A burger–like your banking software–can only be enjoyed if it’s effectively delivered.

One afternoon, following a lengthy morning at a technology conference, I found myself eagerly awaiting a ground lamb and feta cheeseburger. From my vantage point at the counter, I watched as the chef seared the burger, toasted the bun, assembled the sandwich and then plated the food; my excitement was palpable. By the time the chef called for a server to transport my burger from the service line to the counter where I waited, my hunger had reached an almost unmanageable level.

And yet, there my burger sat, cooling on the pass, unserved. All that work, all that handcrafted goodness I had watched him so carefully create just sitting there steaming away for lack of a second hand to carry out the routine task of actually delivering the food. It was then that our eyes met, and he must have seen something that spoke to him as a chef, as his next move was borderline miraculous: he walked around the pass and handed me the burger himself. I nearly sobbed with gratitude. He had stepped up to serve me himself, refusing to allow existing processes, traditions or culture to rob me of the optimal enjoyment of my meal, clearly communicating his concern for his customers and his passion for his work.

In banking, in software, in anything one does really, leaving the burger to grow cold on the pass is unforgivable. To an end user, software is one pixel deep – it begins and ends on the screen with which they’re interacting. Yet, that thin window into your brand, your people, and your business is critically important, and deserves more attention and more effort than we as an industry have given it. With our newest release of software, and the delivery of a Unified User Experience (UUX), Q2 has addressed this failure head-on.

Great experiences are continuous, and the result of their creators recognizing and respecting the intent and context of their audience. Q2 achieved our goal of unifying the way our software looks, feels and acts across the browser, tablet and smartphone, by recognizing and respecting the desires of our end users – FIs and account holders. Great experiences reward end users by providing the right features at the right time in a consistent fashion. By delivering retail, small business and commercial features across all three screens from a single platform, we had accomplished our objective. Great experiences should evolve as the tastes of their end users evolve. Our approach to design embraces the evolution and extension of the experience within the product platform, as well as further integration of downstream, back-end technologies. This may be our platform’s greatest attribute.

UUX isn’t perfect and we’re not done, but as an experience, it’s a tremendous step in the right direction. With the help of our customers, partners, and employees we’ll keep evolving and improving this new way of reaching the people our customers serve. Cheeseburgers shouldn’t be left to grow cold on the pass, and we don’t think software should either.

When trust turns sour: The threat of social engineering attacks to your institution

Tips to building a successful defense strategy

Hunter S. Thompson once said, “I am a generous man, by nature, and far more trusting than I should be. The real world is risky territory for people with generosity of spirit. Beware.”

This quote could not be truer or resonate more today, especially when discussing the topic of social engineering attacks in the financial sector.

 

“The real world is risky territory for people with generosity of spirit” is incredibly accurate if you think about it. The unfortunate truth is that, as humans, our natural inclination is to trust and to look for the good in people—particularly in the case of individuals working in customer service positions. Unfortunately, this makes us easy prey for fraudsters. Trusting, helpful human spirits are the low hanging fruit. Attacks aimed at humans don’t require an attacker to place malware on a device or inject anything into a browser—often all it takes is a simple phone call into the back office. With just a few nuggets of information about an end user, fraudsters often have all of the necessary tools to convince a financial institution’s (FI’s) employee to readily “help” them.

While we all would like to think that our staff will not fall for such schemes, I’d caution that the shift in transaction amounts occurring in such attacks are raising fewer and fewer eyebrows. Why? In many cases fraudsters are moving toward initiating smaller transactions—generally less than $10K—rather than high-dollar amount wires, so as not to gain unwanted attention. These smaller dollar amount transactions are bounced through multiple mule accounts before ultimately leaving the country.

Particularly where social engineering is concerned, we have seen a 63 percent increase in fraud cases reported to Q2, when comparing only the first quarter of this year to all of 2014. That’s a dramatic upsurge in just three months, as compared to
the prior 12.

At a high level, these reports consist of phone calls, faxes or emails into the back office attempting to generate transactions or change sensitive information on an end user’s account. And, with the amount of personal and company information available and accessible on the internet, the reality is that these scams are not difficult to pull off.

As we look to the future, a combination of factors will continue to contribute to fraudsters’ use of social engineering as an attack of choice, to name just a few:

  • The shift toward Europay, MasterCard and Visa (EMV), and the reduction of fraud via the reselling of reproduced cards.
  • The continued evolution of anomaly detection anti-fraud tools catching transactions generated online.
  • The fact that these attacks really are just too easy, as they rely simply on trusting human nature.

