Community

In all this discussion about definition of 2FA, what constitutes a puristic implementation of 2FA versus what does not, etc., it's equally important to assess what are the appropriate use cases for 2FA in the first place. Does a retail banking customer really  have to go through 2FA to know their account balance? Should a biller use 2FA to authenticate that the payor is indeed the subscriber? I could go  on with such rhetorical questions but the primary point of a transaction is that it should go through without causing undue friction for the customer, and I think this point often gets missed by overzealous security mechanisms. Some seven years after FFIEC mandated 2FA for online retail banking in the USA, the level of compliance may be low, but I have never come across any solid evidence that non 2FA users have suffered greater theft as a percentage of their transaction volumes as compared to 2FA users. 

The man on the street will always make comparisons closer to their everyday experiences. Continuing with the comparison with used car sales, it is legal for a used car dealer to strike a deal without owning the car as long as s/he commits delivery on a future date (by which time the seller is sure of sourcing it). It only becomes a crime when the seller is unable to deliver on the committed deadline. The same thing applies for short selling of stocks. 

@Alex B:

Yet another excellent post! I'm sure that your approach, combined with a few BEFORE-AFTER videos of "Cutting the cost of customer administration?" and other strong use cases, will work much better at getting banks to adopt social media than most of the other impractical guidance going around these day. 

An old example used by the famous management guru Tom Peters comes to mind: You could build lifejackets from concrete. As long as you say this upfront and do exactly as you say, you can achieve 100% compliance ( under ISO9000 quality norms). On the other hand, you might not be around to realize the high risk inherent in your action! 

@AlexB:

Great post! I've written several times myself about the high degree of friction involved with many Internet Banking portals and readily empathize with your views.

I'd even go one step further and say that "info and transactions should be placed at the venue where customers are likely to find them most naturally". Barring fund transfer and a few other transactions, Internet Banking is not this venue.

You've already mentioned account balance. Let me mention another use case that I've sought for many times but never found: Suppose I wish to remit some money from UK to India. Obviously, high GBP:INR exchange rate would be an important criteria for me to decide when, and with which bank, I should put through this transaction. Today, I've to suffer the friction of visiting one or more banks' Internet Banking portal(s) and, with some banks, be forced to log on, to source the latest exchange rate several times over a period of a few days. Tomorrow, if only a certain bank provided this info via RSS feed on my desktop, like news feeds, I'd be sure to give my remittance business to it.

A bank's exchange rate is not proprietary info. I don't see why it should be placed on its website, either inside the walled garden or outside it. Still, I've never come across any bank offering this feature.

Without denying the importance of accountability, I'm also mindful of the clamor around measurement of marketing ignoring certain ground realities viz. (a) High cost and expertise for measurement tools make it impractical for all but the top spending marketers to adopt them (b) Metrics that can be measured often lack resonance with functions outside marketing. For example, marketing will claim high effectiveness of a certain online ad because it generated heavy incremental website traffic or Facebook Likes or whatever, but sales would only be impressed with qualified leads and revenues, finance with profits, and CEO with EPS - none of which can be measured by using even the most state-of-the-art marketing measurement tools and techniques.

In all this clamor, one thing is undeniable: When marketing works, it generates returns far in excess of what it costs. Which is perhaps why marketing continues to flourish more than a century after prominent people have raised questions about which part of marketing works and which part doesn't.

For greater adoption of measurement in marketing, I think the trick is to get the level of granularity of metrics right.

@MichaelK: 

Thank you for your comment. Unfortunately, I haven't come across a single biller offering the facility to change e-bill or -statement password to one of my choosing! I'm not even sure if it's technically possible to change passwords for 'asynch' items like these. Please let me know if you're familiar with any. Thanks in advance.

I think the real challenge is that SEPA only seems to be a compliance exercise. The onus is really on SEPA / EPC to promote it differently if they want banks and corporates to view it as a business opportunity. 

Hopefully, this appointment will enable ClairMail to replicate the North American success with its 2-way SMS Alert in Europe. 

Kudos to PNC for using state-of-the-art mobile technology to help customers do what an overwhelming majority of them say they want to do, namely, find and reach branches, instead of falling for the hype, closing down branches and forcing customers to adopt mobile banking. This move also resonates strongly with Gartner's advice in the following report to use mobile to "augment a real-time experience or activity to provide information or content in context" instead of merely as an extension to the online channel. 

Get your complimentary copy of Executive Advisory: The Untapped Potential of Mobile: Connecting the Physical World to the Online World. (registration required)