Three things you need to ask when choosing an authentication solution

Jonathan Knoll|28 March 2018
Three things you need to ask when choosing an authentication solution

I sometimes think that here, in the IT security sector, we’re having the wrong conversation about authentication. As we debate the respective merits of the various solutions, we’re in danger of forgetting the most important member of the value chain: the customer.  

Before joining Entersekt, I spent five years at PayPal – a company known for being highly trusted by their hundreds of millions of customers, as well as for their great customer experience. When debating new partnerships or features, our discussions there would typically start with the question: Why would the customer do this? I believe that this is a worthwhile point of departure for any business decision.

Selecting an authentication solution is no different. We should be asking ourselves: what is the customer’s need, and how can we best meet that? What does a customer-focused, secure authentication solution look like? Well, to get it right, we need to ask the following three questions.

1. Will it be used?

For an authentication mechanism to be used, it needs to be understood. As the German saying goes, you need to “pick up the customer where they are standing”. Will the customer base you are targeting be comfortable using this security feature? Given the popularity of apps as a way to transact as well as a way to make contact with their financial institutions, it appears consumers have voted with their feet or, more accurately, with their fingers. For example, the Sparkassen organization in Germany found that customer contact through their S-Apps has increased by 157% over the past 3 years. This far outpaced contact through online channels (up 25%) or self-service channels, which have all decreased. For this kind of customer base, you will want an effortless way to for them to interact with their bank on the mobile.

2. Is it relevant?

If you’re serving digital natives, don’t ask them to do anything burdensome like enter an mTAN on their mobile. The customer must be able to simply tap “accept” or “reject” on their mobile device to confirm or deny a transaction. And, if they are comfortable using TouchID, FaceID or other forms of biometrics, that should be a part of your offering. Just make sure it makes the grade in terms of security (see below).

You need to stay relevant, enabling your customers to transact when and where they want. You don’t want your system to decline a perfectly acceptable transaction just because the customer happens to be using their card in an unexpected way, raising a risk trigger. An experience like this may be the last time that consumer uses your card or service. According to Mastercard, 39% of customers abandon a card after a false decline, while a quarter decrease their usage of that card.

Switching to a different financial service provider will get even easier with the introduction of PSD2. How you handle these false positives (declines) will have a huge effect on the profitability of your business and on customer loyalty, since many card-holders avoid certain transactions altogether because of security concerns. By creating a smoother, more predictable process, financial institutions can lower their transaction abandonment rates.

3. Does it build trust?

The most effective mobile banking solutions are found at the intersection of customer convenience and security. Preventing malware and man-in-the-middle attacks is a must, but so is ensuring that the customer is in charge of their transactions.

The best way to achieve visible security is to actively involve your customers in authentication, which requires a real-time response by the user to a push notification sent to their mobile phone every time they wish to log into their online banking, do a transaction, or perform another sensitive action. This type of authentication means that users are engaged and feel in control during transactions, which gives them a sense of empowerment. And this empowerment builds trust, leading to more transactions.

About the author

Jonathan Knoll

Jonathan Knoll

Country manager Central Europe

Jonathan brings us over 25 years’ experience in business development, strategy, marketing, and sales in the United States and Europe. Most recently, he served as director of financial services strategic partnerships at PayPal, building on his already extensive knowledge of the digital payments and financial services industries.

Subscribe to our newsletter for our latest news, press releases and events

logo entersekt

Entersekt is an international software development company based just outside of Cape Town, South Africa.

We are leaders in authentication, app security, and payments enablement technology, offering a highly scalable solution set with a track record of success across multiple continents.