 

Building a successful defense strategy for these types of attacks ultimately comes down to consistent training and testing of employees’ reactions to a variety of challenging scenarios. The Q2 Security team has built a targeted, customized Social Engineering Testing service designed to pressure employees in scenarios we’ve seen used in actual fraud cases. The reality is that we truly don’t know how staff will react to these types of schemes until they are faced with the situation in a real-world scenario. Trust itself is not a bad thing, however, encouraging a culture of “trust, but verify” may just pay off in the long run.

The Whole of UX Design: Greater than the Sum of Its Parts

Not so long ago, one of the biggest challenges for web application designers was creating intuitive, consistent experiences across multiple browsers. Once smartphones became ubiquitous, the focus shifted to touch-friendly controls and responsive layouts in order to provide similar experiences on PCs and smartphones. Today, however, with the mobile device market exploding to include tablets, phablets, glasses, and smartwatches, the competition to produce software offering innovative, multi-device experiences has reached a fever pitch, and the challenge has become far more vexing.

Today’s UI/UX designers must look at multi-device design holistically—considering not only screen sizes, touch zones, and consistency between devices, but also the who/what/where/when/why/how of device usage. As designers, developers, and product owners we must commit to broadening our focus on user experience. Ignoring the full picture of how users interact with their devices is analogous to deciding at the beginning of a test that you won’t answer the last five questions – producing an A+ isn’t even a possibility.

As Google’s Senior User Experience Designer, Michal Levin, points out in her bookDesigning Multi-Device Experiences, 86% of consumers use their smartphones while using other devices. Because smartphone use is often rushed and subject to interruption, users are likely to perform shorter tasks or stop in the middle of their tasks and try to resume them later. A good phone-oriented design will give priority to tasks that users are most likely to perform on phones, and offer ways to save those tasks for completion in the future, on that device or another.

I was fortunate to attend Nielsen Norman Group’s Usability Week in San Francisco this past June, and during the “Scaling User Interfaces” session, presenter Raluca Budiu mentioned that users often admit during usability testing that they would never perform certain tasks on certain devices. I thought it was a powerful statement. Given the number of factors that differentiate devices—from screen size to portability to privacy (we know that tablets and desktops are often shared among family members while phones are used privately)—it behooves us to survey our users and analyze data around which tasks are likely to be performed on various devices.

Doing so enables designers and developers to apply energies otherwise spent forcing round pegs into square holes, towards optimizing the experience on each particular device, providing users not only what they desired, but delivering it in a way that is better than they could have imagined. Not only does simple responsiveness fall short in facilitating the device specific goals of the user, it also fails to address other areas of the cross-platform experience. Serving up all your desktop content to phones negatively impacts load time, even though users are unable to see all the loaded content within the given screen real estate.

Additionally, as Aurora Bedford discussed in Nielsen Norman Group’s “Visual Design for Mobile and Tablet” session, the ideal placement of frequently used controls varies between devices and even between operating systems. For example, since our thumbs are typically near the bottom of iPhones when we’re holding them, it is recommended that commonly used controls be placed at the bottom of iOS mobile applications. However, to avoid accidental taps of the device buttons on Android, it is recommended that frequently used buttons be placed at the top of the screen.

To further complicate matters, the main theme in Levin’s Designing Multi-Device

Experiences is device interoperability; i.e., we must consider how users’ devices interact with one another. She points out that our mental models as designers are often stuck in the “consistent across devices” mode. While consistency across devices is integral to improving usability, increasing usage, supporting brand identity, and boosting the perception of a professional application, it is only a fraction of the whole picture. It’s equally imperative that device designs are also continuous—that users can abandon halfway completed workflows on their phones and pick them up again later on their desktops or tablets.

The game changer, she asserts, is the creation of designs that are complementarythat enable devices to interact and work together to heighten the user experience. She used the example of the Scrabble app, where players sit around a tablet which serves as the game board, while the individual users’ phones contain their letter tiles. So how do application designers tackle the daunting challenge of creating consistent, fast, user-friendly, innovative, continuous, complementary experiences across all devices?

