Digital is in Our DNA


Once your most basic needs in the first two levels of Abraham Maslow’s famous hierarchy of needs have been covered—including food, shelter, security and the like—what do you need then?

According to Maslow, the next three levels of need are Belongingness and Love, Esteem and Self-Actualization. All of these needs are fulfilled in one way or another by various forms of digital media: blogs, emails, twitter and LinkedIn.Combined, the digital mobile world we live in today plays to our basic psychological and self-fulfillment needs, which is why it is so addictive.

According to the Bank of America Corp.’sannual researchinto mobility, millennials spend more time interacting on their phone than with their partner, family, friends and colleagues.

Perhaps this is why many of us are so addicted to selfies and using the camera to stream our daily routines non-stop.It is also why some joker added WiFi and a battery to Maslow’s well known pyramid. (And if Maslow was alive today, he would no doubt agree.)

When we don’t have our phone, we often feel anxious and bored with a fear of missing out on what’s going on. We even walk and talk differently when we are using a mobile phone. The University of Bathfound that people who text had developed a protective shuffle that prevents them bumping into obstacles, or tripping over hazards. This means that it takes those texting 26 percent longer to complete a walking task compared to those who were not distracted by their phones, and it is really annoying. You know, you’re walking along the pavement and someone is shuffling slowly in front of you with that hunched over look that signals they are playing with their mobile phone. You kind of want to hit them in the back of the head and tell them to get out of the way, but don’t because you know you do it yourself. This is the world today, and the reason whysome citiesare introducing texting and non-texting sidewalks.

Before we look at banks, a little test. Turn off your mobile phone and seehow many minutes or hours you can wait before turning it back on again. Do this when you’re not in a meeting or sleeping and have ready access to your phone. I bet none of you last more than an hour.

The reason for giving this insight into the mobile digital age being part of our DNA is that, if our relationships are with and through our digital devices, how does a bank become part of that world? That’s a difficult question. Most bankers think that mobile and digital generally are projects to invest in, not the representation of a cultural transformation.But this dependency on our devices is a cultural transformation. The very fact that we have gone from a phone being a mere communication device to being at the very center of our lives in just one decade is incredible, but true.

Meanwhile, what banks are offering the best mobile experience? In the U.S., it’s JP Morgan Chase & Co.’s Chase retail banking unit, according toMagnify Money. Chase was voted the best mobile banking app in the country for a large bank, and applauded by users for a combination of design and functionality. The app has a lot of the features deemed most important by consumers, which includes fingerprint sign-on, mobile check deposit and the ability to see images of deposited checks. Consumers want to be able to do everything on the app, and Chase has been adding functionality throughout the year to keep people satisfied.

Forrester ranked the world’s best retail mobile banking services and benchmarked the retail mobile banking services of 46 large retail banks across four continents on 40 criteria, and found the average bank scored 65 out of 100.

Australia’s Westpac outstripped the average bank by being strong in every category. The bank earned the highest score in the transactional features category and did particularly well in its range of touch points, account and money management, and marketing and sales. It is one of the few banks to offer contactless mobile payments capability using near-field communication technology. The bank has also rolled out innovative features such as letting customers take pictures of their credit cards to activate them.

Of theother banks reviewed, nine stood out from their peers for their impressive mobile banking capabilities: CaixaBank in Spain, Canadian Imperial Bank of Commerce and Scotiabank in Canada, Garanti in Turkey, Bank of America and Wells Fargo & Co. in the U.S., Bank Zachodni WBK in Poland and Lloyds Bank in the U.K.

What Should Your Internet Banking Platform Look Like?

internet-banking-06-24-15.pngInternet banking is undergoing a transformation. In many ways, this evolution of the legacy Internet channel is being driven by the emergence and potential prominence of mobile banking. According to a report from the Federal Reserve, Consumers and Mobile Financial Services 2015, “the prevalence of mobile banking continued to increase, reaching 39 percent of mobile phone users with bank accounts and 52 percent of smartphone users with bank accounts.”

As Internet and mobile channels continue to evolve, so does the proliferation of other device categories, such as wearables, including smart watches. The expansion and convergence of these new categories give financial institutions the ability to better service customers and create a consistent user experience regardless of channel.

This is not about a single channel handling all customer interactions; users will likely choose all channels, and some will likely lead over others. Rather, it is about a blended experience across channels. Ask the management team of any community bank if they still offer telephone touchtone banking and the answer is yes. Channels rarely go away and there is nothing wrong with that. Again, the challenge is blending all these categories.

How Does This Impact Internet Banking Today?
The Internet channel can be classified as legacy technology. The way a customer uses the channel, the screens they see, the features available to them, are all “set-in-their-ways” and reflect a certain very specific design sensibility. No doubt this is a powerful legacy, so much so, that when the industry started creating the mobile banking experience, it was highly influenced by the Internet. Internet led the charge. Internet defined the standards. Then something changed. Mobile devices became ubiquitous.

According to the Federal Reserve study, as of December 2014, 87 percent of the U.S. population ages 18 and older owned or had regular access to a mobile phone. The smartphone was the most popular type: It runs applications in addition to accessing the Internet and functioning as a phone. The application is the single most significant part of this evolution toward smartphones. Easy to use, much more fun than the Internet and reflecting a new design sensibility, the smartphone marked a departure.

