Consumers’ reliance on mobile continues to skyrocket in shopping, paying for bills, managing finances and socializing. This poses a great challenge for retailers, financial institutions and technology vendors. Digital account opening is fraught with pitfalls as the identity validation process relies on manual entry of personal information. Similarly account management uses knowledge-based authentication but can add friction to the user experience. How should retailers, banks and merchants integrate fraud protection measures into the user experience with the least amount of friction to the user? I joined joined Al Pascual from Javelin Strategy & Research in a complimentary webinar to share lessons learned from working with leading companies that have struggled with the issue of fraud and customer experience. We explored the following: - Who are leaders in integrating fraud prevention into the user experience? - Who owns the fraud prevention process in the organization? - How to overcome legacy design issues that can underwhelm the customer experience and inhibit security measures? - How to prevent fraud in a low-friction environment, while communicating a security-forward brand experience?

1. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Balancing Fraud and Customer Experience in a Mobile World
November 18th, 2014
Thelton McMillian
CEO & Founder Comrade
Al Pascual
Director of Fraud & Security Javelin Strategy & Research

2. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Can I get the Slide Deck and Webinar Playback?
Yes, of course!
Webinar is being Recorded.
An email link will be sent tomorrow.
The slide deck is available from Comrade.
2

3. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Today’s Agenda
I.Introduction
II.Common UX Threat to Security
III.The Relationship Between UX and Trust
IV.Reinforcing Security – Brand & Design
V.Improving Identification & Authentication
VI.Customer Defined Controls
VII.The Role of Education
VIII.Recommendations
3

4. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Today’s Presenters
Al Pascual Director of Fraud & Security Javelin Strategy & Research Email: marketing@javelinstrategy.com Twitter: @MindofAlPascual
4
Thelton McMillian Founder & CEO Comrade Email: thelton@comradeagency.com Twitter: @comradethelton

5. The Relationship Between UX and Trust
A brand must generate the trust necessary for users to engage. To them, the bank is where their relationship is and when that experience seems inconsistent it can lead to mistrust.
Banks that rely on multiple backend systems for payments, commercial services, small business banking, and lending are commonly guilty of providing an inconsistent experience.
Customers expect a trustworthy and seamless experience from their bank similar to that of Amazon, Apple, Uber, et al.

6. Reinforcing Security with Brand & Design
How to reinforce security with branding & design
•Domains & subdomains that consistently reflect the bank brand
•Single sign-on across web properties
•A unified look-and-feel across platforms (multiple websites)
•A consistent navigation structure that spans multiple platforms
•Content and design that reinforce a “trust”, “security” message
How not to do it
•Abdicate control of your user experience to third-parties
•Approach security and fraud prevention as a check-box
•Develop multiple mobile apps

7. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Balancing Experience and Fraud
Quick Balance Improves Convenience Without New Risk
7

8. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Updating the CIP Process for Digital Opening
Traditional -
Cumbersome identity validation process, which includes the manual entry of PII on the part of the prospective customer (especially so on a mobile device). Improved -
Use of a webcam or mobile device camera to capture information from identity documents, validate those documents, and to perform facial recognition (e.g., Facebanx, Jumio, etc.).
Digital Account Opening CIP Process:
8

9. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
88.5 Million Consumers Applied for a Variety of Accounts Online or Through Their Mobile Device
Percent of Consumers Who Applied to Open Accounts in Past 12 Months
9
8%
13%
18%
2%
3%
3%
0%
5%
10%
15%
20%
25%
Auto Loan
Checking
Credit Card
Online
Mobile

10. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Improving Authentication Through Design
User Authentication Process:
Traditional -
Authentication that relies on static user credentials, supplemented with knowledge-based authentication for step-up, interrupting the experience by adding friction and contributing to theft/misuse. Improved –
Use of biometrics delivered through mobile devices to create a low- friction, consistent experience across financial interactions (e.g., account login, payments, etc.).
10

11. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Apple’s Touch ID is a Prime Example of a Balanced Experience
Mobile wallet adoption has been hamstrung by a POS experience that was often less convenient than traditional forms of payment . Apple Pay w/Touch ID reduced the number of steps in a mobile wallet POS payment, while at the same time introducing strong authentication.
Image courtesy of: http://www.apple.com/apple-pay/

12. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Fingerprint Biometrics Most Likely to Increase Online Banking Frequency with Other Modalities Close Behind
Consumer Propensity to Change Online Banking Behavior Due to Authentication
12
11%
12%
12%
13%
17%
0%
5%
10%
15%
20%
Voice biometrics
Facial recognition
biometrics
Eye biometrics
Account username and
password
Fingerprint biometrics
Increase in frequency

13. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Leveraging Customer Defined Controls
Banks spend a great deal of time and energy building behavioral models to spot anomalous, potentially fraudulent activities, yet these models are never 100% accurate.
By deputizing the customer to answer a few questions about their projected use of account features and transaction types, banks can disable the activities customers don’t plan to use.
This transitions declines from a top-of-wallet concern to a relationship building experience.
13
Image courtesy of: http://www.ondotsystems.com/

14. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Mobile Business Credit Card Control
KAAYASOFT Examples of account management and fraud control capabilities:
1.Businesses can set controls for individual card holders
2.Rules include time, category, location, budget
3.Built-in messaging enables efficient workflow and approvals
14

15. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Customer Defined Controls are Generally Unavailable Among the Top 50 Financial Institutions
15
1 in 50 examined banks provide customer defined controls

16. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
The Role of Education: The Security Center
An FI’s “security center” should be readily accessible:
1.From the initial page of an online site
2.Via the mobile app To be an effective educational tool while also bolstering the FI’s security image.
16
Image courtesy of: https://www.unionbank.com/

17. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Mobile Security Education and Messaging
Tap-to-play fraud prevention tips, immediately available video within mobile banking app
17
Bank of The West: Fraud Protection Video

18. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Online and Offline Safety Education is Popular, but Opportunities for Improvement Abound
Adoption Rates of Security Education Among Top 50 FIs
18
48%
64%
92%
0%
20%
40%
60%
80%
100%
Phishing, Vishing, and SMShing
education
Mobile safety education
General education about online and
offline safety

19. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Recommendations
1.Deliver a consistent brand and design experience
2.Adopt accurate, low-friction authentication
3.Enhance the account opening process by replacing manual CIP data collection with automated processes and biometrics
4.Empower consumers and reduce fraud through customer defined controls
5.Keep educational material current and at the forefront
19

20. © 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Thank You!
Al Pascual Director of Fraud & Security Javelin Strategy & Research Email: marketing@javelinstrategy.com Twitter: @MindofAlPascual
20
Thelton McMillian Founder & CEO Comrade Email: thelton@comradeagency.com Twitter: @comradethelton