There is no silver bullet. We can, however, make huge advances by analyzing the device specific

data we have today, which leads to informed decisions on which features to highlight on various devices. We can survey our users on their device-oriented habits and behaviors. We can use progressive disclosure to reduce load time and cognitive overload on small devices, while still offering the content available on larger devices. We can perform usability tests at the wireframing and prototyping stages.

Perhaps most importantly, we can open our minds to the big picture of device usage and realize it’s so much more than it was ten, five or even two years ago. If we’re able use research and education to anticipate the needs of our users a few years into the future, we have a fighting chance in the race to develop innovative technology…that’s also delightful to use.

One Pixel Deep

One afternoon, following a lengthy morning at a technology conference, I found myself eagerly awaiting a ground lamb and feta cheeseburger. From my vantage point at the counter, I watched as the chef seared the burger, toasted the bun, assembled the sandwich and then plated the food; my excitement was palpable. By the time the chef called for a server to transport my burger from the service line to the counter where I waited, my hunger had reached an almost unmanageable level.

And yet, there my burger sat, cooling on the pass, unserved. All that work, all that handcrafted goodness I had watched him so carefully create just sitting there steaming away for lack of a second hand to carry out the routine task of actually delivering the food. It was then that our eyes met, and he must have seen something that spoke to him as a chef, as his next move was borderline miraculous: he walked around the pass and handed me the burger himself. I nearly sobbed with gratitude. He had stepped up to serve me himself, refusing to allow existing processes, traditions or culture to rob me of the optimal enjoyment of my meal, clearly communicating his concern for his customers and his passion for his work.

In banking, in software, in anything one does really, leaving the burger to grow cold on the pass is unforgivable. To an end user, software is one pixel deep – it begins and ends on the screen with which they’re interacting. Yet, that thin window into your brand, your people, and your business is critically important, and deserves more attention and more effort than we as an industry have given it. With our newest release of software, and the delivery of a Unified User Experience (UUX), Q2 has addressed this failure head-on.

Great experiences are continuous, and the result of their creators recognizing and respecting the intent and context of their audience. Q2 achieved our goal of unifying the way our software looks, feels and acts across the browser, tablet and smartphone, by recognizing and respecting the desires of our end users – FIs and account holders. Great experiences reward end users by providing the right features at the right time in a consistent fashion. By delivering retail, small business and commercial features across all three screens from a single platform, we had accomplished our objective. Great experiences should evolve as the tastes of their end users evolve. Our approach to design embraces the evolution and extension of the experience within the product platform, as well as further integration of downstream, back-end technologies. This may be our platform’s greatest attribute.

UUX isn’t perfect and we’re not done, but as an experience, it’s a tremendous step in the right direction. With the help of our customers, partners, and employees we’ll keep evolving and improving this new way of reaching the people our customers serve. Cheeseburgers shouldn’t be left to grow cold on the pass, and we don’t think software should either.

Virtual Branch Myth #2, Part 2

In my previous blog entry, I detailed the myth that integrating online and mobile banking will hold back mobile banking.

As we continue the series in this blog post, I would like to address the issue of mobile being a separate channel.

Mobile is a Channel Myth: Mobile is the next evolution in online banking.

Mobile is cool. Mobile is hot. Mobile devices sales are rising as PC sales are falling. These type of stats are used as “evidence” that mobile is the next evolution of the online experience. When it comes to banking, the fact is that mobile is just another access point for consumers who want to access their financial institutions anytime, anywhere and on any device.

Newsflash: each access device is not a channel; your customer, acting beyond the branch, is the channel.

Think about how many types of mobile devices and operating systems exist today. You have the commercially viable iOS (Apple) and Android OS, plus minor systems in Blackberry (RIM) and Windows 8 (MS). There are multiple Apple devices and literally dozens of Android devices. Now suppose each of these required a separate interface to your core system. Each one would need to have its own user interface. The navigation for similar tasks would not be the same. All of this would generate confusion for your customer. Does that sound like evolution or taking your virtual branch back to the stone ages?

Customers want their financial institution to offer the same unified multi-device access they receive from the non-banking brands they trust with their shopping and browsing. Put another way, if decoupling mobile from online was a great idea, wouldn’t most all of the large online players be doing this?

On the contrary, Amazon and Apple go out of their way to integrate their mobile and online experiences across access devices. Facebook spends millions on ensuring that the user experience from online to handset to tablet is unified, integrated and consistent. Do you think that Facebook thinks that they should shun online and go mobile only? Of course not and neither should you!

