Frictionless banking: the future – or fool’s gold?
But here’s the thing about friction: it’s a force, and forces are not inherently bad. Gravity, for example, is highly inconvenient when you’re underneath a falling piano, but highly useful when it’s preventing the earth from breaking up into chunks and floating off into space. Similarly, the idea of ‘frictionless banking’ suggests that friction doesn’t have some very important functions.
The right kind of friction
If you’re making a regular payment to a registered supplier, you probably don’t want to deal with multiple authentication steps. You trust the person or organisation that you’re paying, and you don’t need to confirm it again every time you transact with them: a voice command, a selfie, or a fingerprint ought to be enough.
But what about new, more complicated behaviours? If you want to set up an international standing order, empty one account into another or spend your child’s inheritance on a Patek Phillipe wristwatch, you should be able to – but not without extra layers of confirmation.
Without the necessary friction provided by a step-up authentication process, the system can’t tell the difference between someone intending to use their money and a fraudster intending to steal it. It can be frustrating when it’s triggered by a taxi ride or a harmless, impulsive bet – nobody likes having to ring the bank to confirm that they are, in fact, themselves. That said, the aim should be to reduce annoying friction, not eliminate the good friction.
Acceptable and unacceptable risk
This can be done by applying step-up and step-down authentication in real time: analysing the fraud risk to maximise convenience where appropriate and security where necessary. Technology empowered with passive behavioural authentication can monitor behaviour in-session. Using deep learning and a context-driven model to analyse user information, it can build a bigger picture of typical and atypical actions. In doing so, it can develop an understanding of what is and what isn’t a security risk.
The system will ‘step up’ to an organisation’s existing security mechanism, which could be a password re-entry or voice or face authentication when a transaction seems suspicious or strange – and ‘step down’ when behaviours are normal or routine. If you’re clicking, moving, typing, or swiping in a way that doesn’t match your normal style, the technology will know about it.
Holding up a transaction is understandable when it’s high-value and high-risk; less so when it’s part of your day-to-day purchase process. With the right kind of authentication technology, you can apply the right amount of friction – but not so much that the user starts to chafe.
The right authentication technology will be able to capture all this user data without sacrificing security and compliance. Raw biometric information is legally protected to the point where vendors simply aren’t allowed to store it. At AimBrain, we make sure to capture any data – voice, face, behavioural or otherwise – in your bank’s secure environment, converting it to a non-reversible mathematical construct upon reaching our servers. The code is compared to a pseudonymised user template – and the bank receives a risk score, in a JSON format and in real time, which – based on their risk engine and specific use case – goes to an accept, step-up or reject decision. Data isn’t compromised or misused: numbers are simply and efficiently compared against numbers.
It’s an example of the right amount of friction; friction being applied in a way that makes sense for the user and the institution. It also highlights the dangers of simply removing it from the equation entirely, because the good kind of friction isn’t about inconveniencing the customer or their bank, but ensuring safety, accountability, and responsibility. It’s the bouncer at the club, waving through the regulars, and sizing up any unfamiliar or suspicious characters before letting them in.
AimBrain is a Biometric Identity as-a-Service platform that provides behavioural, voice and facial authentication. Its cloud model enables banks to roll out any module across any channel, for omnichannel authentication.
About the author:
Andrius Sutas is CEO and co-founder of AimBrain – https://aimbrain.com