Digital transactions surged during this pandemic amid huge spikes in data breaches. Yet consumers want convenience in their digital experience …

Recent research by cloud security and application delivery firm F5 have pointed to eroding trust in banking apps this year across Australia, Hong Kong and Singapore.

Shahnawaz Backer, Principal Security Advisor (APCJ), F5

Between 25 March and 13 April this year, an online survey with 4,107 respondents (from Australia, China, India, Indonesia, Hong Kong, Japan, Singapore and Taiwan) was conducted to examine consumer attitudes regarding privacy vs convenience issues. wanted to find out what has been causing a shift in consumer trust in the region, and had the opportunity to interview Shahnawaz Backer, Principal Security Advisor (APCJ), F5, for answers.

DigiconAsia: How have consumer expectations towards security and convenience changed over the years, and what are the most likely causes of these shifts?

Shahnawaz Backer (SB): Today’s consumer is spoilt for choice when deciding on products and services to patronize. As such, most consumers are frequently choosing frictionless experiences, with an average of 69% of APAC consumers choosing to give up their privacy to gain better digital experiences. Markets such as China, India and Indonesia are leading this charge.

However, while the preference is surely diverting towards convenience, it does not necessarily mean that security needs to be relegated completely. In fact, consumers across the region are more inclined to assign the responsibility of their data privacy and security to enterprises (43%), followed by governments (32%) before themselves (25%).

Human behavior has been conditioned to gravitate towards the path of least resistance, which is quite evident from this trend. With more enterprises coming up with innovative products and services at speed, consumers have a plethora of options to pick from, and these options seem to be growing at a rapid speed as well. As technology and its adoption continues to advance, consumers will grow more accustomed to products and services that help them receive the benefits of a product or service at minimal cost: in this case, friction in their experience.

DigiconAsia: How have these shifts redefined brand trust toward banks and financial service institutions in the region?

SB: According to our 2020 report, the trust in digital apps across the board has witnessed a decline in the last two years, with social media companies witnessing the steepest drop in trust by 19%, followed by banking and financial service institutions (BFSIs) taking a 16% hit. However, this drop can be attributed to the fact that consumers are becoming increasingly aware of cyber risks and the current pandemic threat landscape. The combination of frequent breach disclosures and heavy reliance on digital transactions has impacted the perceptions of online services in general, with BFSI online products and services not being spared.   

DigiconAsia: Have these changes become more or less pronounced during the COVID-19 pandemic and the ‘new normal’ today?

SB: Lockdowns have certainly caused many consumers to function from the safety of their homes, and applications have become more critical now than ever before in ensuring that we remain connected and can work and play with little disruptions.

However, on the cyber risk front, malicious actors have also been working hard to gain more ground and leverage consumer vulnerabilities that are heightened by the volatility of our environment today.  

In our analysis, we saw a spike in attacks executed via distributed denial-of-service (DDoS) (45%) and password logins (43%). With such cyberattacks greeting our news headlines with more regularity, consumers will unwittingly become more critical of their service providers, expecting them to ramp up the security postures to ensure they do not fall victim to such threats.

DigiconAsia: What does the dip in trust toward banking apps portend for the various governments’ digital banking and e-payments push in the region?

SB: The straight answer is that it will not impact this push adversely. The adoption of banking apps and services are largely funneled by the convenience of using the apps. It is so much easier to complete bank transactions with a few simple clicks on your phone today, instead of having to queue for hours at a branch, all thanks to apps, and consumers are all for it.

However, BFSIs will need to step up their cybersecurity game to mitigate risks by integrating security into the core of their products or services from day 0. And we are seeing this already, with banks using tools, such as biometric sign-in options and authentication, immediate alerts to customers as transactions happen, or even simple things like setting a limit on the amount of cash we can transfer from our accounts daily. These steps provide customers with added security that is visible, inspiring greater confidence in the BFSIs security postures.

As for governments, many are already implementing compliance and regulations to facilitate the digital bank movements while ensuring that security is not being left as an afterthought. For instance, Singapore’s Monetary Authority of Singapore (MAS) has many guides for BFSIs on cyber hygiene as well as technology risk managements, as well as a Cyber Security Advisory Panel that provides strategies for MAS and financial institutions in Singapore to sustain cyber resilience and trust in our financial system.

DigiconAsia: What are some key steps banks and FSIs can take to reduce friction in consumers’ digital banking experience while ensuring strong security postures for their apps?

SB: First and foremost, one key thing that BFSIs can implement is user-friendly security mechanisms like biometric authentication. Some banks have already deployed this in customer-facing apps. These checks not only allow for better, seamless app experience, but also promote confidence amongst consumers.

BFSIs should also be looking into implementing AI/ML-powered analytics engines. These engines are a viable way to unearth anomalies in transactions and user behavioral patterns. The system can in turn cut down reliance on tools such as CAPTCHAs and increase efficacy in fighting fraud.  

Last but not the least, BFSIs should be utilizing financial-grade APIs, which is an industry-led specification of data schemas, security, and privacy protocols. These APIs enable apps to utilize the data stored in accounts, interact with said accounts and empower users to control the security and privacy settings according to their needs. These APIs help to integrate the banking process with customers’ preferred apps while maintaining an optimal security posture.

We thank Shahnawaz for his insights and leave readers to decide how they can cultivate stronger trust in their organizational pursuits.