
Striking the right balance between user experience and security remains one of the biggest challenges for financial services and fintech companies. In our recent webinar, industry experts Catherine Woneis (VP, Product at Fingerprint), Peter Daunton (Chief Product Officer at Sokin), and Greg Smith (SVP, Digital Banking at Banc of California) shared insights on navigating this delicate tradeoff and building more secure, seamless customer journeys.
Key challenges faced by fintech and banks
Financial institutions are prime targets for fraud, with breaches becoming increasingly common. In 2023 alone, account takeover attacks targeting banks and fintechs accounted for over a quarter of all attacks, with many organizations reporting significant financial losses.
Our speakers highlighted three critical challenges:
- Balancing security and convenience: Multi-factor authentication (MFA), bot detection, and other tools can help prevent fraud and enhance customer trust. But they can also add friction that frustrates customers.
- False positives in fraud detection: Incorrectly identifying genuine users as fraudsters can lead to poor customer experiences and increased support costs.
- Compliance: Meeting strict regulatory requirements like KYC and AML without negatively impacting user experiences.
Striking the right balance
Greg and Peter both emphasized the importance of strategically placing friction to reassure users without causing unnecessary frustration. Greg highlighted the necessity of deeply understanding user journeys to intentionally position friction points where they make users feel secure, particularly during high-stakes transactions. Banks must remain competitive by meeting the high user expectations set by frictionless services like Amazon and Uber without compromising security. Users appreciate knowing that robust security measures protect their sensitive data.
Peter added that friction can be reassuring if users clearly understand its purpose. Educating users on why security measures exist can enhance acceptance and minimize user frustration. He emphasized the importance of context, comparing security friction to locking a front door — it requires effort but significantly increases peace of mind. Leveraging real-time data to validate user identities further reduces unnecessary friction by precisely targeting security measures.
Factors that have impacted how to approach RUX
Several factors have influenced how Sokin and Banc of California approach returning user experiences.
At Sokin, the growing sophistication of fraud tactics, especially those involving generative AI, has significantly changed how the team thinks about onboarding and ongoing authentication. What once required only a photo ID now demands liveliness checks and additional verification. The rise of instant payments has also added urgency. Because funds move in real time, there's less opportunity to detect and reverse fraud, prompting a greater reliance on device and behavioral data to validate users before allowing high-risk actions.
For Banc of California, rapid changes in scam tactics and the sheer volume of threats have required a more proactive approach. Greg highlighted the importance of building a security mindset across the entire organization, from product teams to front-line staff. He also pointed to regulatory pressure and the need to invest in both technology and user education. One major shift has been designing user journeys with the assumption that a customer may have already been compromised elsewhere — this changes how and when to introduce authentication challenges.
Both organizations agreed that evolving threats and rising user expectations have made it critical to revisit traditional approaches and prioritize smarter, context-aware friction.
How to measure customer satisfaction
Sokin and Banc of California both emphasize the importance of measuring customer satisfaction through a mix of direct feedback and behavioral data. Tools like Net Promoter Score (NPS) offer a useful benchmark, but both teams go beyond metrics, actively listening to what users are saying and experiencing in real time. Feedback is collected from formal complaints, support calls, and direct interactions with relationship managers, along with always-on tools like Qualtrics that capture sentiment during key user moments.
This is paired with internal analysis of product usage data—tracking login issues, drop-off rates, and common pain points—to identify where the experience may be falling short. Usability testing and customer interviews add another layer of insight, especially in complex B2B workflows where product teams may not be the typical end user. The goal across both organizations is the same: to build trust, reduce friction, and ensure the product meets real user needs, not just internal assumptions.
Common security tools and their drawbacks
Catherine shared common frustrations with typical security methods:
- CAPTCHAs: These tests can be highly frustrating for users, often requiring multiple attempts. Despite their widespread use, they are increasingly ineffective against sophisticated AI-driven bots that can solve them with near-perfect accuracy.
- Complex passwords: While intended to improve security, complex password requirements are difficult for users to remember. This often leads to poor password hygiene, such as reusing passwords across multiple accounts or using simplistic variations, increasing vulnerability.
- Multi-factor authentication (MFA): Although MFA provides an additional security layer, it can be inconvenient and disruptive to user workflows. Moreover, MFA is susceptible to misconfigurations by organizations and MFA fatigue attacks, where attackers repeatedly trigger authentication requests to wear users down.
- Security questions: Security questions are often predictable, making them easily compromised through social engineering tactics or data from past breaches. Users also frequently forget how they initially answered these questions, causing additional inconvenience and support demands.
The role of device intelligence
Device intelligence technology helps maintain the balance between security and user experience by analyzing unique signals from devices, such as operating systems, browsers, and geolocation. This allows institutions to recognize trusted devices, reduce friction for legitimate users, and raise hurdles for suspicious ones.
Device intelligence can effectively complement traditional security methods by detecting:
- Bots and automation tools
- VPN usage and true locations
- Jailbroken or tampered devices
For example, detecting an unusual location or browser configuration associated with a user profile could raise red flags to a potential account takeover situation. Businesses can then tailor security measures more accurately based on risk level, streamlining the experience for trusted users and reinforcing protections when anomalies arise.
Fingerprint provides advanced device intelligence solutions used by fintechs and financial institutions to strengthen security while preserving a smooth user experience. With industry-leading visitor identification accuracy and 20+ Smart Signals, we deliver actionable insights to help detect fraud and recognize trusted users in real time.
Final thoughts on balancing security and user experience
The discussion offered practical guidance for financial institutions navigating the challenges of providing excellent returning user experiences. A key theme throughout the webinar was the importance of understanding your users in order to strategically introduce friction where it adds value, especially when it enhances a sense of security without creating unnecessary frustration.
With the right tools, such as device intelligence, institutions can better distinguish between trusted users and potential threats, allowing for more precise, risk-based authentication flows.
If you missed the event, the full recording is available to watch on demand.