October 10, 2022

In a mobile-first world, banking transformation starts at the core: account security

Paul McGuire
Co-founder, CEO at tru.ID
Try out Tru.ID

Make your first phone check in 1 minute. No app required to test. Get started for free.

Follow us on

A decade ago, banks could still expect customers to appear in-branch, with ID in hand, to conduct important transactions or confirm their account details. The inconvenience was an understood part of the need for identity verification. 

Fast forward to now, everything is online, mobile, and instantly accessible. From groceries to real estate, users expect to have their needs met within seconds on their smartphones. 

Banking, too, is increasingly mobile-first – if not mobile-only.

Challenger banks that are digital-native from the ground up have met with early success: in a survey of personal and business account holders by the UK's Customer and Markets Authority (CMA), the challenger banks came out on top for customer experience compared to traditional players.

Account experience is at the heart of relationship banking in a digital world. But challenger or incumbent, banks are still dealing with people’s money, so they need to ensure accounts remain safe.

Expensive, cumbersome security isn’t what customers want – but financial institutions still need extra factors of assurance to verify access. Default digital methods, such as SMS OTPs, are frustrating to users and notoriously vulnerable – but other alternatives introduce complication to a process that needs to be both streamlined and secure. 

There’s now a verification solution that solves for both requirements.

Mobile banking: a revolution

The smartphone has become the catch-all device for modern life.  

Not long ago, you needed to carry your keys, wallet, mobile phone, MP3 player, and more. Now, you only need your keys and mobile phone – and soon you may not need physical keys at all. 

Banking is the same – according to Insider Intelligence, 89% of people use mobile banking, including a whopping 97% of millennials. 

Account security needs to be mobile-centric and airtight, as well as comply with regulations such as Strong Customer Authentication (SCA).

The most traditional method of step-up security, the SMS OTP, can be spoofed, compromised, rerouted, or sent on to fraudsters, a flaw that has been exploited in high-profile cryptocurrency heists and personal data breaches. 

Most banks now look elsewhere for strong customer authentication that relies on a strong possession-based or biometric factor. But doing so creates new problems, as the experience once again becomes disjointed, introducing complexity and frustration to an experience customers want to be seamless.

The UX dilemma

When you compete closely against other players for customers, the better UX will win out. Smooth, easy customer experiences are assumed, but bad experiences are talked about.

There’s a wide array of MFA alternatives that banks are using to increase account security for online and mobile banking. From handheld card readers with time-based PIN codes, IVR and call-back, device binding with biometrics, and even requiring scans of passports and documents.


These fixes provide the theatre of tighter security, but they’re both expensive to implement and support, and complicate the customer journey with fiddly external requirements or biometric technology barriers. 


Meanwhile, tolerance for these delays and friction has dropped dramatically: 68% of consumers abandoned a financial app in the past year, an increase compared to 2020. It’s hardly surprising, when technology that should be making life simpler is getting more complex. 


Customer authentication should take place all within the mobile banking experience, with no need for extra hardware or context switching. 


A false perception in security is that the more complicated a solution is, the more secure it is. However, a really simple security process is not only more airtight – it also increases user satisfaction.  


Modern user-friendly security: SIM-based authentication 

The SIM card is a secure possession factor with a unique advantage. Every customer already has one at all times, in their mobile phone – and they’re very motivated to keep it safe. 


SIM-based authentication is how mobile networks already verify their 6 billion customers every time they make calls or use data in order to charge them. No extra credentials are needed to ‘log in’ to a mobile network – authentication happens automatically in the background between the SIM card and the operator. 


Now, tru.ID makes the same network authentication available to banks and FinTechs for a stronger method of customer and transaction authentication. 


By checking real-time presence of the expected SIM card directly with the mobile network, tru.ID verifies possession of a mobile number against the network-issued SIM card, thereby providing the device-binding checks needed for SCA-compliant authentication.


SIM-based verification with tru.ID is silent, and therefore provides three advantages compared to existing solutions:


  1. tru.ID is phishing-resistant and tamper-proof. When there’s nothing to intercept or share, like PIN codes or passwords, there’s no easy way for attackers to takeover accounts.

  2. tru.ID keeps verification within the app environment. There’s nothing extra that’s needed – nothing to type, upload, tap or use separately like card readers.

  3. tru.ID does not collect or store any personally identifiable information during verification. tru.ID simply provides a yes/no verification from the network.


Verification security that was only available to mobile networks themselves, or required integration with multiple parties, is now open to all from a single technology platform that is live in over 20 countries, covering 2bn+ mobile accounts.


To find out how tru.ID silent SIM-based authentication can accelerate your digital transformation, deliver innovation in customer experience while complying with regulations, talk to the Sales team.