A burger–like your banking software–can only be enjoyed if it’s effectively delivered.

One afternoon, following a lengthy morning at a technology conference, I found myself eagerly awaiting a ground lamb and feta cheeseburger. From my vantage point at the counter, I watched as the chef seared the burger, toasted the bun, assembled the sandwich and then plated the food; my excitement was palpable. By the time the chef called for a server to transport my burger from the service line to the counter where I waited, my hunger had reached an almost unmanageable level.

And yet, there my burger sat, cooling on the pass, unserved. All that work, all that handcrafted goodness I had watched him so carefully create just sitting there steaming away for lack of a second hand to carry out the routine task of actually delivering the food. It was then that our eyes met, and he must have seen something that spoke to him as a chef, as his next move was borderline miraculous: he walked around the pass and handed me the burger himself. I nearly sobbed with gratitude. He had stepped up to serve me himself, refusing to allow existing processes, traditions or culture to rob me of the optimal enjoyment of my meal, clearly communicating his concern for his customers and his passion for his work.

In banking, in software, in anything one does really, leaving the burger to grow cold on the pass is unforgivable. To an end user, software is one pixel deep – it begins and ends on the screen with which they’re interacting. Yet, that thin window into your brand, your people, and your business is critically important, and deserves more attention and more effort than we as an industry have given it. With our newest release of software, and the delivery of a Unified User Experience (UUX), Q2 has addressed this failure head-on.

Great experiences are continuous, and the result of their creators recognizing and respecting the intent and context of their audience. Q2 achieved our goal of unifying the way our software looks, feels and acts across the browser, tablet and smartphone, by recognizing and respecting the desires of our end users – FIs and account holders. Great experiences reward end users by providing the right features at the right time in a consistent fashion. By delivering retail, small business and commercial features across all three screens from a single platform, we had accomplished our objective. Great experiences should evolve as the tastes of their end users evolve. Our approach to design embraces the evolution and extension of the experience within the product platform, as well as further integration of downstream, back-end technologies. This may be our platform’s greatest attribute.

UUX isn’t perfect and we’re not done, but as an experience, it’s a tremendous step in the right direction. With the help of our customers, partners, and employees we’ll keep evolving and improving this new way of reaching the people our customers serve. Cheeseburgers shouldn’t be left to grow cold on the pass, and we don’t think software should either.

When trust turns sour: The threat of social engineering attacks to your institution

Tips to building a successful defense strategy

Hunter S. Thompson once said, “I am a generous man, by nature, and far more trusting than I should be. The real world is risky territory for people with generosity of spirit. Beware.”

This quote could not be truer or resonate more today, especially when discussing the topic of social engineering attacks in the financial sector.

 

“The real world is risky territory for people with generosity of spirit” is incredibly accurate if you think about it. The unfortunate truth is that, as humans, our natural inclination is to trust and to look for the good in people—particularly in the case of individuals working in customer service positions. Unfortunately, this makes us easy prey for fraudsters. Trusting, helpful human spirits are the low hanging fruit. Attacks aimed at humans don’t require an attacker to place malware on a device or inject anything into a browser—often all it takes is a simple phone call into the back office. With just a few nuggets of information about an end user, fraudsters often have all of the necessary tools to convince a financial institution’s (FI’s) employee to readily “help” them.

While we all would like to think that our staff will not fall for such schemes, I’d caution that the shift in transaction amounts occurring in such attacks are raising fewer and fewer eyebrows. Why? In many cases fraudsters are moving toward initiating smaller transactions—generally less than $10K—rather than high-dollar amount wires, so as not to gain unwanted attention. These smaller dollar amount transactions are bounced through multiple mule accounts before ultimately leaving the country.

Particularly where social engineering is concerned, we have seen a 63 percent increase in fraud cases reported to Q2, when comparing only the first quarter of this year to all of 2014. That’s a dramatic upsurge in just three months, as compared to
the prior 12.

At a high level, these reports consist of phone calls, faxes or emails into the back office attempting to generate transactions or change sensitive information on an end user’s account. And, with the amount of personal and company information available and accessible on the internet, the reality is that these scams are not difficult to pull off.

As we look to the future, a combination of factors will continue to contribute to fraudsters’ use of social engineering as an attack of choice, to name just a few:

  • The shift toward Europay, MasterCard and Visa (EMV), and the reduction of fraud via the reselling of reproduced cards.
  • The continued evolution of anomaly detection anti-fraud tools catching transactions generated online.
  • The fact that these attacks really are just too easy, as they rely simply on trusting human nature.

