How banks can improve CX ratings by modernising account security with silent authentication

‍Banking customers have one thing in common: they all believe, with good reason, that the money they have in their account is theirs.

‍

Banks, however, run into brand perception problems when they make it difficult to access and transact on customer accounts, be it because of elaborate password settings, card readers or extra verification steps. Our CEO Paul calls such experiences barbed wire fences.

‍

What customers don't mentally connect, of course, is that tight security is implemented to protect their accounts, which is a logical foundation of not only being a bank but of compliance with regulations such as Strong Customer Authentication / PSD2.

‍

In a fresh rankings survey of personal and business account holders by the UK's Customer and Markets Authority (CMA), the smaller challenger banks came out on top for customer experience compared to bigger traditional players.

‍

There is certainly more to customer experience than account access, but the digital experience a bank provides its customers is a crucial touchpoint for ongoing relationship-building, measured not only by public rankings such as the CMA league table, but by internal NPS figures, and ultimately churn.

‍

Time to modernise account access and improve customer experience metrics.

The MFA problem: What happens after KYC?

Identity verification at account opening is an elaborate process of verifying a real-world identity, usually involving addresses, documents, and increasingly selfies, voice and other forms of biometrics. This expensive and laborious process cannot be repeated every time a customer wants to login, or wants to send money to a friend, a partner or pay a supplier, so a digital identity needs to be established for that customer. ‍

The customers' digital identity then needs to be secured.

This is where the problems start. Because email and password alone is highly vulnerable, and with common password habits you may as well keep the door open, so multi-factor authentication (MFA) practices require a second form of authentication, usually a possession factor.‍

Here are some forms of MFA that banks use to increase account access security:
‍

Additional card readers with time-based PIN codes
‍
IVR and call-back with time-based PIN codes (usually mobile to desktop and vice-versa)
‍
Government-issued ID or document
‍
Device binding with mobile-native biometrics
‍
Some use cases, such as mortgage applications, even require face-to-face appointments at branch

‍

These solutions may provide the perception of tighter security, but these processes are hugely expensive, and not what customers expect or want. ‍

‍

CISOs would put forward a strong case that bad actors are everywhere. Reports of cybercrime such as account takeover, phishing, and fraud have grown by 300% since the pandemic began. Banks are prime targets, with 80% of financial institutions experiencing a breach.‍

What was previously a largely desktop problem is now multi-channel, with mobile the primary vector: more than 50% of high-risk transactions originate from mobile devices. ‍

The challenge for IAM managers and CX leaders is how to adapt to these new challenges without destroying the customer experience, or getting bashed in customer satisfaction ratings.

Introducing silent SIM-based authentication

There's a perception in security that the more complicated a solution is, the more security it is. However, the simpler solutions are better as they increase the chances of user adoption.

Next time you get a new phone, and insert the SIM card, notice its size, shape and reflect on its purpose: to connect you to the network seamlessly and invisibly, using your mobile phone number, and nothing else.

The SIM card is tamper-resistant, cryptographically secure, and shares the same microchip technology that is built into every bank card.

The greatest benefit of the SIM card is that it’s already used by 6.37 billion people daily – meaning customers don’t need to lift a finger to take advantage of the powerful possession-factor MFA that it represents.

‍

How SIM-based authentication works: Your users don't have to do a thing

When we use data on our mobile phones, we don’t need to type our email and a password to log in. ‍We are automatically logged onto the mobile network because the mobile operator performs a silent cryptographic check of the unique SIM card. From that point forward, all communication between the device and the network is fully encrypted. ‍

This strong, cryptographic security is built into every mobile network and SIM card, and it happens silently in the background every time we use our mobile device.
‍

tru.ID’s SIM-based mobile verification is the new solution that harnesses network authentication, and you can embed this powerful MFA method into your app right now.

Using the cryptographic security of the SIM card together with your existing mobile app, you can deliver strong, multi-channel authentication that is easy for your customers to use and simple for you to deploy.

‍

Superior customer experience and SCA compliance

Now you can see how SIM-based network authentication by tru.ID can establish a verified digital identity that's authenticated each time by the network-issued SIM card.
‍

Use verified mobile numbers as part of onboarding and use tru.ID to implement SIM-based device binding
‍
App authentication can be used to authenticate your customers across other channels too, such as desktop/laptop
‍
Use SIM change monitoring for verifying payment and transfer requests
‍
Replace card readers from your customer experience
‍

Above all, use tru.ID to deliver a modern, mobile-first customer experience, and watch your rankings go up.

‍

Ready to upgrade to next-gen customer authentication?

Adding tru.ID to your security stack is easy.

To find out how to implement tru.ID silent auth and deliver high-security, low-friction authentication experiences for your customers, simply talk to us and we'll show you a demo.