MOBILE IDENTITY: THE FUSION OF FINANCIAL SERVICES, MOBILITY AND IDENTITY
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
MOBILE IDENTITY:
THE FUSION OF FINANCIAL SERVICES,
MOBILITY AND IDENTITY
1
2
contents
FOREWORD 4
1.0 MOBILE IDENTITY 6
2.0 FINANCIALLY MOBILISED OMNIPRESENT CONSUMERS 27
2.1 The ‘Omnipresent’ Mobile Consumer 27
2.2 The Confluence of Identity, Privacy and Security – this is now one conversation, not three 30
2.3 “Identity of Things”, “Privacy”, “Internet of Trust” 32
3.0 MOBILE IDENTITY RESEARCH 34
3.1 Methodology 34
3.2 Financial Services Executive Study 35
3.2.1 Drivers of Existing Identity Systems and Processes 35
3.2.2 Changes to Investments in Identity Systems and Processes 36
3.2.3 Institution Identity Strategies and Responsibilities 36
3.2.4 Trust and Third-Party Identity Providers 38
3.3 Mobile Identity Consumer Study 39
3.3.1 Authentication Method Descriptions 39
3.4 Federated Identity 40
3.5 Second Factor Authentication 41
3.6 Mobile Digital Signature 43
3.7 Incremental Appeal of Authentication Methods 44
4.0 MOBILE IDENTITY TECHNOLOGY FOR THE INTERCONNECTED
FINANCIAL SERVICES INSTITUTION 46
4.1 Identity Technology Key Developments and Roadmap 46
4.2 Authentication in a Interconnected Financial Services World 49
4.3 Federated Identity in a Interconnected Financial Services World 54
4.4 Mobile Digital Signature in an Interconnected Financial Services World 56
4.5 Mobile ID = Mobile Number + Device + Behaviour 58
4.6 Mobile Threat Defence 60
4.7 Secure Omni-Present Intelligent Identity 62
5.0 CONCLUSIONS 65
6.0 ABOUT THE AUTHOR 66
7.0 ACKNOWLEDGEMENTS 67
8.0 NOTES & REFERENCES 68
3
FOREWORD
Welcome This report is a look into generational
change – particularly as it affects Gen
It’s my pleasure to X and Y, who together make up half of
present the tenth in the global population2. Their adoption
of mobile digital technology will both
my series of financial expose institutions to risk and create
services industry thought opportunity. My central argument
is that mobile digital technologies
leadership reports: have changed how these generations
Mobile Identity – prefer to be identified. The trust
The Fusion of Financial paradigm has shifted from having to
prove who we are, to being recognised
Services, Mobility for who we are. Both our identities
and Identity. For this and our consumption of financial
report, we developed services are now inextricably fused
with our mobile device, which is why
some unique research mobile identity is a critical issue and
methodologies that why this research is so timely.
allowed us to discover In just seven years, since the advent
some fascinating new of the smartphone, these devices
have become the primary means
information about how for consumers to access financial
financial institutions can services. This inflection point has
unlock the trust needed forever changed the industry. We are
now transitioning to an ‘omnipresent’
to digitally engage the customer engagement model,
‘no-finapp-phobic’1 characterised by expectations
Gen X and Ys. of predictive, personalised and
presence-based financial application
experiences that are part of the
fabric of our increasingly
interconnected lives.
But just as the mobile device
has become our gateway to the
financial services world, it has also
become the source of new risks for
both individuals and institutions.
Cybercrime has become the domain
of industrial-strength perpetrators
who are often highly organised,
highly skilled, abundantly resourced
and keen to exploit any points of
weakness in the internet and the
devices and systems connected to
it. This seismic shift in the nature of
cybercrime requires us to reimagine
identity and its role in securing our
personal lives, our information,
our institutions and the services
they offer.
4
In my last report ‘Analyse This, Predict Lastly, we present a vision for secure,
That – how institutions compete and intelligent omnipresent identity
win on analytics’, I emphasised that in the interconnected financial
data analytics brings new risks to services world. Here, we both explain
financial institutions, particularly some world-leading technological
around the appropriate use of developments, including those that
personal information. Critically, Telstra has directly invested into, and
I argued that a new customer discuss the role that next-generation
engagement model is required – one identity, access management and
that ensures that analytics enhances security technologies can play in
value, whilst also reinforcing the helping your institution map out its
trust that consumers place in their trust journey.
financial institutions. Since then,
growing numbers of major security We show that mobile identity is a
breaches have been reported – fundamental enabler for innovation,
unfortunately, the insufficient and – just as importantly – that
protection and monitoring of mobile identity is critical to the trust
customers’ personal information has relationships that will unlock access
been behind many of these. to many wonderful new experiences
that will be created as mobile
This study across seven countries financial services continue to evolve.
within the Asia Pacific region, Europe
and America explores our changing The insights presented in this report
attitudes towards the identity of were only made possible by the
individuals and mobile devices. We generous participation of industry
begin by introducing a ‘Generational and research partners, to whom I am
Acquisition/Digital Engagement sincerely grateful.
Matrix’ that illustrates how an We welcome the opportunity to
institution’s future growth prospects provide you and your management
can be determined by its ability to team with an in-depth briefing
firstly acquire and then digitally on what these insights mean to
engage Gen X and Y, and the wallets your institution. At the back of this
they control. Against this strategic document, we’ve provided a list of
backdrop, we then consider the contact numbers. Please also visit
technological impact of mobility and www.telstraglobal.com/mobile-identity
identity. We then present the results for further information.
of research into financial services
executives and consumer attitudes
towards a range of identity topics
Rocky Scopelliti
and interactions that can be enabled
by mobile devices, and analyse Global Industry Executive – Banking,
the impact these would have on Finance & Insurance
consumers’ relationships with their
financial services institutions. Telstra Global Enterprise Services
5
1.0 M
obile Identity
Key Insights
The financial services industry within five years, digital sales may and the US) on the topics of identity
is moving from an age of digital account for 40 per cent or more4 of and security. What we learned is that
disruption to one of digital survival. new inflow revenue to institutions in for the financial services industry to
For example, in markets such as the most progressive geographies transition into this new mobile digital
the US, Accenture predicts that and customer segments. (This is era, significant developments in the
full-service banks could lose predicted to be highest in Europe, trust paradigm are required to attract
approximately 35 per cent of their reaching 50 per cent by 2018.) The and engage Gen X and Y and provide
market share by 2020 to “Pure battle is about relevance – digital them with the security they desire.
