I'll never login with Facebook to my bank!

We’re experiencing a massive shift in consumer behavior right now with the explosion of Facebook, Twitter, YouTube, and other community collaboration and social media platforms. A world where Facebook has 800 million inhabitants and a President who is a college dropout (albeit Harvard).

We’re seeing the global domination of mobile across the entire world, where before long every person on the planet will have a mobile phone – and soon that phone will be a wallet. Smartphone owners will be the majority in just a few years as smartphones are virtually free on contract, and unlimited data is bundled free. Already the average smartphone user spends more time using Apps than they do using an Internet browser on their computer.

The traditional players amongst us say that such things don’t really change the fundamentals, that “it will take time for people to trust these new mechanisms”.

I’ll never login with Facebook to my bank.

I won’t pay with my mobile phone unless I understand how secure it is. This NFC technology is too new and there’s no common standard.

Huh?

The same people who said this probably said…

I’ll never use email, there’s nothing like calling someone or a face-to-face discussion to solve a problem

I’ll never use an ATM machine, I don’t trust a machine to give me money.

I’ll never get a cell phone – I don’t want people to be able to call me whenever and wherever I am.

I will never put my credit card details on a website online – are you crazy?

I’ll never bank online. Not in my lifetime…

I’ll never need a Facebook account – it’s a waste of time, it’s just for college students.

Really?

If you are saying you won’t do something that millions of other people are already doing, that’s a sure sign that it’s going to disrupt the hell out of your business and you’re in trouble.

If you’re not planning to work differently, if you’re not thinking differently, then you’re just out of touch, you’re just one step away from irrelevance. You’re fighting the flow upstream and getting pushed towards disaster.

The one constant of the internet-enabled world is that you have to be ready to change constantly. Resistence is not only futile, it’s stupid and very costly in the long run. It’s cheap and easy to be social right now, same for mobile – it won’t be in the future.

Right now you have two choices.

Start experimenting with how to adapt to these new methods

Start figuring out what people want to talk about on social media. When they’re using their phones at a store, for searching on products, when they check-in, tweet or update their facebook status.

Start talking to them. Start sharing content that isn’t marketing messages pushed down their throat, but helps them.

Start trusting consumers to talk to you about your brand, your products and about what they want from their bank or services provider. Understand you can’t control the conversation, but you can and should participate in it.

Open up new products and services based on social media. Get consumers to give voice to their needs and help you form those ideas. OCBC, DBS, First Direct, ASB, Comm Bank are all trying different types of crowdsourcing to develop better relationships with their customer base.

OR… Ignore the obvious, get ready to be displaced

Our customers don’t feel safe using Facebook for login!

But some of them might… how long before most of them will? How do you meet your KYC requirements and keep customers safe when allowing them to do this? Are you going to wait till everyone else is doing it, or are you going to learn how to do it properly and securely now. Are you asking your compliance teams to find ways of figuring out how to do this stuff safely?

It will take years for the mobile wallet and NFC to take off!

Right now Google and Apple are eating your lunch and you don’t even know it. You are getting ready to write off the one device that is most critical for connections and context with your customers in the later part of this decade. Someone else is going to own your customers, and as banks we’re going to be paying the likes of Google to include our branded card in their wallet, or our products and services and messages on their platform.

We already have to ask permission from Google and Apple to give our customers our App.

Don’t want to change! You will…

The fact is most of the last two decades we’ve been facing constant change, and no one organization has been able to resist the shift because customers decide how and when you’ll engage with them.

Customers have already decided they want their mobile device to be their bank. They’ve already decided that they want to discuss your brand and your service capability in the open community of social media.

Now it’s time for you to decide that you want to stay relevant to your customers. Or ignore the obvious and go away.

Comments

  1. Facebook login is a horrendous security risk. Facebook does not require secure passwords, has a history of poor privacy practices, and -most importantly- was never designed to be a single-sign-on mechanism.

    I have tried using Facebook login on other sites, and have been very displeased with the inability to prevent parts of my profile from showing up next to my comments, even when I restricted them to friends only. What Facebook apparently does is add the site as a “friend”, giving a corporation access to your entire social network.

    Perhaps many people are doing this, but that doesn’t make it a good idea. Lots of people still use unsafe passwords such as “password”, “abc123″, and the like. Many common challenge questions, such as “where did you go to high school?” are completely undermined by the very existence of Facebook.

    Facebook login on public forums? OK, but I still think there should be a private alternative. The ability to “like” your bank on Facebook? Absolutely? Using Facebook to access sensitive financial information? No way. I hope the FFIEC is paying attention; this is exactly the sort of thing they should be prohibiting.

    • brettking says:

      Aaron,

      Thanks for your passion. The fact is that any username and password these days is only marginally secure, facebook or not. Increasingly with phishing, MIM, spoofing and so forth, it doesn’t matter whether it is Facebook, another Social Media site login, or your tried and tested Username/Password combination from your bank – it is no longer secure in the true sense of the word. As you’ve pointed out.

