Channel Strategy for Corporate Banking: Is Your Bank Paying Enough Attention?

According to the GTNews 2016 Transaction Banking Survey Report, 91% of North American corporates are evaluating their cash management partners. Of those, 27% indicated that improving availability of online and mobile banking tools were a major reason for reviewing their bank relationships, and 55% cited the need for an improved customer experience. Clearly, these responses are evidence that large numbers of corporate clients are less than satisfied with the channel tools and the overall digital client experience being offered.  Most of the banks we interviewed for recent research on this topic are hearing loud and clear that clients are looking for more streamlined, convenient, and faster access to banking services and information.  Our recent report, Strategies for Enhancing Corporate Client Experience: The Future of Attended Channels looks at strategies that leading North American and global banks are adopting to achieve the following goals:
  • Build out integrated portals to make invisible the organizational and product silos inherent in corporate banking.
  • Simplify the user experience.
  • Establish an omnichannel approach to providing consistent data and access to transactions across channels.
  • Enhance authentication options, including biometrics.
  • Expand self-service, including the ability to securely exchange documents and open accounts and new services.
While we found broad agreement on importance of the themes described above, we identified other aspects of digital channel strategy that varied widely from bank to bank.  The graphic below summarizes those opportunities for differentiation. Celent recommends that banks take the following steps to optimizing their future investments in attended channels:
  1. Define the Digital Strategy for Corporate Banking, Not Just the Digital Channel Strategy.  In the current environment, attempting to implement a successful strategy for digital channels in the absence of an overall digital transformation strategy for corporate banking is short-sighted.
  2. Understand How Attended Digital Channels Fit into Clients’ Daily Workflow.  Product management and strategy executives at many institutions are driving prioritization in channels based on a set of assumptions about client preferences that may not be valid. Mapping those client digital journeys from onboarding to servicing to managing exception situations for each client persona is critical.
  3. Reexamine the Role of Partners.  In reality, the delivery of services through attended channels has always involved multiple partners, whether the bank has developed an “in-house” solution or offers one or more off–the-shelf vendor solutions. As demands for “non-core” banking functionality grows and technology evolves to enable easier integration with multiple partners, the importance of the bank maintaining control of the user experience layer that is seen and touched by the client becomes even more critical.
The decisions being made today about attended digital channels — whether as a part of a larger digital transformation initiative, enhancing the channel user experience, or establishing a corporate banking portal — will have a significant impact on the ability of corporate banks to attract and retain clients.

Setting Out a Vision for Customer Authentication

We all know that "passwords suck", as my colleague Bob Meara stated clearly and succinctly in his recent blog. But what's the alternative – is the answer biometrics or something else?

We do believe that biometrics is part of the answer. However, our vision for authentication – security measures banks take when providing customers access to their services – is broader than that. Mobile devices will play a key role, but for them to be effective tools for authentication, a strong binding between customer identity and the device is essential – unless this step is done correctly, all subsequent authentication efforts are pointless.

We also contend that authentication must be risk- and context-aware. It should take into account what the customer is trying to do, what device they are using, how they are behaving, etc. and assess the risk of fraudulent behaviour. Depending on that assessment, the customer could either gain access or be asked to further authenticate themselves. And while biometrics can and will play an important role, the banks' authentication platforms need to be flexible to support different authentication factors.

We outline this vision in more detail in the report published yesterday by Celent, Security, Convenience or Both? Setting Out a Vision for Authentication. In addition, the report discusses:

  • The upcoming PSD2 requirements for strong authentication.
  • The rise of biometrics, including different modalities and device-based vs. server-based implementations.
  • An overview of various standard-setting bodies, such as FIDO alliance and W3C Web Authentication Working Group.

Also, yesterday we launched a new Celent Digital Research Panel survey, this time focused on Authentication and Identity management. The objectives of this survey are to assess amongst the US financial institutions:

  1. Investment drivers for customer authentication and identity management.
  2. Current state and immediate plans around authentication and identity management.
  3. Perspectives on the future for authentication and identity management.

If you already received an email invite, we do hope that you will respond before our deadline of August 8th. If you represent an FI in the US, and would like to take part, but haven't received the invite, please contact us at info@celent.com. We will publish the results in a Celent report, and all respondents will receive a copy of the report, irrespective of whether they are Celent clients or not. We look forward to hearing from you!