Plays” – whether online or mobile – relevance – and the people who will
and up to 25 per cent of US banks decide the winners are Gen X and Y, Here are the top ten insights that we
could disappear completely during who today account for approximately believe financial institutions need
that same period3. Neo-banks (e.g. half of the world’s population and are to know and consider to succeed in
Simple, Moven, GoBank, and Bluebird) the custodians of existing wealth and their identity transformations.
were reported to have secured nine wealth creation into the future.
per cent of the US market in 2013.
McKinsey & Company analysis We analysed information from 318
suggests that banks that are digital financial services executives across
laggards could see up to 35 per the Asia Pacific region, Europe and
cent of their net profit eroded, while the US and 4,272 consumers across
winners may increase profits by seven countries (Australia, Singapore,
40 per cent or more. They predict that Indonesia, Malaysia, Hong Kong, UK
6
1. T
he battle to acquire and digitally engage Gen X and Y is on.
The Online Pure Plays’ are ‘winning wallet’ but is it now the
Mobile Pure Plays’ turn
“Up to half of the world’s In my report last year, we presented In order to understand how exposed
the Competitive Growth Model that an institution is to ‘Generational
banks will disappear featured two major trends: firstly, the Recession’ or how well it is performing
through the cracks opened inter-generational wealth transfer on ‘Generational Transformation’,
up by digital disruption from the ageing baby boomer and we rate the institution based on the
pre-boomer generations to Gen dynamics of its generational profile
of the industry.” X and Y and secondly, technology (Generational Index) and digital
- Francisco Gonzalez proliferation as Gen Z – the digital channel adoption (Digital Index)
natives – are introduced to financial compared with the industry average
Rodriguez, Chairman services. These trends have created (with an index of 100 being the
and CEO BBVA, 2015 a disruption zone for new entrants industry average). We also consider
to squarely focus their propositions a third factor measuring what is at
on Gen X and Y. We have now further risk – in other words, the net worth
developed this model to create a of the customers concerned. In this
Generational Acquisition/Digital case, we use Average Footings ($AUD)
Engagement Matrix. This enables or dollars held in traditional banking
us now to assess the relative products at the institution5. Using
performance of institutions and the Australian banking market, we
how they are transforming their analyse how some institutions are
businesses in response to performing (see Figure 1).
these trends.
Figure 1: Generational Acquisition/Digital Engagement Quadrant
- Australian Market
Generation Index
150
Attractive 140 Transformed
ING DIRECT
130
ANZ $64K
120 $78K
NAB UBANK
$72K
CBA 110 $73K
$62K
Digital Index 100
70 80 90 100 110 120 130
90 $66K
Total Building Societies $59K $47K Westpac $48K
CUA
80
Total Credit Unions
$51K Bendigo Bank
70
Recession 60 Engaged
50
Sources: Roy Morgan Single Source, July – December 2014; Telstra Research 2015
7
1.0 M
obile Identity
Key Insights (CONT.)
Transformed Quadrant – the
institution attracts Gen X and Gen Y
customers as well as engaging with
them via digital channels.
Based on this index, the Online Pure
Plays – UBank (an online division of
NAB) and ING Direct – are relatively
outperforming the other Australian
banks listed and considered
‘Transformed’ in our quadrant
classifications. All the major banks
(NAB, ANZ, CBA, Westpac) fall within
the standard deviation and are close
to the average; however, NAB and ANZ
are clearly attracting a greater size of
wallet (average 14 per cent) compared
with CBA and Westpac.
Recession Quadrant – the institution
struggles to attract Gen X and Gen Y
consumers or engage with them via
digital channels.
At the opposite end, in the ‘Recession’ Engaged Quadrant – the institution UBank and ING Direct are relatively
quadrant, are Bendigo Bank and the engages customers via its digital new entrants in the Australian
community institutions displayed channels but it struggles to attract market. UBank was established in
collectively as Total Credit Unions and Gen-X and Gen-Y consumers. 2006 and ING Direct in 1999 – both
Total Building Societies. Attracting the use eVerification processes for
younger demographic is a well-known Credit Union Australia (CUA) has made on-boarding new customers online.
challenge for this part of the industry. good progress with digitally engaging In that short period of time, they
The average age of a Credit Union its customers and is positioned in the have acquired approximately two
customer in Australia is 51.5 years, ‘Engaged’ quadrant. However, like the million customers and penetrated
compared with 42.5 years for banks6. other community-based institutions, 6 per cent of Australia’s Gen X and
By comparison, the community- CUA hasn’t attracted Gen X and Y and Y population. This demonstrates,
based institutions have the lowest has the second-lowest size of wallet. firstly, how quickly digital can move
average size of wallet, ranging Attractive Quadrant – the institution a market, and secondly, how digital
between 24 per cent and 40 per attracts Gen-X and Gen-Y consumers relevance translates into customer
cent lower than the best performer, but struggles to engage with them via acquisition. The question now is:
UBank. The results indicate that digital channels. what will happen now that we have
players in this quadrant are most moved into a mobile first financial
exposed to inter-generational Of interest is the absence of services world? If the developments
wealth transfer. any player in this quadrant in in the US market referred to earlier,
the Australian market, perhaps together with the global FinTech
suggesting that digital is a necessary phenomenon, are anything to go by,
precondition to attract Gen X and Y. then we can anticipate the ‘Mobile
only Pure Plays’ will change the
game once more.
8
2. The basis of identity and security is trust. Establishing trust is
paramount – despite customers trusting financial institutions
more than other organisation types, few are very satisfied with
their current institution’s security performance
“Trust is ours to lose, though forms – paramount is the trust that The basis for identity and security
finances are secure (critical for 53 is trust – trust that the holder of the
it is (also) ours to protect. per cent), but almost as important is personal information will keep it safe
If we mess up that trust security of personal information (52 and secure and not disclose details
through this transition and per cent). Trust is also reflected in the without authorisation. In a positive
need for confidence in the institution result for financial institutions,
find our way to not having to provide security and privacy (50 they are viewed as the type of
guided them to think that per cent), and the institution’s overall organisation most trusted to manage
reputation for data security (48 per personal information – even ahead
we are always going to be cent). These factors are important to of the Government (except in
there to protect them, consumers irrespective of the country Singapore, where the Government
we are going to lose them. in which they live. is most trusted).
