Our fantastic team at Seccl are steaming ahead, we’re building products which will change what people expect from financial services and the companies who look after their finances.
Security is a top priority for us. Finding the right mechanism and balance of checks is really important to give our client’s the best experience while using any of our services.
What are the different ways we can keep access to personal information through our user interfaces secure whilst still giving our users a great customer experience?
Here, my fictional user Beth experiences a few concerns
Regular quick access
Beth wants to log in each day, just checking progress. It takes less than a minute and as long as we are happy it’s definitely Beth logging in we want it to be as easy as possible.
Unfortunately, the common ways to ensure we are talking to Beth involve putting barriers in the way and adding precious time to her experience which needs to be quick.
Should a malicious person have access to this information they would gain personal information about Beth’s finances, however they would not be able to cause any damage to them directly. Additional authentication processes are put in place to prevent this from happening.
Changing personal data
Beth should have the ability to amend and update her own personal information. We will provide Beth with her own personal Profile page and allow her to amend her data. The changes will require additional authentication and this will give Beth comfort that her data cannot be amended by anyone but her.
Buying or Selling
There will be less frequent occasions when Beth wants to buy or sell some of her investments. Beth will be reassured that once she has made her choice there is a second level of authentication which we use to verify we are getting her consent.
Should a malicious person get access to buy or sell they could cause damage to Beth’s hard-earned savings.
Beth has decided to buy a new car and needs to withdraw some money from her savings. She will be asked to confirm her choice via a two-factor authentication method.
In our plans she will also confirm by re-entering her password. Our APIs would require a different token for this kind of operation.
Protecting against things out of our control
There are many things out of our control which we are also considering.
- Loss of a device where the client has logged in
- Travel and use of public wifi
- Malicious attempts to access login details
- Prohibit the use of common Passwords
- Provide information about Password security
We’re taking security and privacy seriously …
There’s still much to get through, but we are taking our client’s security and privacy seriously. We’re not afraid of the hard things, searching for great ways to stay safe and secure whilst still delivering a great experience.