put it in a recent interview: “You've got to remember that your customers ... don't necessarily want to be feeling that things are invasive, but they also want to feel that there is a level of security. Users will expect to be protected.”
Typical business challenges associated with money transfers
Security infrastructure
With security comes customer assurance, and with that assurance comes growth. That’s why an increased focus on robust security is non-negotiable in today’s world, as well as in preparation for tomorrow’s.
Indeed, as noted recently by Sameer Hajarnis, Chief Product Officer at OneSpan: “With a shift in the attack surface, security will need to be woven throughout the journey and throughout workflows, and it will need to be done seamlessly to avoid disrupting the digital experience that exists ... This will be a top priority for organizations and security companies alike, and proving identity and ensuring trust in digital processes will become the defining factor of success.”
Given OneSpan’s 30-year heritage of industry-leading security, it’s inevitably a key focus of our solutions for FIs. Here are just a few.
| Security infrastructure recommendations: | OneSpan solutions | Technology capability |
| Protect higher value transactions and vulnerable user groups | Personal security devices with biometrics or one-time passwords (OTPs) | |
| Create secure channels between banks and customers, ensuring message authenticity | Convenient and secure WYSIWYS (what-you-see-is-what-you-sign) dynamic linking application technology | |
| Enable strong mobile security & authentication | Seamless mobile authentication & transaction data signing technology, integrated into financial mobile apps | |
| Provide a secure execution environment for mission-critical mobile apps even on compromised mobile devices | Strongest mobile application protection |
Attack prevention
As a result of the rise in digital interactions, online fraud has increased dramatically. Millions of individuals and businesses fall victim to social engineering attacks such as APP (authorized push payment) scams that trick them into sending money to accounts controlled by fraudsters.
This is taking place in an industry that is experiencing a veritable surge in mobile malware attacks, where cyber criminals are delivering malicious text messages and applications to users to steal sensitive information including passwords and bank details.
At the same time, social engineering techniques will continue to evolve and are used at scale, meaning FIs must find ways to future-proof online and mobile banking against sophisticated attacks.
| Attack protection recommendations: | OneSpan solutions | Technology capability |
| Protect against adversary-in-the-middle attacks and social engineering | Transaction data signing | |
| Protect against APP (authorized push payment) fraud | Secure channel technology | |
| Protect against reverse engineering and repackaging | Seamless mobile authentication & transaction data signing technology, integrated into financial mobile apps | |
| Protect against overlay attacks, keyloggers, app repackaging, screen reader, and others | Built-in protection for mobile apps, with a fully automated no-code integration process, and with the highest level of security, both at rest and at runtime |
Compliance and the customer experience
The financial sector is of course no stranger to regulatory complexity. But in a world where cloud-enabled transactions are taken as a given by customers, the scale of inter-jurisdictional and cross-border intricacies has exploded.
They need to be addressed in a way that is as transparent as possible to the customer, even as they impact the way customers manage their transactions on a day-to-day basis. For instance, some existing transaction protection practices (e.g., transaction authorization codes via SMS-messages) are no longer effective and will phase out to comply with new versions of regulation standards.
| Customer experience & compliance recommendations: | OneSpan solutions | Technology capability |
| Meet regulatory compliance requirements while providing a secure and convenient mobile app UX | WYSIWYS (what-you-see-is-what-you-sign) capabilities, dynamic linking, and a broad array of authentication options, including biometrics, FIDO, push notification, and Cronto | |
| Provide higher-assurance authentication and a passwordless experience, including biometrics and FIDO technology | Personal security devices | |
| Provide user-friendly authentication options and biometrics |
| Mobile authenticators |
Next steps and tips
Once you’ve identified the strategic areas that will undergo transformation and that typically impact money transfer scenarios, bear some technology selection best practices in mind:
First, adopting general-use solutions, not designed for money transfer applications, can lead to user confusion, errors, and high process abandonment rates.
Second, ensure that you are solving for all channels represented by your clients, as implementing a one-option solution creates a single point of failure, cuts out some user groups, and bottlenecks innovation for digital channels.
Naturally, it can be challenging to identify technology that is designed for fast adoption as well as 100% of your customers’ security requirements. However, it is certainly possible for banks and FIs to provide a consistent and secure user experience across all digital channels, while offering customers maximum flexibility to choose between hardware or software options.
Talk to a security expert or request a demo to learn how.
Explore the OneSpan Product Use Case Catalog for more information.
E-book
Use Case Catalog
Our solution portfolio supports secure, simple end-to-end experiences for your clients. Find out how.
Read now