Passwords Suck – Bring on Biometrics!

Now that I have your attention. Let me be clear: I hate passwords, particularly when they are increasingly required to be longer, more complex and frequently changed. Apparently, I am not alone in this sentiment.

At a conference in 2015, a small start-up, @Pay, a low-friction mobile giving platform, offered attendees a free t-shirt in return for seeing a brief demo. I must confess that I was more interested in the t-shirt than @Pay’s product demo. The line went out the door! Here is the t-shirt.

@Pay's Sought After T-shirtWorking from a home-office means t-shirts are staple part of my daily wardrobe. I have tons of them. None of them, however, engender such predictable responses from complete strangers than the one above. Responses range from a simple thumbs up or high-five, to an occasional, “You got that right!” Passwords do suck.  I have so many to manage, I use Trend Micro’s Password Manager to ease the pain.

That’s why I am excited to see more institutions migrate to biometric forms of authentication. Dan Latimore blogged about the rapid increase in the number of US financial institutions employing biometrics within their mobile apps here.

Banks shouldn’t stop there, however. In a June 21 New York Times article, Tom Shaw, vice president for enterprise financial crimes management at USAA was quoted as saying, “We believe the password is dying. We realized we have to get away from personal identification information because of the growing number of data breaches.”

I agree with Tom’s sentiment, but if passwords are dying, it appears to be a very slow and painful death. Here’s one example of why I say this. The chart below shows surveyed likelihood of technology usage in future branch designs as measured by Celent’s Branch Transformation Research Panel in late 2015. More than two-thirds of surveyed institutions thought the use of biometrics in future branch designs was “unlikely”.

Branch Tech Usage Liklihood

Authentication and identity management may always involve a trade-off between security and convenience, but the industry’s overreliance on personal identification information is failing on both counts.

  • At ATMs – it contributes to skimming fraud
  • In digital customer acquisition – it contributes to unacceptably high abandonment rates
  • In the mobile channel – it contributes to its slowing rate of utilization growth
  • In the branch – banks deny themselves the ability to delight customers with improved engagement options made available by skillful digital/physical integration

We’ll be looking into the topic of authentication and identity management in our next Digital Banking Research Panel survey in the coming weeks. If you’re a banker and would like to participate in this or future Digital Panels, please click here to fill out a short application

Top trends in corporate banking webinar

Please join me on Thursday, April 21st at noon EST for an overview of the 2016 edition of our Top Trends in Corporate Banking report, which was published in March.

2016-04-18_15-40-50

Corporate banks continue to place an enormous focus on investing in digital channels to meet the ever-increasing demands of clients for enhanced tools while boosting security and fraud prevention. Despite this investment, corporate banking has lagged in terms of adoption of innovative technologies. To improve that performance, corporate banking lines of business are undertaking a broad set of initiatives to overcome the inertia that has left clients behind in terms of innovation. Among the top trends, we will examine the opportunities in trade finance and customer onboarding for improving efficiency and enhancing client satisfaction.  Other top trends include fintech partnerships, distributed ledger technology and open APIs and adapting liquidity management strategies.  I look forward to having you join us on Thursday! 

Click here to register

 

 

 

