Amid rising fears of virtual crimes, how can FSIs—whether traditional banks, fintech startups, or insurance firms—in Singapore and the region enhance trust by balancing security with user experience?
Navigating FSIs’ security challenges
FSIs encounter several critical "moments of truth" in authentication and security. These include onboarding, log-ins and re-authentication, financial transactions, and identity management. Each stage presents unique goals and challenges. While users can tolerate some level of security friction, excessive delays—especially if verification exceeds 15 seconds—can lead to significant registration drop-offs.
Newer fintech platforms often prioritise rapid growth, sometimes at the expense of security during customer onboarding. This is a delicate balance, as platforms have a brief window to engage users while identifying and mitigating risks like the creation of fake accounts by malicious actors. FSIs must also remain vigilant against account takeovers—a form of fraud where attackers gain control of online accounts. This often involves using stolen credentials or creating synthetic identities to circumvent security measures. Leveraging a robust, multichannel verification system optimised for scale is one way to mitigate this.
See also: Half of Singapore companies pay ransom in cyberattacks: Sophos
Building a foundation of trust
Another priority of FSIs today is delivering hyperpersonalised experiences that are consistent across touchpoints and adapt quickly to dynamic customer behaviours, all while still maintaining compliance. To that end, they can consider exploring a few strategies, technologies or even partnerships.
First, enforce validation and formatting standards to streamline operations and enhance customer satisfaction. Verifying phone numbers and converting them from national to global E.164 (or the international telephone numbering plan) supports both usability and compliance requirements in FSIs.
See also: Here's why Asia must reinforce payment security as trade tensions rise
Beyond formatting standards, organisations in the industry can benefit from carrier network-based user authentication, which uses mobile network technology to provide strong authentication for increased security and improved user experiences. For example, Endowus, Asia’s leading digital wealth advisory platform, leverages Twilio Verify to secure critical actions like logins and withdrawals with SMS and WhatsApp one-time passwords (OTPs). Since implementation, Endowus has achieved a 96% verify conversion rate overall, reflecting minimal friction in the verification process.
Real-time carrier data on SIM swap history can help customers prevent SIM swap or number port attacks, where fraudsters intercept SMS codes for high-value accounts. This method offers OTP PIN-hijacking resistance, delivering seamless verification without user friction. Understanding when users forward calls to potentially fraudulent devices can reduce erroneously delivered OTP messages, improving conversion rates.
Sometimes, the OTP process can push user tolerance too far. Offering alternative methods can enhance user experience and increase conversion. Moving away from traditional SMS OTPs can improve security and reduce authentication time. It is reassuring to see that major banks in Singapore and around the region are already phasing out OTPs in favour of digital tokens to strengthen security for bank logins. While SMS OTP was not designed for security, it remains a fallback or initial registration method before transitioning to advanced digital solutions such as cryptographic solutions which are much stronger and less prone to security breaches.
The imperative to balance speed with security
FSIs must prioritise security while ensuring a seamless user experience to stay ahead in the evolving landscape. They need to ensure that added friction doesn't prevent users from achieving their goals, such as signing up for services or completing transactions. According to Twilio’s 2024 State of Customer Engagement Report, 47% of businesses surveyed in Singapore identify balancing security and customer experience as their primary challenge, while 41% prioritise simplifying signup and login processes to boost engagement.
Ultimately, treating customers as individuals and minimising repetitive data entry fosters meaningful interactions. The future of authentication will span all channels, so FSIs that allow customers to choose their preferred channel can boost usability and conversion rates. Customers benefit from peace of mind, knowing their data is secure. Streamlined authentication processes save time and offer greater convenience.
FSIs that intentionally safeguard information while maintaining the right amount of friction to deter bad actors will foster mutual trust, key to cultivating long-term customer relationships.
Billy Chan is the director for Asia of the Communications Business at Twilio