If we don’t protect that Yet when we compare to how satisfied Mobile operators rank high in the
trust, it’s game over.” consumers are with these same list in Table 1, just ahead of internet
important factors, fewer than half retailers (who are particularly
- Richard Davis, President of all consumers state that they positively perceived in the UK).
and CEO US Bancorp, 2015 are ‘very satisfied’ with their main Social networks and Google are the
financial institution. This indicates a least trusted, despite the plethora
When it comes to financial institutions, disconnect between what consumers of personal information already held
trust is critical for consumers and want from their institutions when it by such organisations.
is the most important driver of comes to security and what they are
choice when it comes to choosing an currently getting (see Figure 2).
institution. Trust comes in multiple
Figure 2: Drivers of Satisfaction/Choice of Table 1:
Financial Institution (Global) Most Trusted Identity
Institutions (Global)
Higher importance, lower satisfaction Higher importance, higher satisfaction
55
Level of trust to keep my Most trusted organisations with personal
finances secure information – average rank
Importance of factors when choosing a
financial provider (% very important)
50 Confidence in the security and Level of trust to keep 1 Your bank or financial institution
privacy of financial interactions personal data secure
2 Government or semi-government body
Provider’s reputation for Speed of access to
45 data security The degree of control my accounts 3 Mobile operator/communication services provider
allowed over my
financial products 4 Internet retailers, e.g. eBay, Amazon
40 5 Specialist identity provider
Clear data security Easy to use self-service tools to
policies manage financial activities 6 Your mobile handset manufacturer
35
7 Postal service
Convenience of providing my
identity to access my accounts 8 Mobile App stores
30 Being able to speak with a
preferred/ trusted advisor 9 Google
Lower importance, lower satisfaction Lower importance, higher satisfaction 10 Social networks
25
35 40 45 50
Satisfaction with main financial provider (% very satisfied)
Source: Telstra Research 2015
9
1.0 M
obile Identity
Key Insights (CONT.)
3. C
onsumers are more willing to share personal information with
financial institutions than other types of institutions
– even their DNA, particularly as their wealth increases
“Confidence in the banking Figure 3: Willingness to Share Personal Information
industry is on the rise, and with Financial Services Institution
trust in customers’ own Information willing to share with a financial provider
financial services providers Personal information
68 22 10
is high. But customers (e.g. date of birth)
Legal identity
58 25 16
are on the move, with (e.g. passport)
Employment details
unprecedented access to (e.g. salary level)
52 28 20
competing banks and new Credit history 51 29 19
Behaviours with other organisations
types of financial service (e.g. record of paying bills on time)
47 30 23
providers. Banks must earn
Legal records
(e.g. criminal history)
46 28 26
the highest levels of trust in Biometric details
(e.g. fingerprints) 42 34 24
order to retain customers, Social network profile 26 30 44
win more business and DNA profile 24 28 48
create genuine loyalty.” 0% 20% 40% 60% 80% 100%
EY Global Consumer Would share Unsure Would not share
Banking Survey, 2014 Source: Telstra Research 2015
The fact that consumers are willing We found those with more to invest are more willing to ‘do what it takes’ to ensure
to trust their financial institution security. A staggering 47 per cent of those with a net worth of more than US $1
with personal information (above million would share their DNA profile with a financial provider (see Figure 4).
all others) places institutions in
a place of privilege. In fact, one in Figure 4: Willingness to Share Personal
five consumers would be happy to
go as far as sharing their DNA if it
Information with Financial Services Institution
would help secure their financial and (by Net Worth $ (Total Investments & Assets – Debt))
personal information (see Figure 3).
Willingness to share information with financial providers
69
Personal information
63
60% 59 Legal identity
Willingness to share (top 2 box agree)
56
55
53 Employment details
47
46 Credit history
40%
Behaviours with
other organisations
Legal records
Biometric details
20%
Social network profile
DNA profile
0%4. R
obust authentication methods improve customer satisfaction,
but institutional performance varies significantly – this gives the
leaders a distinct competitive advantage
“Since launching in Australia When asked how happy they are This is important not only because
with their main financial institution’s it is a key driver of institution choice,
ING Direct has gained the authentication methods overall, but also because it strongly
advocacy of our customers only 42 per cent of consumers are influences advocacy. Taking
by delivering customer- ‘very satisfied’, but this does vary consumer ratings of financial
by country. Hong Kong consumers institutions across all seven
focused products and are the least satisfied with their countries, and directly comparing
services. We are now looking institutions, with just 14 per cent customer satisfaction with
being ‘very satisfied’. Singapore the institution’s identity and
to leverage the trust they and Malaysia fare only slightly authentication methods and the
have in us to become their better, with 22 per cent and 30 per Net Promoter Score (NPS) for the
primary bank.” cent respectively happy with their institution as a whole, yields a very
institution’s authentication methods. strong correlation coefficient.
- Simon Andrews,
Chief Operating Officer,
ING Direct, 2015
111.0 M
obile Identity
Key Insights (CONT.)
Figure 5 below shows the top two authentication methods. While direct for ‘easier grading’7), the correlation
financial services institutions in comparison between the countries is between the data sets is almost
each country, based on customer difficult due to cultural tendencies for perfect for these institutions
satisfaction with identity and survey ratings (the US is well-known (see Figure 5).
Figure 5: Advocacy/Satisfaction with Authentication Methods
(Global Top 2 Per Country)
10 20 30 40 50 60 70
50 USAA
Likely to Recommend (NPS)
ING Direct
BankWest
30 PT AXA Mandiri
Financial Services Fidelity Investments
Bank
Central
10 Asia
Nationwide
OCBC Maybank NatWest
-10
POSB/DBS Citibank Berhad
-30 The Hong Kong and Shanghai
Banking Corporation
DBS Bank
-50
Satisfaction with identity and authentication methods
Source: Telstra Research 2015
The US is a clear leader on both
dimensions and USAA’s recent
biometrics developments (see Case
Study 3) may explain the very high
satisfaction levels. Of interest also
is ING Direct in Australia, who not
only lead the Transformation Index
(see Figure 1), but have a
clear advantage in their NPS/
Authentication Satisfaction
performance.