 

Building a successful defense strategy for these types of attacks ultimately comes down to consistent training and testing of employees’ reactions to a variety of challenging scenarios. The Q2 Security team has built a targeted, customized Social Engineering Testing service designed to pressure employees in scenarios we’ve seen used in actual fraud cases. The reality is that we truly don’t know how staff will react to these types of schemes until they are faced with the situation in a real-world scenario. Trust itself is not a bad thing, however, encouraging a culture of “trust, but verify” may just pay off in the long run.

The Whole of UX Design: Greater than the Sum of Its Parts

Not so long ago, one of the biggest challenges for web application designers was creating intuitive, consistent experiences across multiple browsers. Once smartphones became ubiquitous, the focus shifted to touch-friendly controls and responsive layouts in order to provide similar experiences on PCs and smartphones. Today, however, with the mobile device market exploding to include tablets, phablets, glasses, and smartwatches, the competition to produce software offering innovative, multi-device experiences has reached a fever pitch, and the challenge has become far more vexing.

Today’s UI/UX designers must look at multi-device design holistically—considering not only screen sizes, touch zones, and consistency between devices, but also the who/what/where/when/why/how of device usage. As designers, developers, and product owners we must commit to broadening our focus on user experience. Ignoring the full picture of how users interact with their devices is analogous to deciding at the beginning of a test that you won’t answer the last five questions – producing an A+ isn’t even a possibility.

As Google’s Senior User Experience Designer, Michal Levin, points out in her bookDesigning Multi-Device Experiences, 86% of consumers use their smartphones while using other devices. Because smartphone use is often rushed and subject to interruption, users are likely to perform shorter tasks or stop in the middle of their tasks and try to resume them later. A good phone-oriented design will give priority to tasks that users are most likely to perform on phones, and offer ways to save those tasks for completion in the future, on that device or another.

I was fortunate to attend Nielsen Norman Group’s Usability Week in San Francisco this past June, and during the “Scaling User Interfaces” session, presenter Raluca Budiu mentioned that users often admit during usability testing that they would never perform certain tasks on certain devices. I thought it was a powerful statement. Given the number of factors that differentiate devices—from screen size to portability to privacy (we know that tablets and desktops are often shared among family members while phones are used privately)—it behooves us to survey our users and analyze data around which tasks are likely to be performed on various devices.

Doing so enables designers and developers to apply energies otherwise spent forcing round pegs into square holes, towards optimizing the experience on each particular device, providing users not only what they desired, but delivering it in a way that is better than they could have imagined. Not only does simple responsiveness fall short in facilitating the device specific goals of the user, it also fails to address other areas of the cross-platform experience. Serving up all your desktop content to phones negatively impacts load time, even though users are unable to see all the loaded content within the given screen real estate.

Additionally, as Aurora Bedford discussed in Nielsen Norman Group’s “Visual Design for Mobile and Tablet” session, the ideal placement of frequently used controls varies between devices and even between operating systems. For example, since our thumbs are typically near the bottom of iPhones when we’re holding them, it is recommended that commonly used controls be placed at the bottom of iOS mobile applications. However, to avoid accidental taps of the device buttons on Android, it is recommended that frequently used buttons be placed at the top of the screen.

To further complicate matters, the main theme in Levin’s Designing Multi-Device

Experiences is device interoperability; i.e., we must consider how users’ devices interact with one another. She points out that our mental models as designers are often stuck in the “consistent across devices” mode. While consistency across devices is integral to improving usability, increasing usage, supporting brand identity, and boosting the perception of a professional application, it is only a fraction of the whole picture. It’s equally imperative that device designs are also continuous—that users can abandon halfway completed workflows on their phones and pick them up again later on their desktops or tablets.

The game changer, she asserts, is the creation of designs that are complementarythat enable devices to interact and work together to heighten the user experience. She used the example of the Scrabble app, where players sit around a tablet which serves as the game board, while the individual users’ phones contain their letter tiles. So how do application designers tackle the daunting challenge of creating consistent, fast, user-friendly, innovative, continuous, complementary experiences across all devices?

There is no silver bullet. We can, however, make huge advances by analyzing the device specific

data we have today, which leads to informed decisions on which features to highlight on various devices. We can survey our users on their device-oriented habits and behaviors. We can use progressive disclosure to reduce load time and cognitive overload on small devices, while still offering the content available on larger devices. We can perform usability tests at the wireframing and prototyping stages.

