Ever want to check your bank balance and have to wait for a one-time password (OTP) to be sent to you before you can log in, even though you logged in just yesterday on the same device? The frustration is very real when you’re asked to re-authenticate your device every single time you want to make a transfer or even just check your bank account balance. 

For fintech and banking companies, avoiding customer frustration and providing a smooth and seamless returning user experience (RUX) is key to customer retention and growth — and that experience starts at the login step.   

In efforts to gain and retain market share in a highly competitive space, fintech industry leaders like Plaid, Ramp, Razorpay, and traditional banks are investing in cutting-edge technologies like device intelligence to meet the ever-increasing demands of their most valuable customers. 

In this post, we’ll dive into why and how banks and fintechs should optimize the login process for their customers. 

Challenges in optimizing user experience in banking & fintech

Account takeover (ATO) attacks, phishing, credential stuffing attempts, and other fraud scams have been steadily increasing. As a result, banks and fintechs are constantly exploring new ways to protect customer accounts.

But it’s a delicate balance: How do you avoid frustrating legitimate customers who expect seamless access to financial services on their devices, across different platforms, while not compromising the security of their accounts? 

On top of that, how can banks and fintechs operating in the EU and offering payment services comply with Strong Customer Authentication (SCA) regulations, which require multiple forms of identification to help protect consumer data and fraud losses? 

Some would say that implementing multi-factor authentication (MFA) is a great solution since it requires at least two of the following:

• Something you know: This is typically a password or PIN. 
• Something you have: An authentication code, either sent via text (one-time passcode aka OTP) or obtained using a previously configured authentication app. Device intelligence can also meet this requirement. 
• Something you are: Biometric verification, like Apple’s Face ID or physical fingerprint.   

But MFA is not the panacea to the financial services’ industry’s fraud woes. One-third of consumers in the U.S. find MFA annoying, and no wonder: When poorly implemented, MFA can cause unnecessary friction and frustration for previously recognized, returning customers, and can cannibalize customer retention rates. 

The hidden cost of a poor login experience

As mentioned earlier, providing a seamless user experience is key to customer satisfaction and retention, and this starts at the login page by optimizing the returning user experience (RUX).

When RUX isn’t prioritized, banks and fintechs risk: 

1. Customer churn and loss of revenue. If customers are repeatedly asked to authenticate their device, their frustration can build over time, resulting in increased churn and lowering customer lifetime value. 
2. Increased fraud and ATO. Poorly implemented authentication processes can be exploited by bad actors using tactics like SIM swapping and credential stuffing — or drive users to turn off MFA altogether — resulting in successful ATO attacks.  
3. Regulatory fines. Failing to implement seamless but compliant identity verification can lead to regulatory penalties and reputational damage. 

Improving login experiences with device intelligence

To address these challenges, fintechs and banks are implementing frictionless authentication technology like Fingerprint’s device intelligence to enhance RUX while protecting customers from account takeovers and staying in compliance with regulations by offering: 

• Passwordless authentication. Fingerprint assigns each device a unique visitor ID that persists over months and even years, enabling companies to quickly recognize returning users and reduce the need for MFA verification.
• Fraud prevention. Fingerprint also helps detect potentially suspicious behaviors, such as bot activity or VPN usage, right at the login step while allowing previously recognized, legitimate users to seamlessly log in.
• Compliance with regulations. Fingerprint is ISO 27001 certified; SOC 2 Type II, GDPR, and CCPA compliant; and meets the SCA requirements as outlined by PSD2 in the EU. 

Reducing login friction is investing in growth

As fintechs and banks expand their offerings globally, and as new neobanks continue to pop up, a frictionless RUX is no longer optional. Companies that invest in technologies like device intelligence and passwordless authentication can reduce friction for customers, enhance security, and ensure compliance without sacrificing user satisfaction.

Want to learn more? Sign up for our upcoming webinar, “Frictionless authentication: Enhancing the returning user experience without sacrificing security.”