Balancing convenience with security is a perennial issue for banking and the movement toward mobile has only made it tougher to do.
Mobile banking needs to be fast, but security has to remain paramount in an age of evermore cyberattacks.
Moven, a neobank that partners with CBW Bank on its direct-to-consumer product, says it has greatly improved the issue for its app by tying the security features with the risk associated with various functions.
Soon, its mobile app will let users access the vast majority of its features without entering in usernames or passwords or even supplying thumbprints. In those instances, the device identification will be suffice.
For riskier transactions, like money transfers to external bank accounts or contacting customer service, the neobank will require additional authentication, including usernames and passwords or more.
For now, the approach is bold and speaks to the growing demand from consumers to make their digital experiences as simple as possible. Some banks let consumers access their balances and transactions without supplying username or password or PINs. But Moven's new model will let users do everything from categorize a transaction to view a spending insight. It eliminates one of the major reasons why people abandon a task: the hassle of having to enter passwords.
"Even a fingerprint may be considered too much friction for checking one's financial health, and we really are looking to inspire behavioral change via engagement," said Bob Savino, Moven's chief technology officer.
Moven's focus on personal financial management works best when its users interact with the platform often, so the company perhaps has more at stake in removing friction from the process. For instance, a user might turn to the app to see how the dinner she just bought fits into her overall spending.
Historically, PFM features published in banks' websites have suffered from abysmal adoption. Analysts have attributed the poor results to navigation challenges, among other things.
Savino views the upcoming security overhaul as the latest example of what the neobank truly is taking to heart.
"We are looking to reinvent banking," said Savino.
The model is being deployed in the Android App Store in the next few weeks, followed by in the Apple App Store in early January. It will require Moven to use iOS and Android secure keystores to store a device authentication token, which is encrypted, and then used in future sessions as a way to ID customers.
The approach is rare in fintech with exceptions. Prism, one of Moven's partners and a mobile bill pay provider, will not ask for credentials until someone pays a bill, said Savino.
Its other international bank partners (like TD Bank) could leverage the capability if interested.
Beyond aiming to boost engagement and improve convenience, Savino says the security update will benefit Moven's widget and wearable strategy.
The company is conservatively projecting that interactions with the app will increase by 10% to 20% per month after the update because it will be a quicker experience. Rather than taking 30 to 60 seconds to go from a locked screen to being in the app, it could take five to 10 seconds.
"We expect a pretty dramatic lift in engagement," Savino said, adding that he believes the model will eventually become the industry standard. According to a report published from Aite Group, 79% of banks expect to increase their digital fraud spending over the next two years and improving the customer experience through a device that bankers may already consider a security token was one of the drivers.
"It's a very robust device that [most]of us our carrying with us," said Julie Conroy, research director at Aite Group and author of the report.
Conroy said banks are investing in mobile security, including but not limited to, device authentication. However, she says banks are moving more toward the direction of using a biometric and the device instead of Moven's approach.
Some analysts believe a world without passwords or logins for mobile transactions is farfetched because mobile devices often still lack anti-virus and anti-trojan software and others used to mitigate malware.
"I think we're a long, long way off from mobile transactions being done directly with a bank on a no-login/no-passcode basis," said Jim O'Neill, a senior analyst at Celent.
The exceptions, according to O'Neill, include some banks displaying limited data.
Indeed, a growing number of banks like Citigroup, Bank of the West and JPMorgan Chase have updated their apps to let customers view their bank balances and recent transactions — the most common inquiries — without entering in their username and passwords.
According to Javelin Strategy & Research's most recent data, 23% of the top 30 FIs supported that feature as of 2014.
With 80% of Moven's features considered low-risk, Savino says the mobile-first company wanted to extend an easier login to much more than simply quicker balances. It is looking to incorporate the device trust model to additional features, too, such as an internal money transfers that it calls "impulse savings."
By taking away the password prompt process for many of the functions, Moven will become more like non-financial apps. There is no fingerprint requirement to access email or a Fitbit app on a phone, Savino noted. The company will still need to balance the ease of access with education about the model by reminding users to do things like lock their smartphones, he added.
Consumers are still apprehensive about using mobile banking because of security concerns, some research shows. But Savino said it has received requests for such functionality and millennials — its target user base — are more comfortable with the approach.
Moven's planned update also comes as most banks largely treat personal financial management as an ancillary feature, rather than a prominent part of their features.
By making it easy, Moven might find a way to gain momentum in PFM.
Traditional PFM has struggled because those offering it often fail to address "the needs of on-the-go consumers armed with smartphones who confront incremental financial decisions on the fly every day," said Mark Schwanhausser, a director of omnichannel financial services at Javelin Stratgey & Research.