Building a Trusted Digital Onboarding Experience

Hi. My name is James Ahern. I’m Daon’s CTO. I’m responsible for product development within Daon. And today, I’m joined by two colleagues from National Australia Bank. Thanks, James. My name is Anthony Coviello. I’m the executive of customer onboarding and profile management at National Australia Bank. I am Arvind Balchandran. I lead the technology teams at NAB that deal with customer onboarding and profile management. So everything from individuals to the big end of town. Thank you both for joining us today. And today, we’re gonna be discussing building trust and beating fraud within identity verification journeys. To both of you, just as an opening question, what do you think in terms of the customer experience most leads to drop off as customers engage with an onboarding process? I think first customers have an expectation that we give them an easy and intuitive experience, but that we also keep them safe. And so I think that’s primarily our objective. I think our customers expect that when they provide us data, that we use it once, we don’t ask for it multiple times, the experience is intuitive, They compare us to other banks and all other organizations where they have a digital onboarding experience. So something that feels seamless for them, but gives them a sense of transparency around how we’re gonna use their data and keep them safe. And a bit about the clarity of what we are asking and the why. That that’s a predominant factor that comes into drop offs because as a bank, we are obligated to ask a few questions to keep in line with regulatory obligations that may not be as clear from a consumer’s perspective on why these questions are asked. So a bit of transparency goes a long way when it comes to ensuring that the customers feel that we’re asking it in their intent and their protection as well. And just following up on that then, Anthony, in terms of balancing the friction that that does incur during a customer verification journey and the desire to reduce fraud, what do you think are trade offs that you look at in that? I think first we look for opportunities where there isn’t a trade off, where keeping a customer safe also creates an easy experience, but there are times where that isn’t the case, and I think maybe to Arvind’s point, when we’re transparent about why we’re asking for extra steps or extra checks and we’re clear it’s about keeping a customer safe, we find that they’re much more open to the idea of that, and banking is such an important service to a customer in everyday life. They almost expect a little bit of friction as long as it’s clear that it’s necessary to keep them safe. That’s fair and just following up on that, then what is the technical challenge than that, ensuring the data integrity and that you have managed and secured its customers’ data? One of the biggest challenges that we have, because we are a pretty old institution, is that we’ve grown both organically and inorganically. So there’ll be acquisitions, there’ll be old systems and all of that. So ensuring that you can keep at pace with what is expected from our customers while modernizing our core systems are pretty important. And that’s the journey that we’ve been on for a bit now. So we’ve got a central customer identity and customer master store. That implies that we kinda get to know the customer a bit better. We don’t have various combinations of customer data. And when you have that consolidation, it makes all the process around it simple. You get to build it the right way. You get to keep it green in terms of all the controls, whether it’s the security one from a patching perspective or in terms of the versioning across the stack. And you get to ensure that you get to build the functionalities one way, and it actually reflects across the ecosystem. So that’s been our key focus and the challenges and how we’ve kind of overcome it. Yeah. And and, like, this is an ever changing environment and you’ve got all sorts of new threats that are emerging in the environment. What what do you see as being sort of the the emerging threats in Australia with regard to identity fraud? Across the board, quite a lot, to be honest. Australia has a pretty, fair problem with new accounts. We’ve got everything now coming from the the advent of AI and the fact that the fakes are pretty common and attacks with that vector is now happening a lot. We’ve had data breaches get exploited and lots of that get used in onboarding in banks in the past. There’s quite a lot that are genuinely out there as a threat, for our consumers and, we embark on obviously trying to figure out and keep at pace with them and have countermeasures so that, our customers are kept safe. Data loss in Australia has been a big issue. And do you see biometrics has been able to help you in that regard? To be able to counter that threat? Yeah. Absolutely. I I think there’s been a reliance on on customer data. We have government and industry databases that we are able to validate against, but obviously the expectation continues to rise around verification as the threats emerge. And so the ability to authenticate or verify someone via their biometric becomes increasingly important to us. So absolutely beyond just data itself. Yeah. And it’s not just the normal biometrics, even behavioral biometrics are important to us. So we leverage that as well to ensure that we keep our customers safe. And what other digital identity innovations do you think will help in the fraud journeys and how to protect customer data? I mean, emergence of things like the digital identity standards, do you think that will help and the mobile drivers licenses? One of the things that we do want to do is to ensure that as much as possible, we’ve certified that the data that we’ve received is real and that we’ve received it from a real person as well. So, yeah, all the mechanisms that we evolve as an industry is very important to that. Now the the fraud put angle particularly is also about ensuring that we keep at pace with where the bad actors are going. That’s obviously a harder thing. And each day, as the sophistication level keeps exponentially increasing. So we’ve gotta keep our basics right. That’s always something that, we ensure that never gets forgotten because the you know, if we only focus on the new attack from a, you know, deep fake or one of those metrics, the thing that might get explored is that we didn’t patch properly. So the the the base stakes is ensuring that the, you know, the basics are kept absolutely pristine, and then you innovate on ensure on all of these things. So it’s a two pronged approach that we take. I I think digital IDs are gonna they’re gonna further complement the ability to keep a customer safe whilst keep the the experience effortless. So the idea of having to pull out your own document and have that validated as part of your verification, those are gonna slowly diminish as requirements over time. So I think the ability to