I attended FinovateSpring 2013 last week to get a preview of new products from digital technology vendors for financial services. For those of you that have not been to Finovate, it’s a little like innovation speed dating — where 72 vendors have 7 minutes to win the hearts of the audience to secure the “Best of Show” Award. At last year’s conference, a few new topics emerged: Personal Financial Management (PFM), payments, rewards, coupons, and mobile banking services for Prepaid Visa customers. This year the focus was still on PFM and payments, but one new topic hit the stage full force: authentication, which is this year’s new black. Sexy, I know!
While there were plenty of interesting and innovative demonstrations, Forrester attended the conference to identify trends and solutions relevant for our retail digital financial services clients. My "Best of Show" picks included innovative solutions that helped our clients either deliver on a customer need or solve a core customer problem in the retail banking realm. At this year’s conference, I noticed that:
Big data and PFM got married . . . And had a little MoneyDesktop. MoneyDesktop, the best in show winner, debuted their Insight and Target platforms — providing financial institutions the ability to create and send targeted marketing content and product offerings based on customer relevancy.
A couple of months back, I advocated killing your password policies and applying some other techniques instead to make existing use of passwords more effective (including my hobby horse: take the user-experience sting out of rotating ordinary static passwords by pushing them out to users on an alternate channel, à la activation codes and other OTPs). But adding factors is still a great idea, and the barriers to doing so are falling fast.
In approaching the research for my recently published TechRadar™ on strong authentication, at first I struggled a bit with overlapping concepts and terminology (as can be seen in the lively discussion that took place over in the Security & Risk community a few months back). The research ultimately revealed that form factor matters a lot -- smartcards in actual card form, for example, have some properties and use cases distinct from smart chips in other devices. So smartcards became one of the 14 categories we included.
The category that quickly became my favorite was "bring-your-own-token." BYOT is Forrester's term for the various methods (sometimes called "tokenless") that leverage the devices, applications, and communications channels users already have. The classic example is a one-time password that gets sent in an SMS message to a pre-registered phone, but we see emerging vendors doing a lot of innovation in this space. You can get a surprising amount of risk mitigation value from this lightweight approach, in which you can treat provisioning not as an expensive snail-mail package, but as a mere self-registration exercise. In a world where hard tokens and smartcards prove themselves to be, shall we say, imperfectly invulnerable, lightweightness can have a value all its own. In fact, BYOT showed up just behind these two venerable methods in the "significant success" trajectory on the TechRadar.