Adopting Software Tokens: A Case Study

Smartphones have revolutionised the way we access many products and services and have rapidly become an indispensable part of the modern, digital world. As well as allowing us...

Smartphones have revolutionised the way we access many products and services and have rapidly become an indispensable part of the modern, digital world. As well as allowing us to communicate, they are an essential tool for most people in the workplace as well as being part of daily habits. Research conducted by Deloitte found that one in five smartphone users across 17 developed nations checks their device 50 times per day (this goes up to 74 checks per day in the 18-24 year old bracket!).

It is therefore no surprise that many sectors are exploring the way they allow customers to access their online services in a move away from traditional OTP (one-time-password) hardware tokens to software tokens.

The motivating factors are two-fold; keeping up with changing trends to deliver fast and easy access of service plus increasing security. Both require the right choice of technology and a firm grasp on how to implement the migration whilst managing and driving customer adoption.

The cybersecurity technology company, OneSpan, works with a number of banking institutions who have been exploring and implementing the change from hardware tokens to software tokens and have recently shared the findings and experiences of one organisation.

Driven by the same factors as most companies, the project was kicked off by the desire to:

  • Improve security for their clients
  • Deliver a faster and easier user experience.
  • Reduce overheads of helpdesk for ‘forgotten passwords’
  • Improve service access for clients.

The anonymous client initially started their project by developing a cost analysis to compare both methods of authentication. Whilst the findings of this cost analysis remain confidential, the projected savings were substantial enough to motivate the bank to approve software authentication.

Understanding Stages of Customer Adoption

The next stage of the project was to survey their customer base to research customer adoption and validate their readiness for the transition. Although it was probably to be expected, their findings identified that customers actually wanted the choice of both hardware and software tokens. The consensus was that whilst mobile devices offered convenient access, customers also wanted a backup in case they couldn’t use their smart device.

The bank was able to strategise its plans for software token adoption by surveying its customers first. Any resistance to new technology can be planned for with tailored communications to segmented user groups. Tech savvy, mobile-first customers were grouped separately to those who were identified as slow adopters so that messages could be adapted accordingly.

Communication is critical in the success of the adoption process and using  the segmented groups, the bank produced a series of short explainer videos that were designed as simple tutorials to demonstrate the technology in action.

Using the findings from the initial survey also allowed the bank to scale its helpdesk accordingly, allowing for those customers who would need support and planning adequate resources around this.

Barriers to Adoption

Whilst the initial customer research allowed the bank to organise its communications methods effectively, there were still those customers who showed reluctance to switching from existing authentication methods. Further research showed that those who were not keen on the idea of using their smartphone as part of the authentication process fell into one (or more) of the following groups:

  • Those who had concerns about the loss or theft of their phones.
  • Those that were unfamiliar with, and/or a lack of trust in, software tokens.
  • Those that had concerns about already having too many apps on their phone.

The findings from this wave of customer feedback informed the bank on the next stage of their project and allowed them to initially opt for a hybrid of both hardware and software authentication. This allowed them to drive forward with the rollout of the new technology but also t continue with their plans to drive behaviour change in their customer base.

The project manager reported the bank noticed an initial resistance from its customers towards the change but once they tried mobile authentication they reported high levels of satisfaction with the service.

Unsurprisingly, the key take home towards overcoming these barriers was one of communication and the level of uptake reflected the success of their campaign with an initial uptake of 62% on software tokens.

Measuring Success

As well as achieving their goal of driving down costs, improving security and enhancing the customers experience of accessing their service, the bank was also able to report improved overall customer satisfaction.

The project manager was able to report that the majority of customers found the new authentication procedure easier to use and feedback has been very positive.

Once again, communication was critical to achieving this success and the way the migration was introduced using targeted information, material on their website and other content meant that few people had to contact the helpdesk for support.

 

In this article

Join the Conversation