Looking back on Money 20/20

Last week my colleague Dan Latimore and I were at Money 20/20, which in four short years has become a “must attend” event in payments and Fintech. I’ve been there at the very beginning and it has been exciting to watch it grow from about 1,000 of us in the first year to over 10,000 this year. Congratulations to the Money 20/20 team for this incredible achievement! And thank you to all of those who took time out of their busy schedules to meet with us. As I was reflecting back on the last week, I realised that it’s no longer possible to take in all of Money 20/20. In the first year, even with parallel session tracks, you could absorb a lot of what was happening “by osmosis”, just walking the floors of Aria. As the event grew and moved to a much more spacious Venetian, somewhat paradoxically, the experiences got more individual, depending on which sessions and keynotes you attended, which booths you visited and which people you met. Here are some of my key takeaways:
  1. Perhaps the biggest and most talked-about announcement of the show was Chase Pay and its partnership with MCX. Chase is developing a wallet that will be available to all of its 94 million cardholders to use in-store, in-app and online. The wallet is not planning to use NFC at the POS, with QR codes set to be a most likely method, and as a result will be available on any smartphone device, irrespective of its operating system. On the merchant side, Chase is offering a fixed fee processing which will make merchant costs more reliable and predictable with an opportunity to “earn it down” based on volume. Partnership with MCX gives Chase Pay access to the largest merchants in the country. In addition to a stand-alone app, Chase Pay will also be available as a payment option inside CurrentC, the wallet that MCX has been piloting in Columbus OH, the results of which were presented and greeted with a tentative applause during another keynote at Money 20/20.
  2. Mobile payments market in the US is only getting more complex, with Apple Pay, Android Pay and Samsung Pay already there, more “Pays” on the way (e.g. LG Pay), and now Chase Pay and revived expectations of CurrentC. Make no mistake – while most “pays” look similar, they offer a different customer experience (e.g. how to trigger payment, where it is accepted, etc.) and require issuers to adapt their processes to each of them. At the show, I picked up strong signals from issuers that they want to have more control over digital payments and are looking at various options, including HCE wallets, to achieve that.
  3. The Tokenisation panel was one of the best sessions I attended with panelists from the networks, issuers, merchants and processors sharing their views how tokenisation is going to evolve. It includes tokenisation for cards-on-file and e-commerce transactions (both Visa and MasterCard announced tokenisation of their Checkout and MasterPass wallets respectively), new approach to 3D Secure, introduction of Payment Account Reference (PAR) – a non transactable ID that ties together all the tokens, and tokenisation for DDAs which The Clearing House is working on. According the panelists, tokenisation is the much-needed “abstraction layer” that will be a “foundation for the next 20 years of innovation.”
  4. Biometrics are entering mainstream, with FIDO alliance laying the groundwork for how to deploy biometrics for authentication. Sorting through a myriad of biometrics providers and approaches (e.g. fingerprints, hands, voice, eyes, etc.) is a headache and eventually, it will be consumers that will decide which approach works best for them. FIDO alliance delivers a standard irrespective of what the consumers choose. Looking into the future, the panelists envisaged a behavioural approach where the providers use a number of data points to constantly verify that the user behaviour is consistent with a typical pattern and authenticates automatically in the background, a process called “ambient authentication.”
  5. Conversations about cryptocurrencies have matured enormously over the last 12-18 months. The focus is now very clearly on blockchain technology and how the financial services industry can best deploy it. A number of exciting partnerships are emerging in this space, from TD Bank and RBC working with Ripple on domestic and cross-border P2P payments as well as more efficient transfers between subsidiaries, to Nasdaq’s partnership with Chain, to the R3 consortium. Perhaps the most exciting demo I’ve seen was Visa’s connected car experience, where the driver could review the new leasing document on the screen, sign it, register it on a blockchain and drive off. Time will tell if this is how we will be getting to drive cars in the future, but it only shows the opportunities out there.
Finally, I’ve been asking others at the show what they thought were the key themes. Interestingly, two themes came up very consistently – innovation and focus on customer experience. The latter manifests itself in so many different ways, from making it easy and intuitive for consumers to pay to solving very specific merchant problems, whether it’s around acceptance and security (Verifone, Ingenico, Poynt), conversion rates (BlueSnap, Affirm), lending (PayPal, LendUp) or seamless integration of payments into the overall proposition (Stripe, First Data). The third theme seemed to be a little more contentious. Some said it was all about disruption, while others talked about collaboration. I actually agree with both – to me they are two sides of the same coin. The disruption in FS is real, but many find that the way to deal with it is through collaboration. Few, if any, have talked about demolishing the world as we know it today; instead, all are focused on how to make it better. I know I only scratched the surface here. For example, there were also some very interesting announcements about domestic P2P/push payments such as Early Warning buying clearXchange, Dwolla partnering with CME Group, and The Clearing House working with Vocalink. And companies like Earthport, PayCommerce and Ripple are making an impact on cross-border payments. But as I said, it’s impossible to take it all in, and no write-up can do full justice to Money 20/20 – you just have to be there… See you next year in Vegas or perhaps even in Copenhagen at Money 20/20 Europe!