Mobile Is Now Driving the Evolution
The Internet needs a refresh. It is a somewhat old and stale legacy technology that has not been seriously refreshed in a decade. This technology and design refresh is being led by mobile. Internet banking will start to look like mobile banking apps, which have proven to be “cooler” and easier to use. And all of them will start to have a consistency in the features offered and their look. The customer wins. They get to do whatever it is they are trying to accomplish, via whichever channel they choose. The end result is a platform that is convenient, consistent and engaging.

The Best Customer Experience
There are many industry terms that try to encapsulate the concept of the many customer channels. The phrases “digital channel” and “omni channel” represent some of this industry jargon. We all generally agree that the goal is to have mobile, Internet and other systems provide a consistent experience for a customer. Bank boards and management teams should demand that the channels converge around whatever makes the best sense for the customer. The technology and the design sensibility are all avenues to the primary goal of creating satisfied and delighted customers.

The good news is that this is attainable today in a way that was never imagined a decade ago. The technology involved in delivering customer channels, such as Internet and mobile, have matured and in many ways blended due to industry forces and the regular movements of the technology markets. This is good for bankers and good for customers. This next step of transforming Internet banking will create the next big opportunity for banks to differentiate their digital strategies.

Banks in Cyber-Fraud Crosshairs

5-21-13_Cyber_Fraud.pngIn September 2012, the FBI warned financial institutions about malware attacks targeting bank employees to steal login credentials. Although financial malware such as Zeus and SpyEye have been used to attack online banking customers for years, using these tools to perpetrate fraud directly against financial institutions by compromising bank employee accounts is relatively new. Because banks are generally doing a better job at protecting customers against malware, criminal gangs are looking for another entry point. They are now turning their attention to bank employees with the same advanced malware and extensive money mules (people who transfer funds stolen from online banking accounts to the criminals). They are also using money laundering to commit fraud against online banking users.

Advanced Malware Battle
The FBI report specifically mentions two types of malware attacks: keylogging and remote access tools (RATs). While keylogging (which copies keystrokes typed by the victim) has existed for many years, RATs (which are used to remotely access and control an infected computer) are a relatively new addition to financial malware toolkits. They have been specifically added to enable pre-attack reconnaissance and target non-browser based applications like email on employee computers.

Compromising employee devices (PCs and laptops) is relatively straightforward. Cybercriminals use phishing emails to trick users into either opening documents infected with malware or lure users to click on embedded links that lead to websites that serve up malware. Cybercriminals also compromise legitimate websites that can automatically infect devices just by visiting a compromised page. Once there, popular exploit kits, such as Blackhole, actively scan a user’s device for a variety of vulnerabilities and then use the appropriate files to invisibly install malware. Cybercriminals target both undisclosed and disclosed, but unpatched, vulnerabilities to bypass system restrictions that would otherwise prevent these infections. 

Most financial institutions implement controls like anti-virus protection on endpoint devices and intrusion prevention systems (IPS) on the network—both of which are evaded by readily available malware kits. Trusteer Intelligence has found that up to 4 percent of employee devices can be infected with dangerous data stealing malware over the course of a year at a typical financial institution. Most financial institution security professionals understand that anti-virus solutions are ineffective against advanced data-stealing malware that is specifically designed to evade such protections. Evidence of this is readily apparent on bank customers’ computers, which are continuously infected with malware, despite running up-to-date anti-virus software.

Unfortunately, even anti-malware solutions like sandboxing that place suspicious files in a safe, isolated container on the computer and virtual machine analysis which inspects suspicious files on a separate, isolated computer are not very effective. Worse, these solutions require considerable information technology (IT) management oversight to analyze suspicious files and respond to employees who are prevented from running legitimate, yet blocked applications on their computers. Additionally, network-based security approaches, such as intrusion prevention systems, only function when the endpoint device is connected to the corporate network. Many employees use corporate devices to connect to the Internet when they are outside the office (e.g., when they are at home or traveling). In fact, a large Trusteer customer recently revealed to us that their corporate-issued employee laptops are ten times more infected with malware than their employees’ desktops.

To Protect the Enterprise, Secure the Endpoints
Knowing that cybercriminals are targeting employee devices, financial institutions must detect and remove the malware before it can do harm. Malware can cause damage only when it is executing on the endpoint machine, such as a laptop or mobile phone. Once malware executes, it exposes itself for what it is. Although we can’t fully prevent malware from infecting a device, we can certainly determine when malware is running—if we know what to look for. This means conducting real-time, persistent device monitoring to find active malware threats and specifically those that seek to compromise a bank’s critical internal information technology systems.

Bank boards should ensure that their IT security and fraud prevention teams are aware of the fact that criminals are attacking bank employee computers to commit fraud. These groups should be able to articulate the defense mechanisms that are in place to prevent malware from infecting employee computers (both desktop and laptop). They should also have protection measures deployed that can prevent infected computers from being used to compromise other systems on the corporate network. Boards should expect the bank to be protected by  several layers of security that use multiple technologies, periodic threat assessments, and a detailed mitigation plan in case fraud does occur.