      There are two sides to this. Firstly, if you used Facebook to login, but could not transact, what’s the worst that could happen? Someone could find out your balance on your account? Ok, that’s bad – but it’s not earth shattering. What if you had to register your device with the bank first? So if someone did take your facebook ID and password they still couldn’t see your personal data? What if you still had to use Two-Factor for transferring funds, paying bills and the like. Would a Social login be sufficient for basic access so you didn’t have to remember 30 different usernames and passwords for all the websites you frequently use?

      I think you are looking at this the wrong way around. If you are trying to make life easier for customers you can still you Facebook or Social Sign-In for login and have a totally secure banking interaction.

      Brett

  2. Salil Ravindran says:

    Brett,

    Few reasons why I believe people are, for now at least, vehement against social logins.

    1. Facebook which kind of represents the world of social media is more often in the news over privacy breaches than banks

    2. Platform openness which has caused some explosive disruption in the last 6-7 years has also opened up frauds and hacks.

    3. Most of these social media platforms are themselves pitted against each other for a share of the wallet and appear to bring out rampant changes without strong change management. While this invites some ‘dislikes’ from the average home user, the consequences could be far reaching from a business perspective.

    4. How many of the 800Mil users of FB are actually aware of offerings such as Connect and Credits and the fact that they are in the e-Comm space.

    Also very little has been explained around the material benefits and the role of social networks to the biggest segment of the banking population i.e. the average income salaried class who probably have some disposable funds saved but do not get the attention of banks. This requires some proof points and practical real life examples to be promoted well.

    I guess Facebook themselves have a big role to play in promoting the benefits and safety around it. I would say a Google is better positioned at the moment than FB to do it.

    I believe the best way to start around contactless for a bank is to introduce pre-paid wallets into which one can transfer the money in limited smaller amounts and use them over POS. This is probably the best way to meet payments scale and volume as well as increase adoption. Although pre-paid wallets are in the market, not sure how many of them are using it as an entry strategy into the contactless world. In the Netherlands, I could load a max of 500EUR into my chip on the card and use it across various merchants and it does not require a PIN at the POS. Since there is a limit of how much can be loaded into the chip, it limits my risk in case the card is lost. A wallet version of that is probably one of the ways of going about increasing adoption and putting some oil under the friction.

  3. brettking says:

    Salil,

    Thanks for your input.

    BK

  4. Otto says:

    What’s good for Movenbank isn’t necessarily good for the customer. Having them log in with Facebook is super easy, gives you quick access millions of customers, but is it secure? Does it meet FFIEC guidelines?

    I choose not to log in to *anything* with my Facebook account. For me, it feels too much like Reply To All. You’re just one step away from possible disaster.

    Is this the type of article that might be written about Movenbank? http://www.zdnet.com/blog/btl/.....otos/64761

    I’d hope not.

    I like that you’re pushing the bar forward, but trying to make the skeptics into neanderthals won’t work. Show me, day in and day out, that it’s the best possible thing for me and maybe, just maybe I’ll consider it.

    Crap. I just hit Reply To All. How do I recall a message on the Internet?

    • brettking says:

      Otto,

      Let me quote the FFIEC guidelines:

      The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties.
      Authentication in an Internet Banking Environment, FFIEC

      The fact is that using 2FA with a Facebook ID would meet their criteria. By using device authentication (pre-registering your phone, computer, etc), this would far exceed the current FFIEC requirements and be more secure than most standard IB logins in use today. With or without social sign-in.

      I get your concerns – I’m just as concerned, because Movenbank will live or die on being secure for our customers. I just think that people don’t really understand how it will work and fear the unknown. The fact is, under the criteria I’ve just given you an FB login can be totally secure.

      BK

  5. Aden Davies says:

    I agree we need a shift in how the logon process to banks work. I would be interested to know if you have met with Facebook to discuss this and what they suggest.

    I also think there are different logon levels to consider. Would you logon with facebebook level credentials to see balance and transaction details vs would you want extra security for payments to new beneficiaries and address changes? How would this step up work?

    One other thing is what if the logon was Twitter or Linked In rather than Facebook? Or Google? Is there a different perception of different sites?

    I wish you luck with this approach Brett. I for one am behind you on this.

    • brettking says:

      Aden,

      Thanks. We’d definitely go with additional security for payments, profile changes, etc. We’d be looking at 2FA through the handset, for example, if you’re trying to do a 3rd party transfer online.

      We’ll also be social sign-in agnostic moving forward, so offering G+, Twitter, etc.

      BK

  6. Toomas Gavrilin says:

    There are other ‘less dangerous’ options to start integrating online social networks with Bank services. For example P2P transactions, where bank customers could map their bank accounts to their social identities and enable interactions with other bank customers through the latter – fun feature for a user plus useful intel for customer analytics.

    t

Speak Your Mind

*