Snippet: Selecting an authentication solution is no different. We should be asking ourselves: what is the customer’s need, and how can we best meet that? What does a customer-focused, secure authentication solution look like? Well, to get it right, we need to ask the following three questions.

I sometimes think that here, in the IT security sector, we’re having the wrong conversation about authentication. As we debate the respective merits of the various solutions, we’re in danger of forgetting the most important member of the value chain: the customer.  

Before joining Entersekt, I spent five years at PayPal – a company known for being highly trusted by their hundreds of millions of customers, as well as for their great customer experience. When debating new partnerships or features, our discussions there would typically start with the question: Why would the customer do this? I believe that this is a worthwhile point of departure for any business decision.

Selecting an authentication solution is no different. We should be asking ourselves: what is the customer’s need, and how can we best meet that? What does a customer-focused, secure authentication solution look like? Well, to get it right, we need to ask the following three questions.

1. Will it be used?

For an authentication mechanism to be used, it needs to be understood. As the German saying goes, you need to “pick up the customer where they are standing”. Will the customer base you are targeting be comfortable using this security feature? Given the popularity of apps as a way to transact as well as a way to make contact with their financial institutions, it appears consumers have voted with their feet or, more accurately, with their fingers. For example, the Sparkassen organization in Germany found that customer contact through their S-Apps has increased by 157% over the past 3 years. This far outpaced contact through online channels (up 25%) or self-service channels, which have all decreased. For this kind of customer base, you will want an effortless way to for them to interact with their bank on the mobile.

2. Is it relevant?

If you’re serving digital natives, don’t ask them to do anything burdensome like enter an mTAN on their mobile. The customer must be able to simply tap “accept” or “reject” on their mobile device to confirm or deny a transaction. And, if they are comfortable using TouchID, FaceID or other forms of biometrics, that should be a part of your offering. Just make sure it makes the grade in terms of security (see below).

You need to stay relevant, enabling your customers to transact when and where they want. You don’t want your system to decline a perfectly acceptable transaction just because the customer happens to be using their card in an unexpected way, raising a risk trigger. An experience like this may be the last time that consumer uses your card or service. According to Mastercard, 39% of customers abandon a card after a false decline, while a quarter decrease their usage of that card.

Switching to a different financial service provider will get even easier with the introduction of PSD2. How you handle these false positives (declines) will have a huge effect on the profitability of your business and on customer loyalty, since many card-holders avoid certain transactions altogether because of security concerns. By creating a smoother, more predictable process, financial institutions can lower their transaction abandonment rates.

3. Does it build trust?

The most effective mobile banking solutions are found at the intersection of customer convenience and security. Preventing malware and man-in-the-middle attacks is a must, but so is ensuring that the customer is in charge of their transactions.

The best way to achieve visible security is to actively involve your customers in authentication, which requires a real-time response by the user to a push notification sent to their mobile phone every time they wish to log into their online banking, do a transaction, or perform another sensitive action. This type of authentication means that users are engaged and feel in control during transactions, which gives them a sense of empowerment. And this empowerment builds trust, leading to more transactions.

Subscribe to our blog.

Entersekt editor

An avid scowler and violent sharpener of pencils, Editor’s bark is worse than her bite. Every scrap of writing that crosses her desk she treats with the same care she would her own privately published comic verse. Any orphans and misfits, she takes under her wing. After hours, she practices amateur type design and represents her local library in extreme kerning competitions.



Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.