KuppingerCole’s newest report on “Passwordless Authentication for Consumers” includes FUTURAE! The right time to integrate the future is now. Start here!

We value your privacy

We use cookies to improve your experience on our site through website traffic analysis. To find out more, read our updated privacy policy.


Striking the Perfect Balance: Harmonizing Security and User Experience in Mobile Banking Authentication

The Challenge of Balancing Security and User Experience in Authentication

Finding the delicate equilibrium between robust security measures and user-friendly experiences has been a long-standing dichotomy. Traditional authentication methods, such as passwords, have proven to be insecure due to the risk of reuse and susceptibility to database breaches. For instance, a startling 82% of data breaches are caused by stolen credentials, making it clear that this age-old method is a significant security liability (source: Verizon Data Breach Investigations Report 2022. SMS codes, despite their prevalence, are not immune to phishing attacks, exposing customers to potential risks. In fact, the National Institute of Standards and Technology (NIST) strongly advised against using SMS codes for authentication already in 2007 (source: NIST Special Publication 800-62B) Even modern solutions like push notifications, QR codes, and TOTP suffer from friction during critical moments like enrolment, account recovery, and failed authentication attempts, leading to customer frustration and abandonment rates.

The Implications of Ignoring User Experience

Neglecting user-centricity during enrolment, login, and payments can lead to significant consequences. Abandoned enrolments result in lost opportunities, leading to the need to win customers over again. For instance, imagine a potential new customer who hears great things about your mobile banking app and decides to give it a try. However, during the enrolment process, they encounter cumbersome requirements that deter them from completing the registration. Frustrated, they abandon the process and turn to a competitor’s app, resulting in a missed opportunity to win over a valuable new customer.

Existing customers who recently purchased a new phone typically face obstacles when attempting to access the mobile banking app. Instead of a seamless transition to their new device, they find themselves locked out and unable to access their accounts. This unfortunate experience dampens their enthusiasm for the app, negatively impacting customer advocacy and loyalty. They might use an alternative banking app in the meantime or consider fully switching to a solution that prioritizes a smoother process. 

Cumbersome enrolment and authentication processes don’t only have an impact on revenue but also on the operational costs. This friction during onboarding and login leads to a surge in support calls, draining valuable resources. Approximately 40 to 50% of support calls are related to onboarding and login difficulties, and the average call duration is significantly longer than average due to the complexity of the traditional authentication process. This creates unnecessary operational costs for the bank, diverting resources that could be better utilized in enhancing the overall customer experience.

The amount of support calls have increased over the past few years. Moving away from SMS has significantly increased user security, alleviating the vulnerabilities associated with this authentication method. On the other hand, the implications on the user experience have been neglected when implementing an app-based authentication method. It has thus resulted in a significant increase in support calls related to onboarding and login compared to 5 years ago when SMS was still the most dominant authentication method. This shift highlights the need to prioritize user-centric authentication solutions that not only bolster security but also deliver a seamless and delightful customer experience.

A Step-by-Step Approach to Optimize Security and User Centricity

Understanding the gravity of the implications above, banks must proactively address these challenges and embark on a transformative journey towards harmonizing security and user experience. The following step-by-step approach presents a comprehensive strategy to achieve this delicate balance:

  1. Understanding Your Customers: Recognizing that each user is unique, with varying patterns and needs, from tech-savvy individuals to occasional users and corporate clients. Understanding customer preferences and behaviors can guide the implementation of a more personalized authentication approach.
  2. Identifying Friction Points: Analyzing existing processes to detect key friction points during enrolment, authentication, transaction confirmation, and account recovery, enabling precise targeting for improvement. For instance, analyzing user behavior and feedback can highlight areas where customers face the most challenges.
  3. Involving Key Stakeholders: Collaborating with security experts, product management, and customer support to align on essential requirements, fostering a holistic approach to mobile banking security. Encouraging cross-functional collaboration can lead to more informed decision-making.
  4. Redesigning User Flows: Reimagining user journeys while balancing security and usability considerations, ensuring that security measures enhance rather than inhibit the mobile banking experience. Implementing seamless and secure authentication methods, such as passwordless authentication, can greatly simplify the user experience without compromising security.

By following this carefully curated methodology, banks can elevate customer satisfaction, nurture long-term loyalty, and ensure that every interaction with their mobile banking app is a seamless journey that instills confidence in their valued customers. As the digital landscape continues to evolve, this approach serves as the compass guiding banks towards a secure and user-centric future.

Multifactor Authentication Refined: Elevating Security with User-Centric MFA Solutions

As banks embark on the journey to optimize security and user centricity, the implementation of Multifactor Authentication (MFA) plays a pivotal role in safeguarding customer accounts. However, it’s important to recognize that MFA alone is not a silver bullet. A truly transformative approach entails adopting user-centric MFA solutions that provide flexibility and seamless integration with the designed user flows. By prioritizing user needs and preferences, banks can effectively address friction points while upholding the highest standards of security.

User-Centric MFA Options, Fitting Specific User Profiles:

A user-centric MFA approach offers a diverse array of authentication options tailored to user profiles. From seamless push authentication for tech-savvy users to traditional hardware tokens or one-time passcodes (OTPs) for others, this flexibility instills confidence and ownership in mobile banking interactions.

Implementing Account Recovery to Solve the Struggle of Phone Switching:

Efficient account recovery mechanisms swiftly address the frustration of phone switching, facilitating a seamless recovery process within seconds or in a secure context without having the user notice.

Implementing Fallbacks Such as Offline Fallbacks:

Implementing offline fallback options, such as offline QR codes, ensures uninterrupted access to mobile banking services. This user-centric MFA approach elevates security without compromising user experience, fostering customer trust, loyalty, and satisfaction, positioning banks as industry leaders in the quest for secure and user-centric mobile banking.

Seamless Security: Embracing Passwordless and Context-Driven Approach

In the pursuit of a more secure digital landscape, banks are embracing passwordless authentication solutions to mitigate the vulnerabilities associated with traditional password-based methods. By eliminating the risk of credential theft and streamlining the user experience, passwordless options enhance security without burdening customers. Simultaneously, leveraging context insights, such as geolocation and login patterns, enables the implementation of a multi-layered defense approach. This dynamic strategy effectively reduces risks without subjecting users to excessive authentication steps, preserving a seamless and delightful user experience. The synergy of passwordless authentication and context-driven defenses empowers banks to fortify security without compromising the convenience and trust their customers deserve, ushering in a transformative era of secure and user-centric digital interactions.

Conclusion: Striking the Perfect Balance for a Secure and User-Centric Future

In conclusion, the journey towards harmonizing security and user experience in mobile banking authentication is a tangible reality that holds immense benefits. By adopting user-centric Multifactor Authentication (MFA) solutions, embracing passwordless authentication, and leveraging context-driven defenses, banks can enhance security without compromising on the seamless user experience. This transformative approach not only fortifies customer trust and loyalty but also positions banks as industry leaders in the pursuit of secure and user-centric mobile banking experiences. As the digital landscape continues to evolve, this commitment to customer-centricity paves the way for a future where secure and delightful interactions form the cornerstone of modern banking.