Omnichannel requires security—everywhere

When I talk to major banks, I constantly hear one thing: “We need to be moving toward the omnichannel.”

Banks and other financial institutions of any size must recognize the need—or even modern-day requirement—to meet their customers wherever those consumers already live, work, and play. That translates to consumers being able to bank and access other financial services at any time, from any location, via any device.

When we say omnichannel, we mean an approach that typically includes online banking, mobile banking, cards and ATMs, customer service telephone lines, bill pay or direct deposit through web or mobile apps, virtual branches, and even transactions at traditional brick-and-mortar locations.

While omnichannel is becoming table stakes, there’s another important factor wrapped up in this one: Strong security measures throughout each channel that protect without disrupting that ideal, seamless customer experience.

Channel by channel solutions, with commonality

Every transaction or transmittal of data on one of the aforementioned channels represents a risk point where criminals can threaten users’ cyber security and financial well being. Especially as EMV starts to universally secure credit card payments at the point of sale, we can expect both banking and payments fraud on online channels to rise. Those security threats will inevitably bleed into mobile too.

One might ask: Can a single security solution apply to all channels? Probably not, unfortunately, because that often kills convenience or interrupts the frictionless customer experience. “Omnisecurity” measures must be layered and tailored channel by channel.

The good news is that security measures enabled by mobile are exceptionally flexible, broadly applicable, and impressively effective. Some form or fashion of mobile can be the conduit to security for most, if not all, channels. Whether banking activities are taking place on PCs, tablets, ATMs, or another channel, mobile can play a part in keeping those channels secure while keeping the user experience lean.

Put another way, while omnichannel enhances convenience of banking services, mobile enhances convenience of security measures. And there’s a bonus that comes along with using mobile as the point of origin for omnichannel security. According to Nielsen’s Tops of 2015: Digital report, the vast majority of U.S. consumers already carries a smartphone (or at the very least a feature phone) that can serve as their source of authentication.

Spotting the risk points

Now that omnichannel has been defined and security has been established as an interwoven priority, here are a few threat points that banks making the transition to omnichannel should keep in mind. I accompany each with some technologies that could help neutralize clear and present dangers:

• Cards and ATMs. This channel has seen the most advancement in recent years. Embedding EMV chips in ATM or debit cards can help defend bank accounts and on-the-go ATM banking transactions. That defensive front is key against magstripe skimming combined with PIN stealing perpetrated via shoulder-surfing, pinhole cameras, or false machine fronts.

• Online banking. To take a step back, one of the most important distinctions to make in securing an omnichannel approach is knowing when and where data is “in transit” or “in motion” versus when and where data is “at rest.”

Data in motion is usually more vulnerable than data at rest. Once banking activities and data start moving cross-channel, those vulnerabilities multiply rapidly.

Despite the fact that data at rest is supposedly the less susceptible of the two, securing financial data being stored in the cloud for online banking purposes should still be taken seriously by financial institutions. According to Global Study on the State of Payment Data Security, a report the Ponemon Institute recently conducted on behalf of my company, only 45% of businesses say they use encryption, tokenization, or other cryptologic tools to protect financial data in the cloud.

To be fair, that number is likely much higher if we’re talking about banks specifically. But that’s exactly where those banking service providers need to be targeting their security investments for online banking: tokenization and encryption.

• Mobile banking. As mentioned earlier, luckily for banks, mobile is a natural fit not only for financial services, but for applying security precautions. Banking on-the-go is a growing trend, especially with millennials, of which nearly 59% use a mobile device for banking, as estimated by eMarketer.

Leveraging the ever-present tech power of the smartphone allows banks to institute advanced security protocols, like two-factor authentication, to address this omnichannel threat point, and requires little change to user behavior.

Those two factors can be any combination of Touch ID fingerprint detection (as on newer iPhones); 3D Secure (as popularized in Europe); an extra password or PIN; or a randomized digital token. Banking credentials can also be secured on the mobile secure element, and tokenization capabilities apply to mobile as well.

There’s a whole host of possibilities to keep banking on this channel secure and yet convenient—all without necessitating a costly technology investment from the bank.

• Channels yet to come. As previously discussed, fraudsters are always looking ahead, so banks should be too when it comes to security.

Technology providers have not yet perfected or consistently applied emergent technologies like real-time biometrics (even unique heartbeats), facial recognition, and voice recognition, we’re getting closer by the day. Banks should be tinkering with these technologies early and seeing how they can be integrated as they add various channels to the mix.

I guarantee consumers will thank their banks for being ahead of the game.

Omnichannel pushes banking evolution

I’ve been quoted saying that, increasingly, banks may be viewing themselves as IT companies or software vendors with a security mindset. I stand by that assertion.

The more that omnichannel proliferates and banks are ultimately held responsible for keeping their customers secure, the more natural that evolution of perspective is going to become.

Banks aren’t specialists familiar with the complexities of security. Plus, they have their own core business challenges to focus on. They can meet the security challenge by working with an external partner or they can do it themselves in-house.

There, they have a choice. Where they don’t is clear: Omnichannel requires a heavy emphasis on security. Everywhere.

About the author

Hakan Nordfjell, senior vice-president of eBanking and eCommerce, Gemalto. The Netherlands-based company is an international digital security company, providing software applications, secure personal devices such as smart cards and tokens, and managed services.