Perhaps most importantly, we can open our minds to the big picture of device usage and realize it’s so much more than it was ten, five or even two years ago. If we’re able use research and education to anticipate the needs of our users a few years into the future, we have a fighting chance in the race to develop innovative technology…that’s also delightful to use.

One Pixel Deep

One afternoon, following a lengthy morning at a technology conference, I found myself eagerly awaiting a ground lamb and feta cheeseburger. From my vantage point at the counter, I watched as the chef seared the burger, toasted the bun, assembled the sandwich and then plated the food; my excitement was palpable. By the time the chef called for a server to transport my burger from the service line to the counter where I waited, my hunger had reached an almost unmanageable level.

And yet, there my burger sat, cooling on the pass, unserved. All that work, all that handcrafted goodness I had watched him so carefully create just sitting there steaming away for lack of a second hand to carry out the routine task of actually delivering the food. It was then that our eyes met, and he must have seen something that spoke to him as a chef, as his next move was borderline miraculous: he walked around the pass and handed me the burger himself. I nearly sobbed with gratitude. He had stepped up to serve me himself, refusing to allow existing processes, traditions or culture to rob me of the optimal enjoyment of my meal, clearly communicating his concern for his customers and his passion for his work.

In banking, in software, in anything one does really, leaving the burger to grow cold on the pass is unforgivable. To an end user, software is one pixel deep – it begins and ends on the screen with which they’re interacting. Yet, that thin window into your brand, your people, and your business is critically important, and deserves more attention and more effort than we as an industry have given it. With our newest release of software, and the delivery of a Unified User Experience (UUX), Q2 has addressed this failure head-on.

Great experiences are continuous, and the result of their creators recognizing and respecting the intent and context of their audience. Q2 achieved our goal of unifying the way our software looks, feels and acts across the browser, tablet and smartphone, by recognizing and respecting the desires of our end users – FIs and account holders. Great experiences reward end users by providing the right features at the right time in a consistent fashion. By delivering retail, small business and commercial features across all three screens from a single platform, we had accomplished our objective. Great experiences should evolve as the tastes of their end users evolve. Our approach to design embraces the evolution and extension of the experience within the product platform, as well as further integration of downstream, back-end technologies. This may be our platform’s greatest attribute.

UUX isn’t perfect and we’re not done, but as an experience, it’s a tremendous step in the right direction. With the help of our customers, partners, and employees we’ll keep evolving and improving this new way of reaching the people our customers serve. Cheeseburgers shouldn’t be left to grow cold on the pass, and we don’t think software should either.

Virtual Branch Myth #2, Part 2

In my previous blog entry, I detailed the myth that integrating online and mobile banking will hold back mobile banking.

As we continue the series in this blog post, I would like to address the issue of mobile being a separate channel.

Mobile is a Channel Myth: Mobile is the next evolution in online banking.

Mobile is cool. Mobile is hot. Mobile devices sales are rising as PC sales are falling. These type of stats are used as “evidence” that mobile is the next evolution of the online experience. When it comes to banking, the fact is that mobile is just another access point for consumers who want to access their financial institutions anytime, anywhere and on any device.

Newsflash: each access device is not a channel; your customer, acting beyond the branch, is the channel.

Think about how many types of mobile devices and operating systems exist today. You have the commercially viable iOS (Apple) and Android OS, plus minor systems in Blackberry (RIM) and Windows 8 (MS). There are multiple Apple devices and literally dozens of Android devices. Now suppose each of these required a separate interface to your core system. Each one would need to have its own user interface. The navigation for similar tasks would not be the same. All of this would generate confusion for your customer. Does that sound like evolution or taking your virtual branch back to the stone ages?

Customers want their financial institution to offer the same unified multi-device access they receive from the non-banking brands they trust with their shopping and browsing. Put another way, if decoupling mobile from online was a great idea, wouldn’t most all of the large online players be doing this?

On the contrary, Amazon and Apple go out of their way to integrate their mobile and online experiences across access devices. Facebook spends millions on ensuring that the user experience from online to handset to tablet is unified, integrated and consistent. Do you think that Facebook thinks that they should shun online and go mobile only? Of course not and neither should you!

Embracing a mobile strategy based on concerns over whether the days of online banking is over is a compromise that leads to dissatisfied customers and a weak Virtual Branch offering. To be successful, FIs need to focus on providing an integrated and unified customer experience that maximizes each access device for its unique qualities while ensuring that data, transactions, security protocol and user interface are consistent. This channel of one strategy is the central to retaining current and attracting new customers.

Stay tuned for more in my next blog post.