How can banks tread the line between security and user experience?

• With banking becoming increasingly digital in Asia, consumers are looking for quicker and always-on access to their banks. However, digital technologies also pose threats as they expose banks and customers to novel risks.

• To avoid eroding customer trust and loyalty, banks will need to strike the right balance between security and user experience.

• The solution may lie in ensuring humans and digital systems work in harmony.

Banking is becoming increasingly digital in Asia. Boston Consulting Group estimates that Asia Pacific (APAC) houses about 50 of the 249 digital banks worldwide, and 10 out of the 13 that are profitable are based in the region. This means more consumers are getting used to digital services — Southeast Asia, for instance, gained 40 million new internet users in 2021 — and will demand fast, efficient, and always-on access to their banks. 

However, with new opportunities come new threats. While digital technologies make things more convenient, the recent spate of online scams in Singapore underscores how they also expose banks and customers to novel risks. 

To avoid eroding customer trust and loyalty, banks will need to learn how to bolster security without sacrificing user experience. The solution may lie in making sure humans and digital systems work in harmony.

Asia’s growing cybersecurity problem

Asia’s rapid digitalisation in recent years has made it a prime target for cybercriminals. From 2020 to 2021, APAC saw a 168% increase in cyberattacks, according to an analysis by Check Point Research. Ransomware, Remote Access Trojan (RAT), banking trojans, and info stealers drove the biggest rise in incidents. 

In Singapore, customers have lost millions due to a string of online scams from 2021 until early this year. One of the latest tricks came in the form of fake bank hotlines found in advertisements on Google searches, which resulted in losses amounting to at least S$495,000. There were also phishing scams that targeted DBS and OCBC customers, the latter of which led to S$8.5 million in losses.

While in Hong Kong, the region’s other international financial centre, scammers have laundered close to HK$29 billion from over 10,000 victims through bank accounts and cryptocurrency wallets over the past 4.5 years.

These threats will only intensify over time as more systems go online and hackers become more sophisticated. They may also influence regulations, which then affect how banks serve their customers. For example, in response to the OCBC incident, the Monetary Authority of Singapore is now requiring banks to tighten security by removing hyperlinks in SMS or email communications with retail customers, among other measures. While such security measures improve customer protection, they could also make access to banks’ products and services less seamless, impacting the user experience negatively. 

Banks are now challenged to straddle the fine line between security and customer experience, two things that have historically been deemed to be at odds with each other. Open banking, for example, opens doors for innovation and lets banks deliver added value to their customers. However, opening up their systems and sharing their data with third parties also exposes banks to security threats. 

On one hand, banks need to ensure the safety of their customers and their data. But on the other, they also need to make sure they are still innovating and that their measures aren’t so rigid as to dissuade customers from using their products and services.

Balancing robust security and a great user experience

The banks of the future are transforming rapidly to be data-driven through the use of technology, while remaining purpose-oriented and efficiency-focused to embrace evolving business models. Most importantly, they strive to put customers at the centre of every strategy.

To keep both customers and regulators happy, banks will need to find solutions that blend security with convenience. They should aim to optimise the user experience and minimise security risks, which, in many cases, is easier said than done. 

In today’s digital age, technologies like blockchain, big data, and artificial intelligence (AI) make this possible — they both strengthen security and trust among customers and enable seamless user experiences. But to truly optimise security and user experience, digital systems and humans need to work together rather than in silos.

To execute this balancing act, banks can approach security and innovation through user-centred design (UCD) and design thinking, thereby putting the user at the centre of product development.

The great thing about these approaches is that they do not just consider the “hard” technical and functional needs of customers, but also their “soft” behaviours, beliefs, and emotions. Banks can, thus, discover and deploy solutions that address customers’ unique, real-world contexts and not just in a best-case, controlled environment. 

This is important because the majority of security breaches are caused by human error or negligence. Even though governments and businesses tout the importance of cybersecurity being a “shared responsibility,” it's the consumers who still get the brunt of the blame when a breach occurs. 

For example, one-time passwords (OTP) offer an added layer of protection by making users confirm their identities through their mobile phones. But this is only secure if users do not share their OTP with others. As experience shows, that’s not always the case. One could say that the customer bears some fault, but perhaps they are simply part of a flawed system to begin with. If banks are not able to reconcile security and customer experience, they risk aggravating and losing loyal customers who endure lose-lose situations. 

UCD and design thinking allow banks to iterate and discover the most seamless and user-friendly solutions for their customers, who can then enjoy financial services without sacrificing security.

How banks can innovate while protecting their customers

Technology plays a huge role in striking the balance between security and user experience. AI and machine learning have become pivotal in the financial services sector. JPMorgan Chase, for example, developed an AI-based “early warning” security system that detected malware, Trojans, and other threats before they could reach customers and employees. 

To optimise the combination of people and technology, humans must learn how to work in harmony with machines. Optimal human-machine interactions can take the form of four possible scenarios.

• The first is akin to a “transfer of the baton,” where a process is broken down into individual steps, of which a given step can be taken on either by a human or a machine. 
• Another scenario is where machines manage the entire process, but humans ultimately make the final decisions.
• A third scenario has humans managing the process with the help of AI through training and analytics.
• A final scenario visualises humans and machines alternating roles in an iterative process loop. 

These four scenarios or approaches can translate to creative ways of solving a particular design problem and can help banks think about how they can best set up the human-machine relationships in their business.

With these tools — UCD, design thinking, emerging technologies, and a better understanding of optimal human-machine relationships — banks are better equipped to design products and services that are both convenient and secure.

Improving security and user experience must be a top priority

As both banks and their customers become increasingly digital, the problem of cyber fraud and risks will only continue to intensify. With digital banks taking off in Asia and Singapore’s digital bank licenses expected to begin operations in 2022, banking and financial services must prioritise investments in building a robust architecture and cross-functional teams equipped to deal with such issues. This will allow organisations to strengthen processes and operations, staying flexible enough to react to ever-evolving security threats, all while serving customer needs and prioritising customer experience