Blog article
See all stories »

Trust is good for business

Online banking is about more than cost cutting. Banks are just waking up to its potential for increased revenue and new business opportunities. In this context, online security is not just a cost of business to be weighed against losses to fraud. It is the key that opens the door. But it will only work if banks change the way they build a business case for trust and security.

Every business unit in a bank needs a presence online. People expect to do more online and banks that meet these expectations will gain a competitive advantage over those who see the internet as nothing more than a way to cut costs. Bank innovation and vision lead the way but trust and security form a barrier; customers will only use the online channel if they trust it. ‘Good enough’ security isn’t good enough anymore.

In this context, banks need to re-evaluate their cost-benefit calculations for online security. If they only count the cost of fraud they will miss the bigger picture. Poor security has a significant opportunity cost. Banks should focus on the benefits of moving a customer online and getting them to buy more when they get there. Increased security makes each customer more valuable and more profitable.

The security paradox

Which came first, the chicken or the egg? Or, to put it into banking terms, which came first, improved online security or new online services? It’s a common mistake to believe that current levels of bank security, and particularly static passwords, are sufficient and don’t need to be improved.

In reality, when security is poor, everyone focuses on the cost of fraud and the difficulty of developing new services in an insecure environment. This makes it hard to upgrade security and hard to develop new business opportunities.

The real cost of insecurity

The cost of any fraud incident can be divided into several parts:

  • Direct costs are the money you actually lose to online criminals, the cost of communicating with customers and the expense of reimbursing the customer for their losses.
  • Indirect costs include the cost of understanding the attack, performing forensic analysis, chasing the perpetrators and implementing technical fixes in a hurry. It also includes the loss of focus and cost of time spent dealing with incident and its consequences.
  • Reputational costs are harder to measure but are often much greater than the direct costs. For example, lost customers, falling share prices, increased reluctance to transact online, less use of credit cards and increased ATM withdrawals. There is a personal cost too as customers assign some of the blame for security problems to their bank. For example, a recent survey in the US found that four in ten businesses switched banks after suffering a fraud incident.

In many cases, banks base their business case for improved security on the direct costs alone. This is rarely enough to justify an investment in stronger security, such as two-factor authentication. Yet, it only takes account of a tiny proportion of the total cost. This false consciousness is the root cause of the security paradox.

To break the paradox, you need to have a baseline of trust and security. Customers need to feel confident to transact with you online. Staff need to be free to focus on business development and service innovation rather than firefighting security problems on a daily basis.

The future of banking

This brings me to the fourth cost of poor security: the opportunity cost of delayed innovation and missed business opportunities. Only once a secure foundation exists, can banks build new high-value services online.

The trend in Northern Europe is for branches to switch focus from low-value transactions, such as cash withdrawals and cheque deposits, to high value sales, such as loans, financial and business advice. The branch becomes a venue where bank can meet their affluent customers.

In Sweden, Nordea has already opened cash-less branches. In the UK, Nationwide has started charging a small fee for cash withdrawals in the branch. Another trend sees banks buying real estate companies in order to put their mortgages and insurance in front of house buyers.

The business value of security

With the right security, banks’ online portals can become an integrated part of this trend towards high-value, high-touch customer service. It can also take care of many more low-value transactions and enable completely new lines of business. Opportunities include:

  • Top-of-wallet effect. Studies show that a cardholder’s spending increases by 3% when his card is top-of-wallet. Increased e-commerce security can help you increase online spending and the usage of your cards.
  • Fraud and dispute reduction. Banks tell us that see a 60-70 percent reduction in fraud, when they use a security solution for online shopping.
  • Increased online shopping and banking. In many countries, people are reluctant to transact online in the first place because of a lack of trust. Removing these barriers, even in more developed countries, can increase the volume of online transactions.
  • Self-service. In Western Europe, shifting a customer from the branch to the online bank may generate cost saving of as much as €10 per transaction.
  • Electronic invoicing. Banks process millions of utility bill payments every month for gas, water, electricity and phone companies. Typically, utility companies pay around €1 per invoice per customer. Imagine if banks used their security and authentication services to automate invoicing and increase the uptake of electronic bill payment. This could reduce utility companies’ costs, increase bank profits, simplify payments and make life easier for customers.
  • Reselling identity. A tax return costs the government more than €2 per citizen. If the bank could provide this for half of the cost, bank may, is a win-win situation for both the bank and the government.
  • Generation Y. The Facebook generation don’t even want to visit their bank, unless they can do it online. Banks that don’t offer trustworthy online services may see younger customers defect to faster-moving rivals.

Trust and confidence are valuable assets for banks. Back in the nineteenth century, banks invested in lavish marble halls and iron strong rooms to encourage deposits. Today, in the 21st century, robust authentication and trustworthy online services have the same role. If banks want to attract customers, upsell new services and out-compete their rivals, they need good security. It’s not just a cost of business. It’s good for business.


Comments: (2)

Brett King
Brett King - Moven - New York 27 August, 2010, 05:37Be the first to give this comment the thumbs up 0 likes


I'm not sure that security is not a key factor as to why consumers, in particular, are not using Internet Banking more. However, there are clearly opportunities for simple security improvements. For example, the lack of robust two-factor authentication in the UK market is shocking, and a key reason why phishing attacks are still succeeding.

The key issue, I believe, is simply as you've identified - the lack of investment in online banking making it more than just a cost savings tool for the bank. The core investment needs to be around simplicity and user experience.

Recent developments like Ally bank, BankSimple, and others show that this can be done. The lack of investment in this space by mainstream banks shows how out of touch they are with changing consumer behavior. So I believe you are right in assessing that by investing in this space, they'll also generate higher trust and advocacy.

Brett King, Author - BANK 2.0 

Peter Gullberg
Peter Gullberg - Todos AB - a Gemalto company - GOTHENBURG 01 September, 2010, 13:20Be the first to give this comment the thumbs up 0 likes


I think you are correct, end-users don’t care very much about security, they want social sophistication, it’s the bank that cares about technical sophistication and want to package that into a compelling end-user offer.

End-users must still feel secure when doing online banking, and that boils down to trust. The customer perceives trust subconsciously, every comunication that end-user receives, whether it’s banks own actions, their marketing, media buzz or self-perceived, is what establish the level of trust. The cues banks sends will be perceived by the end-user, and it all boils down to trust.

If the bank won’t allow you to do make certain things, or they tell you how to stay safe online, helps establish or degrade this feeling of trust. The cues banks sends will be perceived by the end-user, and it all boils down to trust.

End-user are not able to determine which is the most secure solution, we have evidence where customer perceives one solution better than the other, when in reality might be opposite from a pure security perspective.



Peter Gullberg

Peter Gullberg

VP Product Strategy

Todos AB - a Gemalto company

Member since

25 Sep 2007



Blog posts




More from Peter

This post is from a series of posts in the group:

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.

See all