Heightened safety needs and CX expectations during the pandemic did not help, according to an online study in May 2020.

Authentication strategies at Malaysian banks are driven more by security than by regulation, according to an online survey of 172 global banks in May 2020. Of these, 15 Malaysian banks with a minimum of 500k customers were surveyed, and more than one-third of respondents had over 10 million customers.

In Malaysian banks, concern over the sophistication (53%) or volume (60%) of attempts to breach access controls was much higher than in the other seven countries surveyed, where, on average, concern levels related to sophistication of attack were 43%, and the volume of attacks 30%.

Almost half of the respondents surveyed nominated the ‘high level of manual processes to validate customer identities’as their top challenge, along with‘consistent collection of supporting data/documents’ and the ‘need for physical validation of identity’.

Said Subhashish Bose, team lead for fraud, security and compliance (Asia Pacific) for FICO, the firm that initiated the study: “Manual processing at Malaysian banks slows down the process, introducing friction into digital applications. Indeed, a third of banks still force customers to go to a branch to validate their identity after trying to open an account online.”

FICO had previously found that a large percentage of Malaysian (40–78%, depending on the action required) said they wanted be able to complete all aspects of account opening online or on their phone. If all actions required to open an account could not be accomplished in-session, only 18% of Malaysians would carry out the necessary offline actions as soon as possible. A further 15% said they would try a competitor, while 8% said they would give up completely.

“Malaysians are comparing their banking experience not just to other lenders but to other digital businesses,” said Bose, citing CX leaders that may have created such expectation of banks. 

Authentication pain points

Bose noted that many banks in Malaysia are making separate fraud and authentication decisions: “They are less concerned with user experience and will ask a customer to authenticate again for any interaction even if it is in the same session.”

When fraud and authentication decisions are combined, banks can progressively apply step up authentication controls based on fraud risk when needed. This approach significantly reduces friction without comprising on security, Bose argued.

Another challenge impacting the ability of Malaysian banks to authenticate customers was technology implementation. About 27% of Malaysian respondents expressed concerns about the time taken for systems change, as well as inflexibility around identity approaches (40%). This may be due to rapid innovations in authentication and the number of technologies deployed, according to the report.

“Malaysian banks are often torn between multiple point solutions that require integration and broader platforms that span authentication but don’t play well with third-party systems. New-breed platforms that allow innovation with AI and integrate more widely are the next step. Consolidation is needed and banks (have) to determine which technologies are effective both internally and with customers to gain an edge over their competition.”