What Should Your Internet Banking Platform Look Like?

internet-banking-06-24-15.pngInternet banking is undergoing a transformation. In many ways, this evolution of the legacy Internet channel is being driven by the emergence and potential prominence of mobile banking. According to a report from the Federal Reserve, Consumers and Mobile Financial Services 2015, “the prevalence of mobile banking continued to increase, reaching 39 percent of mobile phone users with bank accounts and 52 percent of smartphone users with bank accounts.”

As Internet and mobile channels continue to evolve, so does the proliferation of other device categories, such as wearables, including smart watches. The expansion and convergence of these new categories give financial institutions the ability to better service customers and create a consistent user experience regardless of channel.

This is not about a single channel handling all customer interactions; users will likely choose all channels, and some will likely lead over others. Rather, it is about a blended experience across channels. Ask the management team of any community bank if they still offer telephone touchtone banking and the answer is yes. Channels rarely go away and there is nothing wrong with that. Again, the challenge is blending all these categories.

How Does This Impact Internet Banking Today?
The Internet channel can be classified as legacy technology. The way a customer uses the channel, the screens they see, the features available to them, are all “set-in-their-ways” and reflect a certain very specific design sensibility. No doubt this is a powerful legacy, so much so, that when the industry started creating the mobile banking experience, it was highly influenced by the Internet. Internet led the charge. Internet defined the standards. Then something changed. Mobile devices became ubiquitous.

According to the Federal Reserve study, as of December 2014, 87 percent of the U.S. population ages 18 and older owned or had regular access to a mobile phone. The smartphone was the most popular type: It runs applications in addition to accessing the Internet and functioning as a phone. The application is the single most significant part of this evolution toward smartphones. Easy to use, much more fun than the Internet and reflecting a new design sensibility, the smartphone marked a departure.

Mobile Is Now Driving the Evolution
The Internet needs a refresh. It is a somewhat old and stale legacy technology that has not been seriously refreshed in a decade. This technology and design refresh is being led by mobile. Internet banking will start to look like mobile banking apps, which have proven to be “cooler” and easier to use. And all of them will start to have a consistency in the features offered and their look. The customer wins. They get to do whatever it is they are trying to accomplish, via whichever channel they choose. The end result is a platform that is convenient, consistent and engaging.

The Best Customer Experience
There are many industry terms that try to encapsulate the concept of the many customer channels. The phrases “digital channel” and “omni channel” represent some of this industry jargon. We all generally agree that the goal is to have mobile, Internet and other systems provide a consistent experience for a customer. Bank boards and management teams should demand that the channels converge around whatever makes the best sense for the customer. The technology and the design sensibility are all avenues to the primary goal of creating satisfied and delighted customers.

The good news is that this is attainable today in a way that was never imagined a decade ago. The technology involved in delivering customer channels, such as Internet and mobile, have matured and in many ways blended due to industry forces and the regular movements of the technology markets. This is good for bankers and good for customers. This next step of transforming Internet banking will create the next big opportunity for banks to differentiate their digital strategies.

Avoiding Liability for Online Banking Fraud

security.jpgIf you are a community bank executive, imagine facing this unpleasant scenario:  Your head of operations calls to tell you that one of the bank’s largest customers suffered a computer hack and millions of dollars were transferred out of the customer’s accounts. 

This situation will deliver a severe stress test to your bank’s operational systems. Were the right procedures in place?  Were they followed?  Are you liable and is the loss insurable?  When your biggest customer has taken a crushing financial loss and is desperately looking for a source of recovery, you don’t want to be discovering for the first time that there were some basic steps you could have taken. While hacking can never be prevented entirely, a careful bank can avoid liability for a hacking incident. A careless bank can be forced to absorb the customer’s loss, plus interest and other amounts.

