With digital banking and e-payments set to become part of our daily lives in the digital economy, banks and financial service institutions (BFSIs) in APAC need to offer frictionless experience.

Shahnawaz Backer, Principal Security Advisor, APCJ, F5

The F5 Curve of Convenience 2020 report revealed that consumers are losing trust in banking applications across major markets in Asia Pacific, spurred by waning sentiments from Singapore, Hong Kong, and Australia.

What has brought about this wane, and what other shifts in consumer sentiments can we expect? How would the seemingly conflicting demands of convenience and security play out in the banking and financial service institution (BFSI) sector?

CybersecAsia discussed some of the key findings from the Curve of Convenience 2020 report with Shahnawaz Backer, Principal Security Advisor, APCJ, F5:

How have consumer expectations towards security and convenience changed over the years, and what are the most likely causes of these shifts?

Shahnawaz Backer (SB): Armed with the latest technology that is breaking new grounds in delivering products and services, today’s consumer is spoilt for choice. As such, it does not come as a surprise that most consumers are frequently choosing frictionless experiences, with an average of 69% of APAC consumers choosing to give up their privacy to gain better experiences – and markets such as China, India and Indonesia are leading this charge.

However, while the preference is surely diverting towards convenience, it does not necessarily mean that security has been relegated completely. In fact, consumers across the region are more inclined to assign the responsibility of their data privacy and security to enterprises (43%), followed by governments (32%), before themselves (25%).

Human behavior has been conditioned to gravitate towards the path of least resistance, which is quite evident from this trend. With more enterprises coming up with innovative products and services at speed, consumers have a plethora of options to pick from and these options seem to be growing at a rapid speed as well.

Think about all the super apps we have today, such as Kakao or Grab, that gives consumers a one-stop shop for many services – from groceries to even insurance. As technology and its adoption continues to advance, consumers will grow more accustomed to products and services that help them receive the benefits of a product or service with minimal cost, in this case, friction in their experience.

How have these shifts redefined brand trust toward banks and financial service institutions in the region?

SB: According to F5 Curve of Convenience 2020 report, trust for apps across the board have witnessed a decline in the last 2 years – with social media companies witnessing the steepest drop in trust by 19 percentage points, followed by BFSIs with a 16 percentage point drop.

However, this drop can be attributed to the fact that consumers are becoming increasingly aware of the cyber risks and threat landscape. Combination of breach disclosures and heavy reliance on digital transactions has impacted the perceptions of online services in general, not sparing the BFSI online products and services as well.   

Have these changes become more or less pronounced during the COVID-19 pandemic and the ‘new normal’ today?

SB: As mentioned, lockdowns have certainly caused many consumers to function from the safety of their homes and applications have become more critical now than ever before in ensuring that we remain connected and can work and play with little disruptions.

However, on the cyber risk front, malicious actors have also been working hard to gain more ground and leverage consumer vulnerabilities that are heightened by the volatility of our environment today.  

In our analysis, we saw a spike in attacks using distributed denial-of-service (DDoS) (45%) and password logins (43%). Password login attacks, specifically, consisted of brute force and credential stuffing attacks, where threat actors attempted to guess their way past a password login. With such cyber attacks greeting our news headlines with more regularity, consumers will unwittingly become more critical of their service providers, expecting them to ramp up the security postures to ensure they do not fall victim to such threats.

What does the dip in trust toward banking apps portend for the various governments’ digital banking and e-payments push in the region?

The straight answer is that it will not impact this push adversely. The adoption of such banking apps and services are largely funneled by the convenience of using the apps. It is so much easier to complete bank transactions with a few simple clicks on your phone today, instead of having to queue for hours at a branch, all thanks to apps and consumers are here for it.

However, BFSIs will need to step up their cybersecurity game to mitigate risks by integrating security into the core of their products or services from day 0. And we are seeing this already, with banks using tools, such as biometric sign-in options and authentication, immediate alerts to customers as transactions happen or even simple things like setting a daily limit on the amount of cash we can transfer from our accounts.

These steps provide customers with added security that is visible – inspiring greater confidence in the BFSIs security postures.

As for governments, many are already implementing compliance and regulations to facilitate the digital bank movements while ensuring that security is not being left as an afterthought. For instance, the Monetary Authority of Singapore (MAS) has many guides for BFSIs on cyber hygiene as well as technology risk managements as well as a Cyber Security Advisory Panel that provides strategies for MAS and financial institutions in Singapore to sustain cyber resilience and trust in our financial system.

What are some key steps BFSIs can take to reduce friction in consumers’ digital banking experience while ensuring strong security postures for their apps?

SB: First and foremost, one key thing that BFSIs can implement is user-friendly security mechanisms like biometric authentication, that some banks have already deployed on their customer-facing apps. These checks not only allow for better, seamless app experience, it also promotes confidence amongst consumers on the bank’s security postures.

BFSIs should also be looking into implementing AI/ML powered analytics engines. These engines are a very viable way to unearth anomalies in transactions and user behaviors. These systems can in turn help cut down on reliance on tools like CAPTCHA and increase the efficacy in fighting fraud.  

Last but not the least, BFSIs should be utilizing financial-grade APIs, which is an industry-led specification of data schemas, security, and privacy protocols. These APIs enable apps to utilize the data stored in accounts, interact with said accounts and empower users to control the security and privacy settings according to their needs. They help to integrate the banking process with customers favorite app while maintaining an optimal security posture.