The significant variation in
performance by institutions within
each country studied leads us to
conclude that the opportunity exists
for institutions to differentiate using
identity and authentication methods
that provide high levels of security
for personal information.
125. I dentity theft is impacting Gen X and Y, particularly as their
wealth increases, and many think it’s the institution’s fault
– this will inevitably lead to customers defecting
“Good cybersecurity Figure 6: Identity Theft (Global)
practices are not a minority Proportion of consumers that have experienced identity
sport for technologists theft personally or indirectly
only.” - Andrew Gracie, 51
Executive Director, 46
Bank of England, 2015 38 38
32 31
Security of finances and personal 29
27
information is not just a key
acquisition driver; it is also essential
for retaining customers. Specifically
referring to digital interactions with
financial institutions, almost one in
five consumers (19 per cent) claim to
have personally experienced identity Total Indonesia Malaysia USA UK Singapore Australia Hong Kong
theft or to feel their identity has been
compromised, and (23 per cent) know
someone to whom this has happened.
Critically, 40 per cent of them believe
it was the institution’s fault. The net
impact is that around two out of every Fault for identity theft
five consumers (38 per cent) have
experienced digital security failings,
9
either personally or indirectly. In Entirely my fault
18
Malaysia and Indonesia this rises to
half of all consumers – 51 and 46 per Mostly my fault
16
cent respectively (see Figure 6).
Joint fault between me and
the provider
Mostly the provider's fault
22
17 Entirely the provider's fault
Neither my fault or
18 the provider’s
Source: Telstra Research 2015
131.0 M
obile Identity
Key Insights (CONT.)
Of further concern, it seems that Figure 7: Identity Theft High Net Worth (Global)
those with the most to invest
are the most likely to experience Experience of identity theft/being compromised
security failings with digital financial
50%
have experienced
transactions – over a third (35 per Proportion who
cent) of consumers with a net worth
of more than US $1 million have 40%
personally experienced such 35
a situation (see Figure 7). 30%
20%
10%
0%The financial services industry is loss (75 per cent) as being the most
well aligned on matters concerning significant impact for customers.
customers and identity theft. Sixty three per cent of consumers
Institutions across all regions and agree and ranked it as their number 1
business types ranked financial concern (see Figure 9).
Figure 9: Perceived Consumer Concerns with
Identity Theft by Institutions
Potential impacts of identity theft
Feeling of personal violation 9%
Reputational impact 9%
(social media, credit rating)
Inconvenience (re-establishing 7%
identity across service providers)
Financial loss 75%
Consumer Concerns with Identity Theft (Global)
Concern on impact from identity theft – ranked
1 Financial loss 63%
2 Inconvenience of resolving 11%
Feeling insecure about other/future
3 personal information stored 10%
4 Feeling personally violated 10%
5 Reputation impact 7%
Source: Telstra Research 2015
151.0 M
obile Identity
Key Insights (CONT.)
6. P
asswords are a flawed authentication method
– and everyone knows it
“The whole notion of Consumer concerns about security, If that were not concern enough,
coupled with common usage of we see that a quarter of consumers
passwords is based on passwords across financial and other (25 per cent) physically write their
an oxymoron. The idea is digital accounts, would suggest that passwords down, presenting an even
to have a random string consumers carefully manage their greater risk to security. Only one in
passwords to ensure they are as ten (12 per cent) uses a password
that is easy to remember. secure as possible. As is very well- manager and one in 20 (5 per cent)
Unfortunately, if it’s easy to known, this is definitely not the case. use a random password generator
(see Figure 10).
remember, it’s something Almost half (44 per cent) of
non-random. And if it’s consumers have a small number
of passwords that they use multiple
random, then it’s not easy times across their digital identities,
to remember.” and one in five (18 per cent) use just
- Bruce Schneirer, one common password across all
digital accounts (see Figure 10).
Author, 2008
16Figure 10: Managing Passwords
Password management Methods to generate or remember passwords
44% I remember
my passwords 74%
I physically write
my passwords down 25%
I save my passwords in my browser so
22% they complete them automatically 19%
18%
16% I keep an electronic
list of my passwords 14%
I use a password manager
to store my passwords 12%
I have a small number I have a lot of I have one common I have a unique I use a random
password generator 5%
of passwords passwords but use password I use password for each
some more than once multiple times situation
Source: Telstra Research 2015
Alongside this, most consumers financial services institution.
(60 per cent) also admit that they do 14 per cent don’t even change
not change their password as often as passwords, while only one in five
they should; when they do, it is usually (20 per cent) report proactively
because they are prompted by their changing their passwords (see Figure 11).
Figure 11: Changing Passwords
Frequency of changing password Reason for changing passwords
32% 32% Financial
account
28%
When the provider forces me to 28
When the provider recommends that I do 21
I proactively change my passwords 20
5%
3%
When I remember to 17
Much less often less often about as often more often much more often
I do not change my passwords 14
than I should than I should than I should than I should than I should
Source: Telstra Research 2015
171.0 M
obile Identity
Key Insights (CONT.)
7. There is a disconnect between usage of authentication methods
and their perceived security strength. The industry still thinks
customers prefer passwords – it’s time to look to authentication
methods that garner greater trust
“We want to identify When we ask consumers how strong Complex passwords and the provision
they perceive each authentication of personal information, the most
people for who they are, method’s security to be in terms commonly used methods, are both
not what they remember.” of protecting their personal and viewed as having significantly lower
- Ajay Bhalla, financial information, it is clear that security than biometric options –
there is a significant disconnect particularly fingerprint scanning,
CEO, MasterCard, 2015 between the methods commonly eye scanning, facial recognition and
used and consumer confidence in two-factor authentication options
their security. (see Figure 12).
