In banking, there’s a long-standing belief that apps can be secure or user-friendly — but not both.
Stronger security requires usability compromises, the thinking goes, while a slicker, smoother and simpler experience inevitably introduces vulnerabilities that cybercriminals can exploit.
This view is, at best, misguided. You can create a banking app that meets high security standards without forcing your customers to do the equivalent of filling out a ten-page form every time they want to change their details.
A UX Concept Built on a False Choice
The problem with the user experience versus security debate is that it frames it as a binary choice between the lesser of two evils.
The conventional wisdom is that cybercriminals tend to go for the lowest hanging fruit. So if you add several complicated steps to a user journey, you weed out bad actors and ensure only genuine users stick around. And if the user experience suffers, well, that’s the price consumers have to pay to keep their accounts safe.
This reasoning has two critical flaws.
Complexity Is the Enemy:
Consumers who have abandoned a digital banking product application because it was too complicated:63%
First, it assumes consumers are happy to jump through hoops in the name of greater security. But research shows that, if anything, their tolerance for friction is decreasing.
In a 2020 study by digital identity firm Signicat, for instance, 63% of consumers said they had abandoned digital banking product applications because they were too complicated. And 32% said they wouldn’t even consider applying for a banking product or service if it entailed going into a branch to present their ID.
Second, and more fundamentally, complexity isn’t an essential feature of security. If you use the right approach and the right technology, security can be simple without losing any of its effectiveness.
The Example of the Lost Phone
You don’t have to look too hard to find examples of security that doesn’t make customers want to tear their hair out. Fintechs have been proving it can be done for well over a decade. Here’s an actual example:
Imagine you lost your phone and had to download your banking app onto a new device. My team compared how a major U.K. high-street bank and a well-known fintech would verify the login from the new device. The results were eye-opening.
Not Even Close:
If you lost your phone and had to download your banking app onto a new device, it could take 43 steps (at a big bank) or 16 (at a fintech). Guess which was more secure?
Logging back onto the bank’s app involved 43 steps. And the user had to leave the app twice: once to get a one-time SMS passcode, and once to generate a code from the bank’s physical token.
In comparison, the fintech’s verification journey had fewer than half of these steps — 16 in total — with only one out-of-platform activity: clicking on an email confirmation link.
Both journeys followed multi-factor authentication best practice: something you know, something you own, and something you are. But the fintech verified the new device without turning the process into a time-consuming and frustrating ordeal. In fact, it included innovations that made the process of verifying the user’s identity more secure than the high-street bank’s 43-step process.
Re-Thinking the Relationship Between Security and UX
So why do many banks continue to design painfully convoluted user journeys in the name of security, when there are demonstrably effective and user-friendly alternatives?
In part, it comes down to not having a culture of innovation or the right data.
Succeeding at innovation — to paraphrase Japanese auto industry giant Soichiro Honda — requires you to get comfortable with failure. But that’s at odds with most banks’ conservative, revenue-driven business models.
Read More: 8 Fintech Trends Changing Banking Forever
It’s easier to stick to what you believe is “safe,” than take risks with technologies that might not work as intended.
If banks studied how their competitors have tackled tricky user journeys, they could build on tried and tested approaches instead of having to discover workable solutions through trial and error.
If you’re building on what’s already been done and can present a compelling business case to decision-makers, it’s easier to persuade them to embrace innovation. Suddenly, innovation is less of a risk.
Three Ways to Balance Security and Ease of Use
The good news is that you can balance security and ease of use. And you don’t have to take technological risks to do it. Here are three ways to do it.
First, it’s time for teams from different departments to realise they’re not at war. Developers, business executives, lawyers and compliance officers have different approaches and perspectives. But, while these might seem like they’re in competition, ultimately, everyone wants the same thing: to give customers a first-class service. Getting everyone to recognize this is difficult, of course, but ultimately it creates a competitive advantage.
Second, partnering with specialized companies can give you instant access to the tech stack, data and know-how you need to streamline your processes, innovate and scale quickly.
Leading banks and even neobanks have been doing this for years. Case in point: Revolut’s know-your-customer process wasn’t developed in-house, but in partnership with identity verification specialist Onfido.
Third, studying your competitors’ apps and user journeys — or investing in a competitive analysis tool that does that — opens up a wealth of insights you can use to inform your approach. Instead of trying to reinvent the wheel (and risking a less-than-ideal outcome), you can learn from others’ mistakes, improve on their successes, and approach innovation more confidently.