The internet gave us unrestricted access to information, and smartphones brought finance into immediate proximity with our everyday activities. The shift from the desktop computer to mobile devices changed not only the speed at which financial decisions are made, but also the place where they are made and the amount of attention we are willing to give them. We no longer have to prepare for a bank visit because the banking app is always with us. The risks connected with this also changed. We make decisions more and more often in situations of distraction, urgency, and lack of time to think. The margin for correcting anything after clicking “OK” is therefore shrinking.
Even early online banking systems assumed a certain deliberate effort: you had to sit down, open a browser, log in, and only then carry out your task. Mobile banking reduced most of these preliminary steps. We usually have the smartphone within arm’s reach at all times, permanently connected to the internet. Notifications arrive automatically. We often make decisions on the move, while combining this with other tasks or responding to a message that interrupts us in the middle of something else.
Finance moved into the background of everyday life. The number of transactions increased, while the sense of importance attached to individual actions diminished. Expectations changed as well. Waiting for anything, once tolerated, now causes irritation. This system is no longer something separate; it has merged with other digital activities, which it now competes with for our attention.
The approach to identity confirmation also changed. Passwords and physical tokens are being replaced by biometric methods. The use of fingerprints and facial biometrics has dramatically changed our experience of authentication and transaction authorisation. Now it is a short physical action. Other elements of this process (knowledge and possession) lost much of their significance.
And once again, we run into the structural consequences of such changes. Biometrics rely on sensors, operating systems and secure elements of the device, all supplied by a small group of global players. Banks and payment service providers do not control fingerprint readers, facial recognition modules, or the logic that determines when and how biometric login is triggered and managed. Trust, therefore, moves farther and farther away not only from the personal judgment of a human being, but also from the financial institution itself. It now depends on global digital ecosystem suppliers, which are not subject to the same supervisory rules as regulated financial institutions.
Reduced tolerance for delay creates pressure to turn all processes into instant ones. This, in turn, affects risk management. There is less time for anti-fraud measures, and correcting errors becomes increasingly expensive.
The system responded by shifting control points to earlier steps in the transaction process. Authentication, authorisation, and additional warnings are triggered directly before the decision. This may include: an extra confirmation screen for the first transfer to a new payee, additional authorisation for a high-value transaction, verification of the account number and payee name within VoP. These actions become crucial in a context where payments are made instantly, and post-facto intervention is no longer possible.
Apps replaced branches and bank websites. Their interfaces are therefore becoming more and more important. Choices concerning layout, default values, action buttons, and finally the language used in descriptions influence user behaviour much more strongly than regulations or the provisions of an account agreement. Actions requiring minimal effort will be used more often. Every additional step in the process makes such an action less likely to be used. The interface itself becomes an element of control over user behaviour.
Mobile finance leads to a concentration of control at the platform level. Biometrics have already been mentioned. But the distribution of apps and their updates is also delegated there. Changes in software requirements may affect app functionality. Financial institutions have to rely on a foreign infrastructure that they cannot fully control or audit. The boundary between regulated financial activity and consumer technology solutions keeps shrinking.
The risk of fraud is greater. A lost device, captured login data, and social engineering that exploits the vulnerability of the user. Many attacks rely on time pressure, not on actual intrusion into the system. Such fraud does not require bypassing safeguards; it requires persuading the user to carry out the transaction themselves using the proper tools.
Institutions responded by introducing additional layers of authentication, behavioural monitoring, and automatic rules. Each of these measures tries to answer a different threat. Each adds complexity to the system as a whole. Security controls ceased to concern only exceptional events and became a condition for using the digital financial system.
With the spread of smartphones, digital finance ceased to be an alternative access channel. It now defines normality. The use of financial services increasingly depends on device availability, internet access, and compliance with the technical requirements imposed by operating systems and applications.
The move to mobile finance magnified the effects of changes in trust and online access to financial services.
- Data. Transactions constantly generate data that enables behaviour to be tracked continuously.
- Time. The execution of all actions accelerated significantly, reducing the time for reflection and possible correction.
- Identity. Authentication uses our bodies through consumer technology.
- Interface. Control is concentrated in the design of the default choice, which directs our behaviour at the moment of decision.
Since finance now operates continuously and instantly, control can no longer rely on post facto interventions. It has to be built into the processes that come before decisions.
Sources:
- Organisation for Economic Co-operation and Development, Consumer Policy and Fraud in the Digital Age (Paris: OECD Publishing, 2022)
- European Central Bank, Card, Mobile and Contactless Payments in Europe, ECB Occasional Paper Series, no. 193 (Frankfurt: European Central Bank, 2017)
- European Systemic Risk Board, Cloud Services and Financial Stability (Frankfurt: ESRB, 2022)
- Bank for International Settlements, Sound Practices: Implications of Fintech Developments for Banks and Bank Supervisors (Basel: BIS, 2018)
- European Central Bank, The Role of Big Tech in the Payment Market, ECB Economic Bulletin, Issue 2/2021
- Europol, 2023. Internet Organised Crime Threat Assessment (IOCTA) 2023. The Hague: Europol