8 July 2021
You know the drill: in order to conduct banking transactions securely, you must first identify yourself as a customer - be it in personal contact or via an electronic channel. With eBanking, for example, identification is carried out with the aid of a digital identity. The bank usually issues this identity for a specific contract. In case the customer has several relationships with this bank, i.e. besides the personal relationship also a business relationship or a joint account, several such digital identities will be issued. To complicate matters further, all these identities have their own means of authentication, such as passwords, security apps or card readers.
Moreover, there is growing flood of digital customer identities as financial institutions are offering more and more digital services in addition to traditional eBanking: be it a digital wealth management product, a new mortgage platform, a retirement savings app or a smartphone-based payment method such as TWINT. In these offerings, separate digital identities are issued - and they are independent of eBanking. Although this independence within the bank offers advantages, for example in the speed of development, it also leads to an increasingly confusing identity landscape.
User experience and security limitations
As a result, customers have to identify themselves in completely different ways when using their bank's services, as illustrated in the following example:
|
Service |
Username |
Authentication |
|
eBanking |
Contract number |
Password and one-time code via security app |
|
Mortgage portal |
E-mail-Adresse |
Secondary password and one-time code via SMS |
|
Retirement savings app |
Mobile phone number |
Third password |
|
TWINT |
Mobile phone number |
PIN |
To customers, this is an increasingly unacceptable scenario that compromises both the user experience and security. For instance, today's users face a very high level of effort when setting up a new smartphone, as the activation processes of the individual banking apps are independent of each other and designed differently. The typical user is overwhelmed with the variety of security mechanisms, making them an easy victim of a phishing attack. And let's be honest: who doesn't use one and the same password for several services at the same time?
For banks, this potentially leads to declining customer satisfaction and increasing support costs. This architecture is not sustainable in its current form. However, are there customer-friendly and secure alternatives?
Universal digital identity
So why is the customer not represented by a single identity in the digital world of his bank? After all, they want a simple and secure way to conduct their digital banking transactions. One key factor in this is the digital identity, which can be used universally within the bank. A consolidated identity makes daily electronic banking easier for the customer, while also helping the bank to ensure highest security standards. Among other things, user right authorizations or locking potentially compromised identities can be managed more easily, and customer support also becomes more efficient.
A single digital identity for different purposes has to ensure compliance with the individual needs of each offering and app of the bank. The identity could be referenced with several usernames (or aliases): e.g., a dedicated identifier, the customer's mobile phone number and e-mail address. This concept is not only advantageous for the banking applications: the customer profits with the option to finally use a username they actually can remember: their own mobile phone number instead of a cryptic contract number. All means of authentication needed by the different banking offering are of course also supported.
Another case: do customers really need to completely set up their smartphone and all their banking apps separately, for example after purchasing a new device? A dedicated security app from the bank could be used to link the new device to the customer's digital identity centrally, to significantly simplify the activation of further banking apps. This security app would also provide other functions such as authentication or transaction confirmations.
Security, along with user experience, is the strongest driver of this transformation. Like described above, the customers themselves become a security risk with the increasing number of digital identities and possibly passwords that will be repeatedly used. In addition, the effort for the company to manage the mass of identities, potentially existing various formats in data silos, is increasing.
So which specific aspects should you pay attention to for a successful digital transformation?
Transforming to user-centric identity management
The need for consolidation in the area of customer identity management (also known as CIAM - Customer Identity and Access Management) is now widely recognized. But the road ahead is not easy. Based on our experience, banks need to consider the following elements for a successful transformation:
- Consistently put customers at the center: Customer identity management must be adapted to ensure that the central object corresponds to the digital representation of the customer identity and not to that of a contract. Everything else (usernames, means of authentication, mobile devices, etc.) must be organized around the identity object. That is of central importance.
- Observe the entire customer journey: A prospect is a potential customer, and in today's digital environment, transitions can be rapid - and they need to be smooth. Ideally, the prospect receives the digital identity already at the first suitable point of contact (e.g., during registration on the bank's real estate portal), which will be used subsequently during onboarding and also as a customer, e.g., in mobile banking.
- Removing hurdles: Not even the most secure process is any good if it's too complicated or cumbersome for customers. You need to find the optimal balance between usability and security at the customer interface and in the processes.
- Take customer support into account: Going digital requires end-to-end considerations. All processes related to identity management - onboarding, (re-)activations, login, etc. - must be designed in such a way that they are easy to understand, and therefore the required customer support is kept to a minimum.
Conclusion
An integral part of effective digitization is that banks and all other companies understand the importance of changing customer identities. Simple and secure processes for customers on the one hand, and targeted delivery of sought-after services at the right time on the other. This often involves a fundamental transformation of the bank's customer identity management. Yet in a world that is increasingly moving toward the customer in the wake of customer centricity, this can hardly be avoided. Your customers will definitely be grateful.
If you have more questions about his topic, acrea is also happy to support your organization on its way into the new world of customer identities.
