When Prime Minister Malcolm Turnbull said at a recent Westpac anniversary lunch that, “banks need to very publicly demonstrate that their values of trust, integrity, placing the customer first in every way – these must be lived and not just spoken”, he wasn’t talking specifically about IT.
But he may as well have been. Financial organisations have not always placed customers first in the design of their information systems. Instead of being a central element, customer identity data and functionality is typically distributed widely across many information repositories.
Organisations have struggled to truly know digital customers, frustrating marketing and customer service. And customers have had to deal with an unnecessarily difficult and inconsistent experience across different products or channels.
But things are changing, with the impetus coming not so much from the political sphere, but the rise of disruptive market entrants and fintech. Because – as we see played out in so many other industries – organisations that put customers at the centre of digital interactions are winning their business.
KPMG First Point Global tested this proposition at the recent Future of Security in Financial Services conference. The question asked was, “how can financial organisations compete in the fast-moving digital services market without compromising security”?
Innovation and Disruption
Technology innovation and disruption are reshaping the financial industry, including initiatives by the federal Digital Transformation Office (DTO) to establish a national digital identity scheme, the move to fast payments, and the rapid take-up of biometric authentication services like Apple’s Touch ID.
Governments around the world are taking an active role in establishing digital trust anchors, such as GOV.UK Verify and Connect.Gov in the U.S. These are designed to both increase security by uniquely identifying individuals and to improve competitiveness by lowering the system-wide burden of registration.
Many conference participants expressed uncertainty about the emerging identity landscape. One bank was looking into biometric identification but wasn’t sure if Australia was also considering it for a national identity program. Other delegates thought there would be “too many” identity providers or “the risk of a fractured identity landscape” that could increase complexity and lessen their value.
Regardless of what shape the national identity landscape takes, one thing is certain: financial organisations will need to adapt to it. In our view, the ability to leverage third-party digital identities is a cornerstone of what we call an Identity Services Framework. Incorporating this framework into their systems and security architectures is needed to give organisations the agility to innovate more easily.
Trending Authentication Types
The rapid take-up of biometric authentication services like Apple’s Touch ID, and the pressure to keep up with consumer expectations, was of immediate concern to most participants.
Many were concerned by the potential for biometric security measures to be compromised. “Unlike traditional methods like passwords, if someone’s fingerprint or iris scan is hacked, you can’t just change it,” was a typical comment.
Such comments represent somewhat of an oversimplification. For example, something similar happened with Google’s Face Unlock for Android phones, which was found to be easily tricked using static images and photo editing. But it wasn’t the biometric information that was compromised – after all, images of people’s faces are widely available – but that the authentication method itself was defective.
But there is a deeper issue underlying these concerns: What is the point of spending all that time and money implementing a new biometric authentication method if it’s only going to have a limited shelf life?
In our view, it is the difficulty of adoption which is the real problem. No one biometric authentication method should be considered a silver bullet to permanently replace all others. And it shouldn’t take years to switch on a new or improved method. If consumers demand trending authentication types such as Touch ID or MasterCard’s new selfie authentication then organisations must be agile in bringing it into their core systems.
Enabling new biometric authentication services to delight customers and keep ahead of fast-moving cyber security threats is another important element of an Identity Services Framework. So is the ability to quickly and easily replace defective authentication methods or augment them, based on risk-based analysis, with additional security factors such as fingerprinting of secured mobile devices or home Wi-Fi networks.
Identity Underpins Transformation
During the discussions, most participants expressed concerns about their firm’s ability to adapt to the fast-moving and unpredictable digital services landscape, while also seeing it as an opportunity. Almost all were undergoing transformations to compete more effectively in the digital economy.
Issues of privacy, consent and customer confidence figured prominently, as did the need to engage with customers, improve the customer experience, and provide return value for their consent (to share data for example).
Digital identity is a key transformational capability that goes beyond cyber security functions such as identification and authentication. It also underpins privacy protection, provides the basis for maintaining and deepening customer relationships and improving customer experience, and enables collaboration with other businesses in an ecosystem.
An Identity Services Framework enables many of these broader functions through the tethering of identity services to channel, device, risk, user experience, consent, preferences and privacy. And the list of functions will continue to expand to ensure that customers’ expectations are met with the agility required.
At the end of the day, while financial organisations spend millions on cyber security, it has been seen as a cost of doing business. Digital identity technologies are part of that investment, but also play a vital role in attracting and retaining customers and building new business.
We think it is time to re-evaluate those cyber security investments and consider the additional value an Identity Services Framework would bring in giving financial firms the agility to compete in the digital world by placing their customers first.