Figure 12: Authentication Methods – Usage & Perceived Strength (Global)
70
Higher usage, Higher usage,
lower confidence higher confidence
60 Complex password
% Consumers using method
50 Personal information
40
Four-digit PIN
Signature
30 Six-digit PIN
Proof of ID Two-Factor Authentication
20 Proof of address
Hardware token Fingerprint
Eye scanning
10 Face recognition scanning
Lower usage, Lower usage,
lower confidence Voice recognition higher confidence
0
0 10 20 30 40 50 60 70
Perceived strength of confidence
Source: Telstra Research 2015
18Fingerprint scanning is perceived Table 2: Authentication Methods
to be the strongest method of
authentication in Australia, Malaysia – Usage & Perceived Strength (by Country)
and Singapore, while the US and
Hong Kong rate eye scanning as
the most secure method; Indonesia
and the UK believe strongly in facial Fingerprint scanning 55 30 69 51 41 39 67
recognition. These three biometric Eye scanning 32 31 58 32 32 39 73
methods achieve at least two of the Face recognition 41 23 77 22 24 57 52
top three security ratings across all
Voice recognition 30 10 38 22 26 34 48
markets. Use of a hardware token
appears in the top three for Hong Hardware token 39 26 45 27 30 39 35
Kong and Singapore, while two- Two-Factor Authentication 45 25 50 28 34 32 35
factor authentication rates highly in
Proof of ID 34 14 26 13 16 24 42
Australia, Malaysia and Singapore
(see Table 2). Complex password 28 14 49 23 15 32 29
Six-digit PIN 21 6 24 15 9 24 26
Four-digit PIN 10 3 22 13 9 16 23
Proof of address 16 9 20 9 9 13 19
Signature 14 7 19 9 11 8 18
Personal information 12 4 20 10 6 13 15
Source: Telstra Research 2015
Despite the shortcomings of Figure 13: Customer Identity Methods via
password or PIN schemes outlined
in point six, most of the financial Mobile Devices (Total Institutions)
services industry executives (56 Which of the following methods do you predict your customers will expect
per cent) still predict that their to be able to access via mobile device to establish identity with your
customers will want to use these organisation when accessing online financial services or mobile applications
methods to access financial services
or applications through mobile Biometrics (voice recognition,
fingerprints on devices or facial
devices (see Figure 13). These findings recognition)
were consistent across all regions. 2% 7%
Interestingly, Pure Play Online/Mobile 1% 4% User ID & password or PIN user
ID & password or PIN
Banks, Neo-banks and FinTechs 25%
were the only class of provider 5% Know your customer (100-point ID)
who believed customers would
prefer another method (specifically Hardware token (including tokens that
biometrics) over passwords or PINs. can be reused at any number of sites)
Offsetting this finding, however, is
Digital signature (e.g. SIM card
the fact that one in four (25 per cent) on mobile phone)
predict biometrics becoming the
preferred access method. One-time password (via an SMS or
from a mobile app)
56% Mobile app, with no extra
authentication step (after registration)
Source: Telstra Research 2015
If financial institutions are to provide the level of security that consumers are
looking for, and for customers to trust that their financial and personal information
will be kept safe, it is time to look to authentication methods that will aid this.
191.0 M
obile Identity
Key Insights (CONT.)
8. The financial services industry recognises that it has
underinvested in identity and security-related capabilities
– but this about to change
“The attackers didn’t even The dominant view in the industry is respond to today’s evolving security
that the current investment in identity threats (see Figure 16). PwC reported
need to get into the bank’s systems is less than appropriate that investment in security by financial
services; once they got into (62 per cent), with 9 per cent of services institutions has been stalled
the network, they learned respondents seeing significant at four per cent of total IT budgets for
underinvestment (see Figure 14). the past seven years. However, our
how to hide the money This finding is consistent with a research suggests this is about to
transaction activities global PwC study8 that found a lack change – 87 per cent of respondents
of investment over the past two years anticipate that their institution’s level
behind particular actions.” means that many financial services of planned activity and investment
- Sergey Golovanov, institutions are falling behind the in customer identity will increase,
Kaspersky, 2015 market in implementing up-to-date with 27 per cent of those predicting a
processes and tools to detect and significant increase (see Figure 15).
Figure 14: Current Activity & Investment Level
(Total Institutions)
Which of the following best describes your company’s level of
activity and investment related to customer identity?
9% Significantly less than appropriate/
current investment
Somewhat less than appropriate/
current investment
53%
At appropriate/ current investment level
Somewhat more than appropriate/
current investment level
22%
Significantly more than appropriate/
11% current investment level
5%
Source: Telstra Research 2015
20Figure 15: Planned Activity & Investment Level
(Total Institutions)
Which of the following best describes your company’s level of
planned activity and investment related to customer identity?
1%
12% Significant decrease
Some decrease
60% No change
Some increase
Significant increase
27%
Source: Telstra Research 2015
Figure 16: Falling Behind in Security Safeguards 2013- 2014
2014 2013
66% 61% 59% 59%
73% 64% 74% 67%
Secure access- Threat Active monitoring/ analysis of Require third-parties to comply
control measures assessments information security intelligence with our privacy policies
59% 58% 58% 58%
63% 65% 67% 71%
Penetration Vulnerability Risk assessments on Intrusion-detection tools
testing assessments internal systems
57% 57% 57% 56%
66% 71% 63% 60%
Employee awareness Security audits Incident response-process to report Risk assessments on third-
training program and handle breaches to third-parties party vendors
that handle data
Source: PwC 2015
211.0 M
obile Identity
Key Insights (CONT.)
9. To the ‘no-finapp-phobic’ Gen X and Ys, the mobile has now
become the primary access device for financial services
– more secure, mobile-based identity is a key part of the solution
“Enhanced customer As the smartphone becomes the Consumers do, of course, want
default access method for many security and privacy from their
engagement, data analytics financial accounts (globally, 51 per smartphone app, but some also value
and a mobile-first approach cent of consumers access day-to-day convenience, speed of access, user
are the three key trends accounts through their smartphone. experience and flexibility. Ideally
- see Section 2 Figures 22, 23 and 24), an app must offer a great user
that will dominate retail can it actually help provide the experience and flexibility in managing
banking. My first touchpoint authentication solutions and security financial accounts – and that includes
reassurance that consumers are the authentication method the app
when I look to engage with looking for when accessing their will use to ensure security and privacy
a bank is with the app.” financial accounts? (see Figure 17).
