The number one reason often cited by consumers for not adopting mobile financial products is their concern over fraud, and such fear is not entirely without merit as mobile solutions are inherently vulnerable. IT experts will tell you there’s nothing more secure than a proprietary system. Unfortunately, the idea of an airtight system is totally incompatible with modern consumer expectations.
While data breaches at major retailers have made numerous headlines, there are a number of other vulnerabilities the consumer is exposed to as they go about their smartphone dependent lives. For example, public Wi-Fi networks are subject to breach using far less sophisticated tools than are required to get behind a corporate firewall and past the typical counter-measures deployed to prevent unauthorized entry.
The rapid adoption of mobile devices and the ubiquitous connectivity that makes them useful have had a significant impact on financial institutions as more of their customers move to mobile devices expecting applications that save them time when doing their banking. A case point: one bank reports taking nine months to complete a compliance process on its (private) ATM network. By contrast, a similar compliance exercise on its mobile banking product required 24 months, thanks to the variety of endpoints and the network’s open nature. This additional effort simply comes with the territory.
You Are the Weakest Link – Goodbye
Banks are hamstrung in their ability to control the weakest link in the security chain – the end users themselves. Studies show the average consumer has stored personal information at more than two dozen websites, and we all know that in many cases, passwords are likely being repeated across sites or worse yet – the most common password remains “Password123.” Meanwhile, reverse engineering methods have become increasingly sophisticated, meaning that a single nugget of information can be used to determine all that is needed to gain full access accounts, social security numbers and more..
While consumers profess concern over security, their track record indicates that many are willing to trade security for convenience. Time remains our most precious commodity, making that tradeoff all the more compelling. And things are probably going to get even more complex. The promised emergence of biometric security will help – it’s certainly not as soft a target as passwords – but it still can’t outsmart attacks that involve using viruses infected digital devices.
Consider also consumers’ growing reliance on the “Internet of Things,” which at this point is far less likely to be protected by more than a password. These devices were the soft underbelly exploited for the distributed denial of service attacks that knocked major sites like Twitter offline last fall. Although not related to a breach, their general lack of protection has also led to at least one documented case of someone (a FinTech employee) accidentally buying a FitBit through Amazon’s Alexa.
Consumers: Can’t Live Without Them, Better Learn To Live With Them
While IT experts can vent their frustrations over end user behavior, their complaints are largely moot. In today’s tech environment, the consumer dictates the rules of engagement. Insistence on stringent constraints that run counter to those rules is a recipe for lost market share and product irrelevance. By all means, IT professionals should continue to promote data hygiene and work tirelessly behind the scenes to provide the most secure environment possible. However, theses tasks should be approached with a healthy dose of realism; i.e., “meeting the consumer halfway” should be considered a big win.
We will continue to see a procession of new front ends connecting to legacy back-end systems – and no choice but to test all of the resulting permutations. The Agile technique of rapidly bringing MVPs (minimum viable products) to market further raises the need for effective testing protocols. Those of us can cry in the wilderness about how imperfect it all is, but the customer has spoken. Deal with it or risk getting left behind in the modern payments marketplace.