Digital wealth management security: getting authorization and authentication right

Digital security is a basic necessity today, guarding our online footprints, protecting us from malicious actors, and preventing financial loss and theft of private data. Still, when users are confronted with strict digital security best practices, they often perceive them as roadblocks, challenges deliberately introduced to impede them from doing what they need to get done.

The financial services industry is becoming a lot more aware of this dynamic, in part because of the debate, in Europe, over EBA-mandated strong customer authentication (SCA) in service of the revised Payment Services Directive (PSD2). Requirements for stronger passwords and second-factor authentication involving one-time passwords or fingerprint scans can increase friction, confuse users, and introduce higher rates of failure when people forget, lose, or mistype login details. This, in turn, negatively impacts digital service adoption and conversion rates. (This is arguably a trickier factor in wealth management than in banking because logins to an investment portfolio can be very infrequent.)

What is clear is that digital security and fraud prevention is a must, but the delivery of secure solutions should not add pain to the process.

Well-designed software workflows build brand value

Superior digital solutions deploy security to boost usability, to expand and improve self-service capabilities, not hinder users unduly. Ease of use is no small detail in designing digital financial services. UK consumer research published on this blog by CREALOGIX found that the top driver of adoption and increased engagement with challenger bank apps is their ease of use.

Similarly, in a survey of UK wealth management customers, EY (2019, “The new norm: FinTech and the digitally enabled wealth customer”) found that 65% of people want simplification in managing their finances, 65% say the most important factor in choosing a provider is that their website is easy to use and 32% said that the reason they use fintech apps for managing their savings and investments is ease of setting up an account.

The very high value that consumers place on ease of use in banking and investment apps suggests that firms will face user adoption challenges if they do not design carefully for usability. On the other hand, they will build substantial competitive value and increased engagement among users if they can get it right.

Investor–advisor messaging: a use case combining security and convenience

Wealth management requires relatively infrequent interaction but is characterized by highly bespoke service and a value model that depends on up to the minute financial advice and action. For this reason, there is a very strong case to be made for supplementing face-to-face and phone communications with communication over digital channels.

It should go without saying that digital solutions must provide both the best security and utmost ease of use. There is no compromising on either of these, in this segment more than ever. Imagine a messaging channel like WhatsApp, Telegram, and Slack that combines the benefits of instant communication with banking-grade security and the ability to manage messages intelligently.

A secure messaging platform can help investors and advisors handle authorization – the “signature” steps in the administration of financial portfolios, the initiation of funds transfers, and the confirmation of decisions or investor actions. Through a trusted channel, wealth management customers receive and respond to notifications, recommendations, and acknowledgements, while avoiding an email-like clutter of messages which have passed, expired, or are no longer relevant.

The same mechanism would be useful within a wealth management office. Advisors could, in this way, be notified of an authorizing manager’s availability. If the manager is away or otherwise unavailable, responsibility could be transferred to someone else, the action blocked, or even automatically completed based on pre-set criteria.

Whether the secure messaging system is used to seek authorizations from an investor or from management in a business process, the implementation must address the risk of users being tricked into initiating or approving actions that could have been spotted as potential fraud in a former, more manual process. In other words, convenience and speed can’t be allowed to compromise security.

From a technology standpoint, how can this be achieved? Entersekt’s secure messaging and notifications functionality, available for retail banks and wealth managers through the CREALOGIX Digital Banking Hub, establishes a secure channel between the bank and users’ cryptographically identified mobile devices. It is this channel over which important messages are exchanged.

Entersekt mobile screen showing user approval of a specific purchase transaction

Rather than transactions being ephemeral items disappearing into the ether like SMS messages or email, the software also provides a clear, auditable record of interactions, approvals, and confirmations, and each item can be viewed from a central, intuitive user interface. It can also boost usability by lowering the visibility of tasks pending response from other parties and clarifying the status and responsibilities in multiple signature workflows.


Find out more about:

Previously on this blog from Simon Rodway:
Delivering simplicity is a complex proposition when security is at stake

Related posts