I was initially shocked to learn from this report released by ThreatMetrix last week that financial services firms worry more about fraud than customer convenience.
On second thoughts, I shouldn’t have been surprised – after all, banks seem to be getting singled out for criticism for all kinds of fraud. Even when people handover their Internet Banking usernames and passwords to Mint, Wesabe and other P2FMs (personalized personal finance managers), often against the advice of their banks to never share this information with anyone, only banks seem to be getting blamed should a fraud happen. As this post in Finextra and the accompanying comments indicate, it’s all fine and dandy for these P2FM startups to remain opaque about the investments they’re making to protect the account access information from being hacked by cybercriminals, but banks are supposed to spend time and money to introduce features to prevent frauds.
Against this backdrop, kudos to HSBC for going out of the way to boldly declare last week that security should not come at the cost of convenience. This was accompanied by the launch of a secondary password feature that seeks to boost online security without adding to inconvenience.
Around four years ago, HSBC distributed hardware tokens – free of cost, if I might add – as an additional level of security to its customers in India for accessing their checking, savings and credit card accounts (it’s another story that, two years later, HSBC’s branch situated right in the basement of their global headquarters in Canary Wharf in London could only offer rudimentary security by way of good-old username and password for customers in the UK). Personally, I’ve been satisfied with hardware tokens: they provide two-factor authentication which is the gold standard of online security. However, since it’s likely that many customers might have complained about finding it inconvenient to carry around an additional device, HSBC recently launched the secondary password alternative, which delivers strong enough security, at the same time allows customers to ditch the hardware tokens.
As I’ve written in the past, most web applications, online banking and shopping websites force users to choose between convenience and security. So far, only BOKU, Zong and other Generation Y Mobile Payments and a couple of alternative payment providers seem to have struck the right balance between security and convenience. With the launch of the secondary password feature, HSBC is the only bank I know that is making steps in that direction.
Hopefully, more banks will follow HSBC’s lead, so that in the not-too-distant future, most banks will not only succeed in combating fraud but also manage to deploy frictionless online interaction solutions in order to deliver a superior online banking customer experience.