give power back to the customer to own their own data and then to make the experience effortless and safe at the same time, I think we’re going to continue to see that emerge as a theme. Yeah, and they can also enhance in terms of customer privacy as well, sharing as little information as as is required. And how do you determine that the identity data that you’re getting is good enough? That’s a good question. The the good enough is effectively something that we take very, very seriously. So we we never wanna take any document, that we get that proves somebody’s identity as just that. We actually do want to verify that, it is certified by the actual issuing authority. Now we, in Australia, we’ve got a bit of an advantage in comparison to a lot of other jurisdictions. We have the government provided data sources that we can check against as well. So if we combine now the biometrics and the ability to check and verify the documents themselves, we are poised pretty good in certifying that the identity is clear. This is not something that a lot of other geographies around the world are acceptable. They they don’t get the opportunity to do that because there’s no central database or whatever. So we actually push it all the way to the limit in terms of being really, really clear that we’ve got the data, and who we’ve got it from is the right person and that it’s real. And that really is a core advantage in Australia that you have that. It’s government systems that you can verify the data against. And and you’ve you’re you’re pioneering somewhat a novel approach in in National Australia Bank with the idea of identity mastering. Do you want to explain a little bit more about what you’re doing in that regard? One of the things that, we had identified at the very start is you it’s very hard for you to really, really be sure of anybody’s identity. You’ve got three or four versions of them. And especially like, these things happen because in large organics, you acquire systems and you’ve got silos across the board. And it was a very conscious effort that we had kept in, to ensure we get to a central repository for that first. And, like, when we onboard, for example, we actually check for duplicates. We actually ensure that we as much as we can, we prevent any of them from happening. And we’ve got data to identify, when any of those things do not look right. So we can have people look at it and verify it. That sets up a fundamental foundation for ensuring that we can apply consistent standards on what we think is good. So back to your other question on when you think is good, you’ve now pushed good itself being at a higher bar. You’ve set yourself to ensure that you can transact or provide them other products as they choose when they want as opposed to keep fiddling along with it later on. So it allows us to have that best balance between keeping the customer data course until once, like to the other answer that Kov had given earlier. People hate it when you ask the same thing over and over again. So Yeah. Having one record can ensure that we can reuse that and just have them go through that seamless experiences going forward. And it’s very identity centric, user centric approach really, isn’t it? And it’s making it much more streamlined for the user. Absolutely. Establish once a strong identity and then be able to reuse it across all the banking products. Good. Which is great. And how does Napseat’s responsibility regard to then managing that data and dealing with the customer both in terms of the verification but also their experience with interacting with the bank? I think trust with a bank is super important. Our customers expect, as they should, a really high bar from us in terms of they provide us data, the way we we look after that. And so I think being clear that not only we do, but how we look after that as part of the experience is really important. But we’ve also got a responsibility to respect our customers’ time and to make sure that we’re, as I said earlier, making it an easy experience for them and a safe experience. Think that balance is a constant conversation for us on both fronts. And I get that leads into the idea of how new technologies can help to lower friction. And what are you seeing in that regard? Where do you think that’s going to go to in terms of how we can reduce friction in those customer journeys as we’re establishing the identity? The technology choices are very important in how we do this. So we have a general philosophy of being very modular in how we do things. So we have been lucky enough to be have embarked on a technology modernization a few years ago. So we’ve traditionally built now cloud native services that can keep at pace with, you know, how fast you wanna innovate on these things. So if there is, let’s say, something new that comes across as a integration that we could build to another government source, for example, that’s not that hard anymore. But having said that, it also comes with the, importance of ensuring that you’ve got your safety nets, and you don’t never get into a single, vendor lock in or any of those things. So we actually try to think about all these plan a’s and plan b’s throughout our life cycle, and ensure there’s always something that there’s something that’s there behind a critical function as well should something go wrong. So being prepared for contingency is a core part of the first figure. So if we look forward three to five years, how do you think identity verification is going to change over that period? I think definitely in the Australian market, we’re gonna see a lot more continued collaboration between the government and the private sector to identify ways to keep identity safe, to make it more accessible to organizations such as National Australia Bank to verify customers. AI is an emerging theme, more than an emerging theme. I think we’re going to continue to see use cases to help verify customers’ identities and also to mitigate emerging AI use cases that bad actors are leveraging to exploit onboarding. I think so we’ll continue to see that evolve, and I think what that that’ll manifest itself in is better experiences for customers as we remove the friction away from them and continue to keep them safe. Absolutely. I think that’s the key there. I think going forward, there’ll be a lot more control that the customers get themselves as we get in these industry backed partnerships across the board. And, you know, the AI space is a bit more evolving, so it’s very hard to predict what all will happen, but it’s rapidly changing. So we hope that what it will mean is that the good actors get to play a better role over the world and those additional factors that come our way in terms of people using generic to penetrate the systems are stopped better because we’ve gotten better at stopping them. So, yeah, it’s an exciting time to look forward to. Arvind and Anthony, thank you both very much for taking part today. Thanks, James. Thank you for having us, James.