Consumers are increasingly concerned about privacy amid the rising tide of fraud and data breaches. While privacy protections are an essential way for financial institutions to gain consumer confidence, several other factors contribute to establishing cyber trust with consumers.
In her latest report, Cyber Trust in Banking: Digital Path to Maturity, Tracy Kitten, Director of Fraud and Security at Javelin Strategy & Research, relays the findings of her latest industry scorecard and details the progress financial institutions have made—and the areas they can improve on—with cyber trust.
Privacy Priority
Privacy is still the most important, overarching issue to consumers, and the Javelin scorecard found that top-tier financial institutions have updated their privacy disclosure policies on a regular basis. That is a shift from just a few years ago, when privacy policies were harder to locate, and many hadn’t been updated in over a year.
“Now, surprisingly, the disclosures are easy to find, and they are typically posted in multiple places on the organizations’ sites,” Kitten said. “A customer can go to a wealth management page for advice and often find privacy disclosures there. Disclosures are also commonly available when consumers search for cybersecurity or fraud prevention information. It means financial institutions understand their customers are concerned about privacy.”
In addition, many financial institutions have gone beyond general privacy disclosures and created specific disclosures for minors. The scorecard also found that privacy disclosures were updated at a regular cadence, including many that were updated as recently as the last 30 days.
While those are significant improvements, there is still room to strengthen privacy programs. For instance, financial institutions should ensure their privacy disclosures avoid legal jargon and are easy to understand.
In addition, many banks have invested substantial time and money enhancing the usability and interfaces in their mobile banking platform, but they haven’t extended the functionality to their online banking platform. Even though more customers are adopting mobile banking, it doesn’t mean they are leaving online banking behind entirely.
“There should be more parity with privacy disclosures across both channels,” Kitten said. “If a consumer wants to do more intensive activities like reviewing past mortgage statements or responding to fraudulent activity alerts, they are more apt to do so via online browser-based banking on a laptop or desktop than they are on their mobile device. That includes reviewing privacy policies.”
Skin in the Game
Another aspect of cyber trust is authentication. Strong authentication protocols let consumers know that their data is protected and important. Most consumers are aware that basic usernames and passwords are not the most effective authentication methods, but they don’t often have an alternative.
Financial institutions can strengthen authentication methods on mobile banking apps by implementing biometric verification using facial recognition or fingerprint scanning, which are often already tied into the mobile device’s operating system.
Those avenues haven’t typically been integrated into online banking platforms, but they can be. Though financial institutions might be concerned about creating friction in the customer experience, consumers have proven they are open to biometric authentication because it is simple to use and makes interactions more secure.
“On the other hand, one-time passcodes are now just unnecessary friction because they are easily circumvented,” Kitten said. “Financial institutions should move to physical biometrics, and even look at behavioral biometrics that take place on the back end. When consumers have skin in the game, literally, they feel more connected to their bank and it takes some pressure off the institution.”
Directing the Conversation
Another way to engage customers is to build better consumer education programs. Alerts are an important—and often underutilized—way for financial institutions to direct the conversation with their customers.
“Financial institutions should encourage consumers to sign up for alerts when there are transactions that exceed defined thresholds or when there are changes to the account, such as when a new account holder is added,” Kitten said. “Customers should also know that if they suspect a transaction is fraudulent, the sooner they notify their financial institution, the better.”
Consumers should also receive alerts through multiple channels, including through mobile app notifications, text alerts, and email messages. Continued engagement through alerts can make consumers aware that their financial institution takes their relationship seriously.
However, banks and credit unions should ensure that they are sending useful information that is interactive when applicable. For example, instead of providing a written notification about a new scam when a customer logs into their account, an institution could offer a podcast or another interactive way to educate their customers.
A Message That Resonates
Financial institutions have made significant steps forward in beefing up their privacy programs and making them more relevant and available to their customers. There is still the opportunity to make disclosures equally prevalent on mobile and online banking platforms.
Banks should also implement stronger biometric authentication methods on mobile and online banking platforms and move away from one-time passcodes. Finally, an organization should educate and empower its consumers.
“I hope that financial institutions take these recommendations seriously and implement changes before the next scorecard, and also that their engagement with their customers doesn’t fall short,” Kitten said. “Don’t take the easy way out, try to personalize education interaction everywhere you can. A little bit of personalization goes a long way, and the more targeted your message is, the more it’s going to resonate.”