- Andrew Milroy, Vice
President ICT Research
Frost & Sullivan, 2014
22Figure 17: Smartphone Banking App Features
Importance rank of factors when using a smartphone app (% top ranked)
36%
21%
18%
10%
8% 8%
Security of access Privacy Convenience Speed of access User experience Flexibility
(ie only you can (your personal details (how easy it (how quickly (how user- (what you can do with the
access the account) are protected) is to access) you can access) friendly it is) account once you access it)
Source: Telstra Research 2015
The most commonly used perceived security levels. Two-factor its release in recent flagship devices
authentication methods for accessing authentication is already used by like the iPhone, but it is only used
smartphone apps today are complex one in five consumers (19 per cent) for accessing financial accounts
passwords and four-digit PINs globally – more in Singapore (51 per in six per cent of cases on average
(six-digit PINs in some markets cent) and Malaysia (42 per cent), but and seven per cent at best in Hong
including Indonesia, Singapore, and fewer in the US (15 per cent) and UK Kong. Similarly, other biometric
Malaysia). As we saw earlier (see (16 per cent). Fingerprint scanning authentication methods are only used
Figure 12) these are methods with low has gained some traction following by a select few currently (see Figure 18).
Figure 18: Smartphone Authentication Methods (Global)
Authentication methods used on smartphone app
Complex password 43%
Four digit PIN 32%
Two-factor authentication 19%
Personal information 18%
Six digit PIN 18%
Providing your mobile phone number 13%
Hardware token 9%
Fingerprint scanning 6%
Providing proof of ID 4%
Providing proof of address 4%
Signature (written) 3%
Face recognition 3%
Voice recognition 2%
Eye scanning 1%
Source: Telstra Research 2015
231.0 M
obile Identity
Key Insights (CONT.)
10. M
obile authentication methods are highly appealing and can
have a very strong business impact including acquisition,
retention or defection. Gen X and Y are even prepared to pay
for this security, particularly those with the most to lose
“USAA is committed to Table 3: Appeal of Authentication Methods (Global)
cutting-edge solutions
B. Second C. Mobile
to make our members’ A. Federated
Identity
Factor
Authentication
Digital
Signature
financial transactions Appeal of concept 45 61 52
as secure as possible. “Extremely appealing/somewhat appealing”
The use of multifactor Likelihood to use concept
“Extremely likely/somewhat likely”
41 60 49
authentication through Impact of satisfaction
41 55 46
biometrics is one of the “Much more satisfied/a little more satisfied”
most effective ways to Likelihood to recommend provider
“Would recommend 8-10”
27 35 29
increase security protection Likelihood to consider new provider
as traditional passwords concept
“Much more likely to consider/a little more
38 50 42
become increasingly likely to consider”
Likelihood to switch to concept
obsolete.” - Gary McAlum, provider
37 48 42
USAA’s Chief Security
“Much more likely to consider/a little more
likely to consider”
Officer, 2015
As part of our consumer research
study, we tested the consumer appeal
of three identity authentication
Table 4: Appeal of Authentication Methods
methods: Federated Identity, Second- (by Country)
Factor Authentication and Mobile
Digital Signature. All methods proved A. Federated B. Second Factor C. Mobile Digital
Appeal scorecard – top 2 box Identity Authentication Signature
feasible options for institutions to offer
their consumers. At a global level, it
is clear that the Federated Identity, Australia 42 63 46
two-factor authentication and mobile
digital identities that we researched Hong Kong 36 54 35
all hold strong appeal for consumers.
There is also a high likelihood of use, Indonesia 61 77 70
and such authentication methods
would help to improve satisfaction, Malaysia 48 78 55
acquisition and retention of
consumers (see Tables 3 and 4). Singapore 43 70 47
UK 40 59 41
USA 44 58 53
Source: Telstra Research 2015
24Second Factor Authentication – is Federated Identity – the idea of using
the most appealing concept tested a single set of personal credentials
across all countries. In particular, 78 registered with a bank, mobile
per cent of respondents in Malaysia operator or identity provider to use
found the concept appealing, 77 across multiple financial services in
per cent in Indonesia, 70 per cent a one-click process was also highly
in Singapore and 63 per cent in appealing to more than half of all
Australia. This aligns with consumer consumers across all countries. At
awareness – 72 and 62 per cent the recent Mobile World Congress,
of respondents in Singapore and Jon Fredrik Baksaas, Chairman of
Malaysia respectively were aware of the GSMA (Group Special Mobile
two-factor authentication, with the Association), predicted that by
lowest awareness in the USA (45 per the end of 2016, one billion users
cent) and Hong Kong (47 per cent). worldwide will be authenticating on
This may suggest consumers are a platform that offers a single
more comfortable with authentication sign-on feature9.
approaches they already know and
that significant education on other Indonesian respondents, in particular,
approaches may be required before reported that all three approaches
consumers find them appealing. had high appeal. This may suggest
unmet demand for such methods
Mobile Digital Signature – was the of easing security concerns or may
second most appealing concept in point to a cultural tendency to be
most markets, with Hong Kong being positive when responding to
the exception. research questions.
251.0 M
obile Identity
Key Insights (CONT.)