Embracing a mobile strategy based on concerns over whether the days of online banking is over is a compromise that leads to dissatisfied customers and a weak Virtual Branch offering. To be successful, FIs need to focus on providing an integrated and unified customer experience that maximizes each access device for its unique qualities while ensuring that data, transactions, security protocol and user interface are consistent. This channel of one strategy is the central to retaining current and attracting new customers.

Stay tuned for more in my next blog post.

Virtual Branch Myth #2, Part 1

There are many in financial services who believe that mobile banking is a channel of its own, distinctly separate from other online banking applications. They theorize that only when mobile is decoupled from all other online capabilities can mobile grow, expand and capitalize on its unique capabilities.

Those who argue for a mobile-only strategy usually believe in the following myths:

1) Online banking will restrict mobile from growing as it normally would.

2) Mobile is the next evolution in online banking and that traditional online access is archaic and antiquated.

3) Mobile and online channels are different and therefore deserve their own distinct applications and systems.

To me these three myths are all part of one misconception: that the mobile channel can be successfully decoupled from other online services. To gain a better understanding of the issue at hand, these myths must be thoroughly explained and debunked. Due to the amount of information needed to discuss this topic, I will break this topic up into multiple blog entries.

Mobile Is a Channel Myth #2, Part 1: Internet banking will hold mobile banking back.

In order for you to believe that online holds back mobile, you would have to assume that mobile will only take on all of the features that online offers.  Since so many financial institutions have online systems that are so far removed from the expectations of their customers, offering only the most rudimentary functionality, it is easy to see why they would be attracted to the bright shiny object that mobile represents compared to their antiquated online system.

There is no question that PC sales are down while at the same time the sales of mobile handsets and tablets are off the charts. But without a synchronized mobile and Internet offering, consumers and FI support personnel alike must deal with a separate verification, authorization and issue resolution processes.

Rather than holding mobile back, Internet banking acts as an additional integrated resource for consumers.

Consider this example: suppose a consumer takes a photo of a check with a mobile device to make a deposit. Twenty minutes later, the same consumer is trying to verify if they have enough money to buy that flat screen TV they have found on sale – today only!. The mobile deposit will probably show up in the online system, but will the customer’s mobile available balance match up with the online balance? If the systems are separate, there is a good chance that they have separate interfaces to the core system that holds the balance information.  Separate interfaces often mean mismatched information.

Here’s another example, suppose a consumer creates a bill payment on their non-integrated mobile device. The bill payment goes through fine. When it’s time to pay that bill the next month, they find it on the mobile device and make the payment. The following month, when they need to pay the bill their mobile device is not available. So they use a friend’s computer to access their financial institution via online banking and look for the bill payment vendor. Only it’s not there because the FI has a mobile strategy that is not integrated into all of the access points that the customer can use. This same scenario plays out for issues such as support, security, authorization, dual control, and so forth.

Embracing a mobile strategy based on concerns over outdated online banking technology is a compromise that leads to future obsolescence and a poor consumer experience. Instead, to be successful, FIs need to focus on providing an integrated experience that maximizes each access device for its unique qualities while ensuring that data, transactions, security protocol and user interface are consistent. This channel of one strategy is central to retaining current and attracting new customers.

Check back soon for my next blog post – Mobile Is a Channel Myth #2, Part 2.

Virtual Branch Myth #1

As a follow up to my recent blog post, here’s the first in a series of Virtual Branch Myths to consider.

“Our FI employs a best of breed approach to technology; we buy individual products that meet specific customer/member needs”. Sounds good, right?

The problem with this siloed approach is that it leads to selecting individual products chasing a particular market segment or specific devices. Mobile is the obvious example; many FIs have selected a specific mobile vendor for a specific part of mobile functionality. This results in the FI having multiple apps for online banking, mobile remote deposit, mobile bill pay, mobile PtoP, and so on.

Moreover, each of these products have a different user interface, the flow of entering information, the navigation in the app, the information that is retrieved and displayed all will be different. It is possible, even likely, that they would see different available balance information displayed in different apps. This is because regardless of the app source, there still has to be an interface back to the core system. Multiple systems means managing multiple interfaces to the core and depending on how the company creates this interface and whether it is online/real-time or batch will affect the balance and other critical information that is retrieved and displayed on the mobile device.

