On the one hand, the massive shift to cloud has made the sector more agile and innovative, with customers reaping an array of time and money-saving benefits. It's now second-nature to pay for your morning coffee with an e-wallet on your phone, or to transfer funds to a friend with a few touches of a screen.
In fact, mobile banking is now the most popular way for Australians to handle their finances, and physical branches are shutting down at an escalating rate.
On the other, and debatably more important hand, the digital rush has opened the floodgates for identity theft and financial fraud. As interactions and transactions become more interconnected, even the simplest processes like opening a new account can have unintended flow-on security concerns.
We saw this happen this year when a university student witnessed the real-time draining of her bank account after she'd downloaded a separate application to her mobile containing malware.
The threat environment is such that across Australia, online banking scams were one of the most common types reported last year.
In response, banks have upped their security resources and introduced digital-specific protections such as temporary card verification codes. They're also now subject to tighter regulations, including the recent reforms to the Security of Critical Infrastructure Act, which has mandated cyber incident reporting and increased access to government support.
These are all vital steps towards protecting Australians from the worst impacts of financial and identity fraud. However, there is scope for technology to be leveraged in a way that addresses the threats, opportunities and user behaviours of the new digital landscape in a more holistic way.
Moving past knowledge-based authentication
In the modern environment, asking customers to verify their identity with their mother's maiden name or favourite colour is simply not sophisticated — nor is it an appropriate protection measure in the digital world.
Worryingly, hackers are gleaning these facts from social media or through targeted phishing campaigns and using the information to unlock access to a range of customer services, including bank accounts.
Artificial intelligence (AI) can be leveraged to scan a caller's voice, compare this against a record of their unique speech patterns, pitch and other identifiable factors, and grant verification via voiceprint. This both saves time and is a lot harder to nefariously emulate than guessing answers to simple questions.
Banks can also use sensors, including location services, cameras and QR code scanning, to create a holistic, multi-layered yet automated customer verification template. This is ideal for simple yet high-risk transactions like requesting a new debit card or updating addresses.
Outbound notifications for fraud protection
Australia is battling an unprecedented deluge of scams. In the last financial year, we lost a record $2 billion to scams, with the majority coming from phone calls and text messages.
Commonly, scammers purport to be from banks and other financial institutions. We saw an example of this when a high-profile journalist lost her life savings after answering a call displayed on her phone as her bank.
To overcome the challenge of engaging with customers who, as a prevention measure, are increasingly diverting unknown phone calls to voicemail, banks should take a secure, multi-channel approach.
Customers are more likely to trust a phone call if they receive a message through their banking app at the same time, and this can initiate facial, fingerprint or PIN authentication. Banks can also make calls through banking apps directly, completely bypassing the public network, and advise customers to disregard all other communication.
Prevention against intentional data breaches is also a scary thought, but one that warrants consideration. When a customer calls up a bank, the agent at the end of the line, as well as those who can access their device, can easily tap into a customer’s address, driver’s license, banking credentials and other private information.
Cryptographic techniques can be used to covertly verify a customer’s sensitive or personally identifiable information (PII), while the agent only sees information relevant to the task, such as whether a payment went through, or a document was signed.
Increasing protections in the work-from-anywhere era
As employees continue working from anywhere, across personal devices and in shared, non-bank workspaces, leaders need to find a balance between allowing staff to feel trusted to complete their jobs, while providing customers with assurances around the security of their data.
It's essential that workforces remain supported and have the resources to do their jobs. Not only to support their wellbeing and meet customer service demands as customers increasingly switch to digital channels, but to minimise the chance of any burnout-induced errors that could lead to a gap in the organisation's cyber defences.
In a bank setting, AI and machine learning can work as a digital side-kick to agents, enabling them to use their time effectively and provide sophisticated customer resolutions. For instance, natural language processing (NLP) can determine the value of a call and deflect low-value interactions, such as balance enquiries and credit card waivers, to a virtual agent. Meanwhile, interactions that require human involvement can be intercepted and directed to a live agent.
Banks can also have agents verify their identity with facial biometrics, which is only activated when they're on the phone, assuring them that they are not being excessively monitored while working remotely.
Banks and financial services organisations are embracing digital services to better serve customers and make their own processes easier. But this has introduced a new set of challenges when it comes to ensuring customer privacy and information security. By leveraging data analytics, security tools and education, these organisations can take the best approach possible towards protecting Australians in the new digital world.
Jeremy Paton, team engagement solutions lead, Avaya