Consumers are somewhat split over However, a significant proportion of a little extra for peace of mind – half
whether they would be willing to pay consumers would be prepared to pay of those with a net worth of more than
for such enhanced authentication a reasonable fee for such a service. US $1 million indicated a willingness
methods. More than half consider For example, an annual fee ranging to pay for such services (see Figure 19).
authentication to be the institution’s between US$3 and US$20 (depending
responsibility – arguably, this view is on the market) would be acceptable
reasonable, given the potential positive to many (see Figure 19). Also clear is
impact on satisfaction, retention and that the more that consumers ‘have to
acquisition for the institution. lose’, the more willing they are to pay
Figure 19: Propensity to Pay for Authentication Methods
(Globally and by Country)
Median price willing to pay for annual fee –
Willingness to pay a fee average of three concepts ($USD)
55% $25
$20
51% $20 $17
50%
50%
48% $15 $13 $13
45%
$10 $8
$7
40%
$5 $3
35% $02.0 F inancially Mobilised
Omnipresent Consumers
Fusion of Financial Services, Mobility and Identity
In this section, we take a look at Figure 20: Unique Mobile Subscribers (m)
how mobility, financial services and
identity have become inextricably 4,334
4,236 9,179
8,723 8,960
4,134 Sub-Saharan Africa
linked, and have set the scene for 8,153
3,890
4,023
8,457
Omnipresence-based experiences. 3,745
7,800 North America
3,583
7,385 Middle East and
3,398
6,886 North Africa
2.1 The ‘Omnipresent’ 3,225
6,465
3,029
6,029
Mobile Consumer 2,799
5,369
Latin America
2,566 Europe
The societal and economic benefits 2,344 4,665
4,039 Commonwealth of
of mobility help explain the Independent States
unprecedented growth we have Asia Pacific
witnessed over the past decade so
that today 3.4 billion people subscribe
to mobile services10. According to
the GSMA, this growth is predicted
to continue at 3.5 per cent through 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020
to 2020, connecting 56 per cent of
the people on earth (see Figure 20). 11.3% 4.2%
2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020
Our unquenchable thirst for mobile
services is further predicted to 7.7%
CAGR 2008-2013 3.5%
CAGR 2013-2017
remain unabated at a device level with
CAGR 2008-2013 CAGR 2013-2020
a CAGR of 4.2 per cent, from a current
global SIM penetration that currently Source: GSMA Intelligence
stands at 95 per cent and over
124 per cent in developed markets
(see Figure 21).
Figure 21: Unique Mobile Connections (M)
(M, Excluding m2m)
9,179
8,723 8,960 Sub-Saharan Africa
8,457
8,153
7,800 North America
7,385 Middle East and
6,886 North Africa
6,465
6,029 Latin America
5,369
Europe
4,665
4,039 Commonwealth of
Independent States
Asia Pacific
2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020
11.3% 4.2%
CAGR 2008-2013 CAGR 2013-2017
Source: GSMA Intelligence
272.0 F inancially Mobilised
Omnipresent Consumers
Fusion of Financial Services, Mobility and Identity (CONT.)
This large-scale growth in mobile Figure 22: Percentage of Total Interactions in
services has directly translated into
the adoption of mobile banking. 2014 Last Quarter, 2014
was a landmark year in banking, 100%
ushering in the age of mobile banking
with mobile devices now being the 80
most preferred way for consumers to
engage with their bank. According to
60
a report by Bain & Company11, more
than 50 per cent of interactions with
40
banks are conducted through mobile
devices in 18 of the 22 countries it
20
surveyed (see Figure 22).
The significance of this development 0
Australia
US
France
Germany
Canada
Belgium
Brazil
UK
Spain
Poland
China
Thailand
Singapore
Indonesia
Portugal
Malaysia
Hong Kong
Italy
India
Mexico
Japan
is eclipsed by the time it took to
achieve. Bain & Company’s report
details a worldwide surge with 19
per cent year-on-year growth in Mobile (smartphone/tablet) Online ATM Phone Branch
consumers’ use of mobile banking
applications (see Figure 23).
Source: Bain/Research Now NPS surveys, 2014
Figure 23: Percentage of Respondents Who Used
Mobile Banking Apps in the Last Quarter
77
80%
73
64
59 58 58
60
54
49
47 45 44 43 42 41
40 39
34
31 30
27
21
20 19
0
Indonesia
China
Thailand
India
Singapore
Poland
Malaysia
Hong Kong
Australia
Mexico
Spain
US
Italy
UK
Brazil
Canada
Portugal
France
Belguim
Germany
Japan
Developing country Developed country 2013
Source: Bain/Research Now NPS surveys, 2014
28Mobile has also become a key enabler top five bets, that by 2030, two billion
of socioeconomic development in people will be storing money and
developing nations, improving the making payments on mobile devices
financial inclusion of unbanked (referring to the developments
and under-banked communities underway in unbanked and under-
and fuelling economic growth. This banked communities)15.
is illustrated by significant year-
on-year growth in markets such as The rapid growth in mobile
Indonesia, Thailand and India. Of banking interactions reflects the
the 2.5 billion people in lower and unprecedented scale and pace of
middle-income countries that are consumer behavioural change. There
unbanked12, one billion have access to has been much commentary over the
a mobile phone13. At the end of 2014, years on the shift from branch-based
there were more than 255 mobile interactions to online (PC), but now we
money services in 89 countries; in need to observe the shift from online
nine of those markets, there are to mobile paving the way for a new
more mobile money accounts than Mobile Pure Play era (see Figure 24).
bank accounts14. In their 2014 annual
review, the Bill and Melinda Gates
Foundation predicted, as one of their
Figure 24: Mobile Interactions as a Percentage
of Total Interactions
55%
Mobile exceeds online
45
Australia Online exceeds mobile
France
China US
35 Spain UK
Singapore
Italy
25 Hong Kong
15
Belgium
Mexico
Japan India Indonesia Canada
5
5 15 25 35 45 55 %
Online interactions as a percentage of total interactions
2013 2014
Source: Bain/Research Now NPS surveys, 2014
292.0 F inancially Mobilised
Omnipresent Consumers
Fusion of Financial Services, Mobility and Identity (CONT.)
2.2 The Confluence of Identity,
Privacy and Security – this is now
one conversation, not three
Identity, privacy and security have
converged. Author David Birch18
highlights that traditional concepts
of identity and money are changing
due to the technological evolution
of social and mobile networks, and
that these will enable the creation of
new infrastructure that can enhance
both privacy and security. He further
argues that identity is neither singular
nor fixed and that a person’s personal
or social identity evolves and changes
throughout a person’s lifetime – unlike
legal identity, which is mostly fixed.