Biometrics: the next generation of corporate digital banking authentication

Corporate treasury departments initiate and approve millions of dollars in high-value payments on a daily basis. As an example, in May 2015 the average amount of a US Fedwire transfer was $5.7 million. Because of the dollar value of these transactions, banks were early adopters of enhanced authentication for corporate online banking applications. Many banks continue to offer one-time-password authentication (on top of traditional username and password) using RSA SecurID or Vasco DIGIPASS hardware tokens at both login and payment initiation. When Celent published its report “Corporate Mobile Banking Update: Adoption Conundrums and Security Realities” in September 2014, it highlighted alternatives to traditional two-factor authentication for corporate online and mobile banking applications. Alternative methods include voice, pattern and biometric authentication methods. As discussed in the Celent Banking Blog “Logging Into Your Bank in a Heartbeat”, several banks have rolled out Apple’s Touch ID fingerprint authentication technology for consumer online banking login authentication. However, as quickly demonstrated by clever hackers, Touch ID is vulnerable to various hacking methods. For this reason, banks are turning to more sophisticated biometric authentication methods for its corporate online and mobile banking applications. The focus remains on layered, multi-factor authentication, but combines authentication technologies in unusual and unique ways. Barclays Bank’s offering combines biometric and digital signature technology in an offering called “Barclays Biometric Reader.” To overcome limitations with traditional fingerprint scanners, Barclays is implementing Hitachi Europe’s Finger Vein Authentication Technology (VeinID) which reads and verifies the user’s unique finger vein patterns. The latest authentication announcement comes from Wells Fargo who is combining facial recognition with voice biometrics. Wells Fargo is working with SpeechPro to pilot the new bi-modal security solution (VoiceKey.OnePass) and fine-tune the biometric authentication features. The solution uses a standard smartphone microphone and camera to capture a facial image and voiceprint. Wells Fargo is also working on authentication using eye vein scanning (as opposed to typical retina scans). Biometrics New authentication technologies, from a slew of relative newcomers to the financial services space, could eventually replace traditional hardware tokens and eliminate multiple authentication hoops throughout the digital corporate banking experience. Watch this space.

Logging Into Your Bank in a Heartbeat

Apple may not always come up with the idea in the first place, but by throwing their weight behind they can take the idea mainstream. Biometric authentication has existed for years, but it was Apple that really brought it to everyone’s attention when it first launched TouchID, and subsequently demonstrated with Apple Pay how biometrics can be used to authenticate a payments transaction. Now financial institutions are looking for ways to use biometrics to authenticate customers for other things, such as logging into online and mobile banking. Everyone agrees that the situation where we all have to remember a plethora of passwords and PINs has become unmanageable and is now a serious security concern. In the UK, RBS and Natwest have announced in February that their customers can now log into their mobile banking app with Apple’s TouchID available on the iPhone 5s, 6 and 6 Plus. The critics of biometric authentication point to a number of shortcomings – for example, TouchID was hacked soon after launch by using a fake finger from a photograph of a fingerprint left on a glass surface. If your password gets stolen, you can change it; it is a lot worse if the record of your fingerprint is compromised. And the extreme scenarios bring up the Hollywood-style scenes of cut-off fingers and loose eye balls. True, no security is perfect, so layering and balancing is important. For example, even after the log-in, RBS and Natwest require further authentication for some payment transactions. You also might want more assurances if you are getting access to a private banking account with high balances. Some banks are also experimenting with more sophisticated biometrics technologies. Last year, Barclays have trialled a special fingerprint scanner which uses infrared lights to scan blood flow in the veins of a person’s finger, and was planning to roll out the scanner to commercial customers. Incidentally, using the “vein profile” solves the “cut-off finger” challenge. Halifax, another UK bank, is trialling the technology from a Canadian firm Bionym. The bracelet called “Nymi” measures the intricate “cardiac rhythms” unique to every person, which can be used not only to log into a mobile banking app, but also potentially for many other applications, such as gaining access to the office, unlocking a car, or even boarding the plane and crossing borders. As always with new technologies, there is lots to learn and work out. But it seems that the future of logging into your bank account with a heartbeat (quite literally!) is not that far away.