In most cases, the fraud is discovered well after deadlines for reversing or cancelling the transfer.  However, depending on applicable state law, there may be a way to impose a freeze on the funds by delivering the correct affidavit and/or indemnity.  Sometimes, if there is a reasonable basis for believing the funds have not left the destination account, the bank’s attorneys can impose a temporary restraining order to freeze the funds in place.  The success of such measures is highly uncertain, given the strict deadlines that apply to funds transfers.  If the funds were sent outside the U.S., then legal recourse is usually limited or unavailable as a practical matter.

Insurance of course is vital and all community banks should ensure that they (and hopefully their customers) have a policy directly covering losses caused by unauthorized online transfers. It is well worth the time to “stress test” your policy by running through a common online fraud scenario. Does your insurance application accurately describe all of your online banking operations?  And, is the coverage amount adequate if a criminal drains all the funds in your largest business deposit account? Because these cases are almost always litigated, you need to know that your defense costs are squarely covered and that the policy limit is enough to cover defense costs and the dollar amount of your customer’s loss. 

After a loss, observe the basics in obtaining coverage such as not agreeing to settle with your customer without the insurer’s express consent.  Even if all of these issues are adequately addressed, a bank may still face an insurer that denies coverage for at least a portion of the bank’s costs, delays a coverage determination or obstructs a settlement, forcing the bank to litigate with its customer. 

Far better than relying on only an assumed insurance coverage is a thorough review of the bank’s policies and account documents to ensure the bank can withstand a massive online fraud on one of its business customers. Do your operations, Bank Secrecy Act and information technology teams understand what the other is doing with regard to online fraud prevention? Are you positive that your team has pored over the Federal Financial Institutions Examination Council guidance on “Authentication in an Internet Banking Environment” (supplemented in June 2011) and made a thoughtful choice as to the online banking security and anti-fraud procedures the bank will follow and offer to its customers? 

Keep in mind a recent harsh federal court decision in the Patco Construction Co. case (July 2012, First Circuit Court of Appeals in Boston) that faulted a bank for not using features of its computer system that the court theorized could have been used to prevent the account hijacking. The court also faulted the bank for taking a uniform approach to fraud prevention, i.e., not taking the customer’s particular circumstances into account. It is generally worth the investment to seek written assurance from legal and/or security experts as to compliance of the bank’s online security with FFIEC guidance and those in Uniform Commercial Code Article 4A.

There is a continuing clash between the security a bank wants its customers to implement and what the customers are actually willing to do. A bank is not required to force its customers to adopt and follow all security best practices, but it should carefully document its offer of additional security precautions and the customer’s rejection of the offer. 

Once a bank has designed a suitable online security program, the bank must ensure careful compliance with those procedures. Banks’ security procedures do evolve and change over time. It is critically important to know what the bank’s actual procedures are so that new personnel can seamlessly comply and the bank’s auditors can accurately audit compliance. 

A bank should also inventory and review the agreements, certifications and other documents that affect the relative rights and obligations of the bank and its customers with respect to online fraud. If the bank’s form documentation is outdated, then those documents may allocate far more liability to the bank than banking regulations require or that is acceptable in the industry. 

Designing and following robust and compliant online security procedures is necessary to avoid catastrophic liability for a bank. It is also smart business. Senior management that thoroughly understands the bank’s security system is a management team that can then communicate the value of that system to customers and enhance the value of the franchise.

Internet Banking: what it means for your institution

FirstData-WhitePape4.pngThe way we bank is changing. What used to happen at a branch now happens just about anywhere. Internet banking services have fast become a banking reality. And in today’s changing technology landscape, financial institutions must keep up with customer demands. So what does this mean for your institution? First Data created a white paper to help you understand the consumer technology expectations and trends in banking. We outline what a complete internet banking solution should look like, how to choose the right one, and best practices for a successful conversion program. We’ll cover topics such as:

  • Features and capabilities that an internet banking solution should have
  • A mini case study of a bank that utilized First Data’s Internet Banking Suite
  • Nine best practices for a successful conversion process

 To read the white paper, download it now.