Balancing Security and User Experience in Fintech Products

Security has always been on top of everyone’s mind when using a fintech product. You might think that a secure product won’t be seamless, and vice versa. After all, one cannot have both, right? But having these two factors side by side is very important for your product, and it’s possible to be done.

So which comes first: a secure product or a seamless one? As shared during the Product Development Conference by Tech in Asia together with my colleague Pratyush Prasanna, I will share how to balance user experience and security for your fintech product here.

The Importance of Information Security

Information security is a major concern for customers nowadays that shouldn’t be underestimated. This is very important and actually a good thing because it means that the level of their awareness of information security has increased significantly compared to a few years before. It’s always better to have security prevention than mitigation.

At GoTo Financial, information security has always been our top priority, even before it became a major concern. We have a security design review, assessment, and implementation process that is embedded into the very early stage of our product development to ensure that we get high-quality output from the process while minimizing friction to support our agile development process.

More Secure Does Not Always Mean Less Seamless

As mentioned before, a secure product may not necessarily be less seamless. The Product Manager (PM) and the design team need to build the right mindset to develop a good secure fintech product that people can trust. We should consider security as an important part of providing a great user experience for our merchants and our customers

When I said we embedded our information security process early in the product development cycle, it’s not only the PM’s responsibility to deliver that. It’s also the responsibility of the information security team to ensure we optimize the security process to avoid unnecessary workload, roadblocks, or issues in the development cycle while also ensuring we deliver a high-quality design and assessment result which in the end will contribute to a secure and convenience products.

In the end, being safe and secure is part of the overall experience for our merchants. Of course, we can not eliminate all risks completely, that is why we have many educational campaigns to increase our merchants’ awareness of the importance of security and help them adopt these security features with ease and to increase our customers and merchants awareness level towards security even further.

How to Prioritize: Security or Seamlessness First?

The reason why we are embedding our risk assessment or security processes very early in the product development stage is so that we can balance the risks. In the early days, we only balanced between risk and benefits. Nowadays, we are striving to balance security, costs, benefits, and also the convenience or experience of our users. One of the goals to achieve by doing the embedment is to ensure that the PM together with the information security team has enough time to achieve this balance.

Also thankfully, the GoTo Financial information security and UX team are highly talented and experienced in the financial services industry, so incorporating security and translating it into a good UI with the best experience for our customers and merchants is one of their best expertise.

How to Manage Risks?

Risk management is the most important aspect to be considered in information security. Balancing risks, cost, benefits, and convenience or experience to ensure that we have an optimum risk management practice is the key to having a successful information security program.

That is why risk management needs to be incorporated into our security initiatives. There are 5 primary risk components, exposure/impact, probability, time horizon, volatility, and capital. Some initiatives might focus on reducing the impact, some others focus on reducing the probability, some even reduce the time horizon to reduce the overall risk level, and or other risk factors. Strategizing to work with all of these risk factors is the key to managing the risks effectively and efficiently.

There’s a goldilocks zone in the risk bell curve where the output is optimum, we are aiming for that sweet spot, to ensure we get the optimum result on both security and business objectives while minimizing negative impacts such as cost and inconvenience as part of the consequences.

Balancing your fintech product to be seamless and secure can be challenging, but it’s not impossible. Our teams at Midtrans have proved it. We build Midtrans as a payment gateway service that can help you receive payments with various methods in just one system. Not only does it offer a good user experience for both consumers and merchants, but you also won’t have to worry about security.