Mobile broadband is predicted • View banks as relatively Accordingly, we need to consider a
to grow at a staggering CAGR undifferentiated compared flexible triage model for identity that
of 15 per cent to 5.9 billion with alternative providers adapts to the individual, interaction
connections by 202016 and this (e.g. new type of bank); and institution (see figure 25). This
trend will only gain momentum is particularly important for those
through the coming years. • Own the most financial services institutions taking a lifetime, life
products (mean products owned stage or lifestyle-based management
This behavioural change is 11.5); approach. This model must take
challenges traditional approaches a long-term view of customer
to segmentation, as mobility • Most active in opening and closing
accounts (71 per cent opening and relationships and suggest we provide
increasingly influences consumers’ flexibility to accommodate evolving
expectations of interactions, 22 per cent closing accounts in past
year; 34 per cent with alternatives privacy needs throughout our lives.
engagements and experiences It must also foster trust.
with financial services providers. to their primary provider);
Research reported by EY in its 2014 • Most likely to experience
Global Consumer Banking Survey17 problems requiring assistance,
illustrates this point. The report
highlighted eight global segments
with great returns if resolution Figure 25: Identity
is highly satisfying;
that represent shifting consumer Triage Model (Lifetime,
sentiment. The ‘Upwardly Mobiles’ • Value advice whether in person,
on the phone, over video chat or via
Lifestage, Lifestyle)
segment, while only representing six
per cent of the population, has some self-service; and,
very important characteristics,
• Use the mobile channel much more
such as:
often per week than other seven
Personal Identity (Lifestage)
• Young (43 per cent 18 – 34 years, segments (69 per cent).
Legal Identity
37 per cent 35-49 years) and, (Lifetime)
In light of this, it is hardly surprising
highly educated (80 per cent college
that this important segment reported
graduates) with high household
that ‘keeping personal information
incomes (median $48,571) and the
safe’ and ‘protecting financial
most significant investable assets
information’ were the most important
of any segment (median $250,000);
considerations in their relationship
• Highest advocacy and trust with their primary financial services
(> 50 per cent); provider (as also shown in Section 1,
Figure 2). Social Identity (Lifestyle)
Source: Telstra Research 2015
30The impact of identity theft on The Obama administration has urged In Europe, the European Union
consumers (outlined in Section 1) lawmakers in the US to consider General Data Protection Regulation
explains the widespread data tightening cybersecurity at banks is expected to be completed in 2015.
protection disclosure/notification and other institutions, including This will outline new requirements for
standards and legislative initiatives mandatory public disclosure of any firstly, issuing breach notifications to
underway. Recent developments in the breach that compromised personal or individuals and, secondly, conducting
US, Europe, Australia and Singapore financial information and notification risk assessments and audits into
indicate that regulators may impose of affected consumers within thirty how institutions handle personal
reforms to obligate financial services days (Personal Data Notification and information. These measures will be
institutions to implement revised Protection Act). accompanied by proposed increased
security programs. fines for non-compliance19.
In Asia, the Singaporean Personal
Data Protection Act established new
standards for the collection, use and
disclosure of personal information.
Non-compliance is subject to
penalties up to USD$788,95520.
In Australia, the passing of reforms
to the Privacy Act in 2014 have seen
businesses face more onerous
obligations when handling personal
information, with penalties of up to
AUD$1.7million for a privacy breach.
Privacy regulation remains a constant
topic of public discussion, thanks
largely to the introduction of local
data retention laws and copyright
regimes, as well as community
concerns arising as a result of a
series of large-scale hacks and
data breaches. Further, in 2014 the
Australian Law Reform Commission
released its final report on serious
invasions of privacy in the digital
era. Recommendations included
the introduction of a variety of new
protections around the security of
information, including the mandatory
reporting of data breaches and the
establishment of a civil case of action
for privacy breaches.
312.0 F inancially Mobilised
Omnipresent Consumers
Fusion of Financial Services, Mobility and Identity (CONT.)
2.3 “Identity of Things”, The sheer volume of data generated verification and digital signing via
“Privacy”, “Internet of Trust” by the convergence of the mobility Public Key Infrastructure (PKI). There
revolution and the Internet of Things is, however, no clear path for scaling
The mobile device revolution has is simply staggering. EMC predicts well-managed PKI to the massive
made us completely rethink our the amount of data in this “digital number of devices predicted in a
approaches to identity and security. universe” will grow to 44 zettabytes mature IoT world.
But before we’ve even adapted to (44 trillion gigabytes) by 202021. The
the new mobile-enabled world, volume of data and the complexity It isn’t only data volume that
another potentially even more of the IoT environment immediately increases the threat surface that
game-changing revolution is just creates security, identity and privacy must be managed. As Figure 26
beginning – the rise of the Internet challenges. IDC estimates that depicts, the data that influences a
of Things (IoT). In our previous although 40 per cent of the data in single financial services decision can
report, “Analyse This, Predict the digital universe warrants some come from hundreds of devices and
That: How Institutions Compete level of enhanced protection, less pass through numerous systems and
and Win with Data Analytics”, we than 20 per cent actually has any platforms beyond the control of the
showed that the most adaptive and such protection22. In fact, today many financial institution or the customer.
forward-thinking financial service edge devices in the Iot are relatively Our frame of reference for community,
organisations are already starting unsophisticated devices with little connectivity and commerce is
to shape the delivery of financial inbuilt capability to protect either predicted to exponentially explode,
services based on big-data-style themselves or the data they produce leading to a need for interconnected
analysis of data from the Internet from compromise. Essentially, we identity. Given that IDC predicts that
of Things. They are effectively need robust and flexible mechanisms over the next two years, 90 per cent
becoming data-driven, software- for establishing the “Identity of of IT networks will have some form of
defined businesses. Things”. Today, the most common security breach that is IoT-related23,
approaches involve the use of a key (as yet unanswered) question is:
Figure 26: Interconnected Identity
Community Connectivity Commerce
Smart mobile
2.8 Billion smart mobile devices by 2018 devices
515 Million sensors in wearables by 2017
Wearables
60-100 Sensors in cars today - 200 by 2020
Virtually all new cars networked by 2025
Connected
Up to 75% of vehicles autonomous by 2040 vehicles
500 Smart devices per U.S. home by 2022
Smart
Potentially 1 trillion sensors by 2025 buildings
1.1 Billion smart meters by 2021
Smart cities
7 Billion consumer M2M connections by 2023
Third-party aggregators and processors
Source: Telstra Research 2015 - 24, 25, 26, 27, 28, 29, 30, 31, 32
32You can also read
