How to keep P2P investors secure and satisfied at the same time
Online security is a key part of a peer-to-peer lending platform’s offering but from strict password requirements to two-factor authentication, investors can easily get frustrated and turned off by onerous checks.
Secure sign up and login processes are crucial for any type of company and for fintechs such as P2P lenders there is extra pressure to be innovative while also protecting investors from having their accounts hacked and money stolen.
P2P lenders take various approaches to online security.
Some such as Funding Circle ask users to set up a password and memorable questions as well as requiring them to have a nominated account for withdrawals.
Others, such as Zopa and Assetz Capital, have launched two-factor authentication, which sends a passcode to a mobile device that needs to be entered to login.
However, Tim Bedard, director of product marketing at cybersecurity firm OneSpan, warns against relying solely on one method.
“Financial institutions have traditionally relied on manual identity verification, such as passwords, and static credit agency data checks to verify a customer’s identity.
“The problem with these methods is that if stolen or exposed in a data breach it becomes very easy for bad actors to commit identity fraud.
“Criminals are also adapting to the growing deployment of two-factor authentication, where SMS codes in particularly have been shown to be vulnerable, as they can be easily intercepted and compromised via malware.”
He said biometric identification such as matching selfies to previously provided ID is becoming more useful.
Experts add that it is also important that users are not deterred.
“Care must be given to ensure that the trust established through a digital identity meets regulatory standards, but are also applied and administered in ways which don’t disincentive the creation or ongoing use of that relationship,” Mike Yeardley, senior director of product strategy at identity analytics firm ThreatMetrix.
“Establishing a trusted relationship between an investor and their digital identity is a key enabler for a business, but the process that establishes this trusted relationship must be secure, using trusted credentials and authenticating that direct relationship against the physical identity.”
Sarah Preston, chief designer at app develop Sonin, said the login process must be user-friendly.
“The signing up and logging in process shouldn’t be too complicated.
“We have one company where we added a timer so users could see how long was left in the onboarding process.
“We recommend passwords with eight characters and a communication of numbers and symbols as more than that can frustrate people.”
Setting up a secure login is just the start though.
Yeardley adds that security should be treated as an ongoing issue.
“Rather than forever trusting the relationship with a digital identity through the full life cycle of the investor relationship, ongoing assurance and authentication should be undertaken to ensure that identity remains trusted,” he said.
Most P2P lenders are established enough to have their own approaches to security that their users will be used to but it is worth keeping up with the latest trends and the ever-evolving techniques of scammers to ensure investor identities remain secure.
Read more: Digital lenders must invest more in tech to take on traditional banks