With this in mind, the importance of a consistent user interface cannot be overlooked. When looking at “best of breed”, start by asking these questions:

1. Do I need to create another host interface?
2. Will this present a different user interface for my customers/members?
3 .Will the data, navigation and experience be simplified and intuitive if I offer this in addition to the other systems that I deploy?

If the answers are Yes, Yes, and No, then even though you may perceive that there is a particular feature/function that is desirable from a particular vendor, the long term negative aspect of non-integrated systems will greatly outweigh any short-term benefit. You should look for a solution that allows for one host interface to run myriad integrated applications that present a unified user experience. Make sure that your view of technology is a strategic one, not the shiny object du jour … stay tuned for more Virtual Branch myths!

Q2ebanking Speaks ACH

Regardless of what you call them—PPDs, payroll, or even direct payments/direct debits—ACH transactions continue to grow and for good reasons. The ACH network provides the backbone for many of our domestic payments, and international ACH transactions are also inching upward. The ACH rails, as they are often referred to, remain a primary conduit for a significant portion of the daily volume of debits and credits. The latest figures from the National Automated Clearing House Association (NACHA), the rules-making organization for the ACH Network, reported total 2011 ACH volume increased by about 4.0 percent over the prior year. That statistic represents over 20.2 billion transactions, certainly enough to keep those ACH rails hot. For the first half of 2012, as reported by NACHA, overall transactions continued a similar growth of around 4.0 percent.

Q2ebanking appreciates the value of ACH and its growth to our financial institutions; therefore, we stay involved in rules making, operations issues, and educational opportunities for all things ACH. How does Q2 accomplish this? We are active participants in NACHA’s Internet Council, Electronic Check Council, and the NACHA Software Information Exchange, which offers ACH software providers input on the development and implementation of NACHA Rules. Through these activities, Q2 stays abreast of upcoming changes in ACH Rules as well as consistently advocates for a simpler ACH network through fewer SEC codes and more straightforward rules.

Q2ebanking participates in various NACHA rules workgroups and represents our financial institutions’ best interests on initiatives in an effort to have the rules benefit rather than detract from the value of ACH for financial institutions and their customers. We are an active member of GACHA, the Georgia ACH Association, as well as a member of WesPay, the Western Payments Alliance. In other words, Q2ebanking speaks ACH, and we are working to help you and your customers have a positive ACH experience. Let us know what you think of upcoming rules changes or other issues that you feel should be addressed at the highest levels. We can work together and attempt to make ACH the best, safest, and most cost-effective payment option available, for now and in the future.

David Peterson serves Q2ebanking as Executive Vice President, Customer Experience and Innovation, and is Chairman of GACHA, a nonprofit payments association located in Atlanta, Georgia. Gil Grey serves Q2ebanking as Vice President, Product Management for Treasury Services. They are both Accredited ACH Professionals.

9 Common Pitfalls When Addressing the Virtual Branch

When was the last time you as a consumer were in a branch?

If you’re like me it’s been awhile. In fact the last time I was in a branch was about a month ago. My 21 year old daughter wanted to cash a check that she had received so I suggested we go to our local branch. I really wanted to do this to view the experience through her eyes so off we went. We drove to the branch where she went through the process of standing in the teller line and then having the check cashed. As we were leaving, she commented just how foreign the whole process felt. When I asked why, she said I never go to the branch because I do all my banking online. In other words she uses the bank’s virtual branch as her primary means of contact, as do I.

With this as background, our EVP of Customer Experience and Innovation, David Peterson recently drafted a white paper entitled “Caring For Your Virtual Branch”. The paper covers the common pitfalls, elements needed in a virtual branch, who’s online?, the notion of self service, security, virtual branch requirements, virtual customer service and other elements needed for success of this emerging channel.

A little insight on what this white paper includes: The 9 common pitfalls financial institutions can run into when addressing the Virtual Branch.

1. Management failing to recognize the online channel as its own branch.

2. A lack of direct interaction between customers and FI staff. 

3. Letting concerns about security, risk and fraud delay or prevent the adoption of online banking.

4. A lack of exposure to advertising and other messaging.

5. Forgetting that customers are executing transactions for themselves.

6. Failing to inform customers what equipment they need.

7. Relying on traditional methods to provide training on how to best use the online channel.

8. Staffing for support of physical-branch customers only.

9. Ignoring the virtual branch as a major revenue engine.

I invite everyone to download and read this educational white paper to further explore this important topic in more detail.