As consumers increasingly transact online, banks need to follow a diligent approach to enforcing security measures, especially in the face of emerging threats. Given the increasing risk of internet banking frauds, the question remains, “is it still safe to use internet banking?”
To answer the above question and provide more insight into what can be done to secure the online banking experience, Gemalto commissioned a global study to speak to IT and business decision-makers from the banking sector and consumers across 14 markets, including the UAE. The study reaffirmed that security remains a consistent concern for both consumers and decision-makers worldwide. Alarmingly, almost half (49 per cent) of UAE consumers cited that they would change banking providers if their current bank had been breached, while over half (52 per cent) would switch if they knew another bank was offering better security measures.
Our latest Breach Level Index highlights that 45.2 million data records were compromised in the Middle East in the first half of 2016. Due to such reports and the growing number of publicised cyber-attacks around the world, the average consumer is now even more aware of cybercrime than ever before.
Despite this awareness, a divide still exists between the security services offered by professional organisations and the services consumers are looking to use. Among IT professionals in the UAE, 60 per cent stated that data breaches in transactional processes are the main concern around security that comes from offering digital banking solutions. Despite this, only 40 per cent of them offer their clients biometrics (facial, voice or iris recognition) as a way to secure their payments. Some 68 per cent of UAE professionals are still offering one-time passwords as a security solution, an outdated option which can easily be compromised by hackers.
Surprisingly, the differences in professional and consumer perceptions lies in the reported majority (98 per cent) of respondents believing that their customers are confident in their organisation’s mobile and online banking security mechanisms. On the other hand, 47 per cent of UAE consumers still feel there are gaps in banks’ online and mobile security.
Addressing consumers’ security concerns by partnering with the right security solutions providers is important because expectations are high — and showing no signs of waning. Almost 65 per cent of UAE customers believe that the responsibility for protecting and securing customer data lies with the service provider, showing that the responsibility clearly lies on banks to offer their customers with the creme de la creme of security solutions.
Therefore, banks will need to make greater investments in security than ever before, as customers increasingly rely on online banking than physical branches. As such, they expect new authentication methods, which UAE banks have taken notice of. Common security solutions that they plan to offer in the next 12 months are one-time passwords (75 per cent) and two-factor authentication (55 per cent), but one of the most anticipated methods of authentication today is biometric authentication.
Only 24 per cent of surveyed UAE consumers currently use biometric technology for online banking but over half (59 per cent) of then are willing to use it. Close to 75 per cent believe that it is more secure than usernames and passwords, while almost half (49 per cent) believe that they are more convenient than traditional methods. Experts define two types of biometric authentication: static and dynamic. Static authentication is based on the use of human features such as fingerprints, iris and retina scans, face and hand geometry, and face thermograph. Dynamic authentication, on the other hand, uses distinctive action like handwriting and voice control — both options are reliable and add an extra layer of security for consumers when transacting online.
Fingerprint recognition (85 per cent) is the most common biometric that UAE consumers are keen to use. Other biometrics, which are new-age and somewhat less popular, are voice and iris recognition, both of which 38 per cent of UAE consumers are willing to use. Consumers are clearly open to new methods of security, which banks should explore to various degrees.
Today banks use biometric authentication methods relatively rarely — face recognition is offered by 16 per cent of UAE service providers. But, in the near future, many banks plan to offer more biometric solutions to their customers. Within the next 12 months, 50 per cent of UAE banks plan to offer fingerprint scanning, 24 per cent face recognition and 22 per cent voice recognition — to address the changing security demands of consumers.
A few other biometrics that banks mentioned they are looking to possibly implement to heighten security are blink detection, pulse detection, hand vein scanning, blood sample and DNA recognition to mention a few. It is obvious a lot of effort is put into evaluating different means of authenticating customers based on who they are, rather than what they know (static password) or what they have (token).
The industry has reached a point where online services are becoming a market standard and the Gemalto study shows that heightened security measures are demanded both by consumers and service providers. It is time for the latter to decide whether they want to be on the edge of a new era of banking or continue as is and become obsolete. The introduction of online and mobile banking has given consumers a convenient way to interact with their bank as and when they please. However, with so many of them still feeling that there are gaps in digital banking security, it’s clear that banks need to optimise security without compromising on convenience before digital services can achieve their full potential. Without this, banks risk losing consumer trust — an indispensable commodity in today’s market.
— Marwan Elnakat is eBanking Director for the CISMEA region at Gemalto