Can Strong Customer Authentication and User Experience be friends?
With the emergence of digital-only banks, every established bank has to re-evaluate their UX without compromising on security. Can SCA and UX be friends?
In the past a mobile banking app didn’t have to do much – customers just wanted a quick way to see their account balance or check their most recent transactions for anything suspicious. So it made sense to design mobile apps to be stripped down versions of their desktop counterparts, while ensuring both met the same criteria for security. But with the emergence of digital-only banks, and their focus on optimised customer journeys, every established bank has been forced to re-evaluate their apps.
Secure logins for the one-click generation
At the same time, consumers are becoming accustomed to the convenience of literally everything being just a couple of clicks away, in an app. Ride sharing, food delivery or even medical appointments are now accessible faster than ever. But for organisations that are either subject to requirements for strong customer authentication, or want to protect their customers’ data, this convenience hasn’t been easy to achieve. The result was cumbersome processes for app login, which translates to lower login frequency and, eventually, suboptimal return for the investment in the app.
What is Strong Customer Authentication (SCA)?
Strong Customer Authentication (SCA) requires the introduction of multi-factor authentication (MFA) to your apps. You must include at least two of the following:
1. Something the customer knows such as a password or PIN
2. Something the customers has like their smartphone or a hardware token
3, Something the customer is such as a fingerprint or facial recognition scan
For example, in accordance with the Payment Services Directive 2 (PSD2), all transactions require strong authentication unless it is subject to an exemption. As passwords are notoriously challenging – who hasn’t forgotten their password, taken a risk by creating an easy one or recycled that one really strong password they can remember? – services that have a lot of customer data have also been struggling to strike a balance between security and low friction to ensure high engagement from customers.
A one-time shot at success
App-based services such as Uber or Foodora have set the bar high for how fast and how simple apps should be. Consumers no longer accept the fact that security should slow things down.
This lack of customer patience is best illustrated by app abandonment rates. A Compuware study found that just 16% of users would try a new app more than twice if they encountered issues using it. 47% of those same users identified slow launch times as a problem.
This leaves a very small margin opportunity for your app to make a positive impression. In fact, the entire experience needs to be seamless from the moment they tap your icon on their home screen. A successful mobile app strategy is therefore not just about what functionality the app offers, but the entire user journey from the moment they download it and login each time they want to access it.
Convincing a user to return to your website or app is vitally important as it helps to build loyalty between them and your brand. As the barriers to switching various service providers, especially in financial services, are lowered, you must do everything possible to keep them both connected and engaged with your brand.
The experience begins at login
Imagine this: There are two convenience stores down the same street you live in. They are right next to each other, and compete with each other in product selection, prices and services, such as opening hours. One of them is on the ground floor, but the other one is a flight of stairs away. Which one are you most likely going to swing by on your way home when you’ve run out of milk?
Unless you’re that 1 out of 15 who takes the stairs for the health benefits, you’ll likely choose the store where the threshold for entry is literally lower. This analogy applies to mobile apps too, and the mechanism in how they create engagement.
The nut you need to crack is therefore how to lower that threshold, without compromising security. The introduction of biometrics has changed the game for many industries. Technologies such as Apple’s FaceID or fingerprint are widespread and loved by consumers. Customers understand that these biometric protections are inherently more secure than password authentication. But they also greatly appreciate the reduced ‘effort’ required to use them. Less typing equates to a better user experience.
Signicat compared the time it takes to complete an app authentication transaction with a national mobile-based ID solution and a mobile authentication solution that is based on biometrics. The difference was significant: A solution based on biometrics took less than 3 seconds to authenticate the user, whereas authentication using an electronic ID system took up to 10 times that long.
As opposed to a local face recognition, Signicat MobileID performs security verification on the server. This means much higher security, and also that the access can be monitored and potential fraud being detected.
It makes sense then to replace traditional two-stage login methods with a biometric equivalent to speed up the login process – and to begin establishing trust and loyalty with your customers. Each time a customer logs into your app is a chance to build a close relationship with them, lowering the threshold for login makes sense. Marketing executives will also recognize the value of having an owned channel that can be utilised for targeted communication – while keeping data protection regulations in mind – and is much more cost efficient than paid third party channels.
An important compliance consideration
At this point it is worth noting that biometrics is about to become much more important. Under the second Payment Services Directive (PSD2) which comes into force in September 2019, banks and financial services providers are required to further strengthen account security for customers.
For strong customer authentication, MobileID uses a combination of possession of the device and inherence in the form of facial or fingerprint recognition. No passwords are needed.
Introducing Signicat MobileID
By leveraging biometrics you can optimize UX while delivering PSD2 compliant strong customer authentication.
In fact, with the right technology, you can fulfil your SCA obligations, secure your app, and create a slick user experience that keeps customers coming back for more.
This is where Signicat MobileID comes into play.
Signicat MobileID has been designed to make it as simple as possible to add biometric ID verification to any online service.
Signicat MobileID for apps
Signicat MobileID may be deployed within your existing mobile app to streamline and simplify the biometric authentication process. While the on-device biometrics can be used to control access to your app itself, MobileID provides a mechanism to secure authentication with your backend systems using the same hardware technology and encryption principles.
Signicat customers using MobileID have experienced higher engagement frequency and positive effect from targeted communication towards their customers.