Created a unified customer identity that improves customer experience and unlocks valuable customer insights.
Configured and deployed a new customer identity solution to the cloud in just 12 weeks.
Achieved PSD2 compliance while minimizing friction using continuous risk-based customer authentication.
Removed security burden from developers to deliver self-service features and new services faster and more cost-effectively.
Tesco Bank Counts on Customer Identity to Put Customer Experience First
Tesco Bank is the retail banking division of Tesco, the UK's largest supermarket retailer. Since its formation in 1997, Tesco Bank has been helping Tesco customers manage their money better by providing a host of banking, general insurance, and money products and services.
Committed to delivering the highest customer service, the bank is continually seeking ways to improve its customers’ experiences. But customer identities had become siloed across products and services, adding friction to the customer experience. At the same time, the bank needed to prepare for compliance with the revised Payment Services Directive (PSD2), a European electronic services regulation requiring strong customer authentication, as well as address an inflexible security posture that was adding cost and time to the launch of new applications and features.
Realizing their rigid architecture couldn’t support the challenges they needed to overcome, the Tesco Bank team knew they needed to act fast. Led by main customer security domain architect David McConchie, they sought a customer identity platform that could extend across all of their channels and allow them to consolidate disparate identity data, laying the foundation for a common customer identity.
McConchie and team faced three major challenges: improve customer experience, meet PSD2 compliance and increase business agility. Their first requirement was delivering a new single-factor authentication solution for a self-service web portal for their general insurance customer base. But this would introduce yet another siloed identity into their already disparate identity ecosystem. To meet the targeted launch date, the team had a narrow window in which to change course. This included finding a way to efficiently stand up the products, build a single-factor authentication journey and configure all of the insurance products to provide the necessary security that they required.
Next up was replacing their legacy security technologies across both web and mobile so the Tesco team could build out the requirements of PSD2. They needed to address the API security requirements of open banking and implement continuous risk-based authentication. McConchie says, “It was certainly a high-risk project because the web and mobile channels were existing and servicing millions of customers. There was a considerable focus from senior stakeholders to ensure we were able to migrate off our legacy security technology without impacting customers adversely.”
Facing hard deadlines and a growing list of requirements, the bank orchestrated a proof of concept between their incumbent vendor and Ping Identity. To pressure test the technologies, they built a dummy web application to compare each vendor’s ability to deliver a customer authentication journey and abstract authentication and authorization from the application itself. They wanted to see how each vendor could break down their identity silos and bring it all together to build a common identity layer.
Ping + ProofID emerged as the winners. Explains McConchie, “We saw how we could use PingAccess and PingFederate to work across web, mobile, and API. The ease with which we could deploy across channels was a critical factor, also the dynamic authorization of Symphonic (now part of PingDataGovernance). Ping’s solutions give us the flexible authorization capability we need to minimize friction and deliver a customer-centric experience.”
We faced many challenges given the schedule and number of people and processes involved. But Ping's products and team couldn't have been much easier. The Ping strategy and roadmap are so well aligned with what we want to do as a bank. From the Ping perspective, I've been really, really pleased.
Customer Security Architect
Working with ProofID as their managed service provider and implementation partner, the Tesco Bank team configured their new PingAccess and PingFederate cluster to secure their general insurance application in just 12 weeks. This was no easy feat, requiring them to build a single-factor login journey and deploy it across their private AWS cloud. But now that they have a common identity provider across banking, credit cards, and general insurance, Tesco Bank is able to leverage a unified customer identity to deliver a better customer experience and gain customer insights.
By implementing a common security layer, Tesco Bank has also alleviated security responsibilities from developers, reducing the cost and time needed to launch new applications and features. They’ve implemented applications in days or hours that once would have taken weeks, including self-service features that help Tesco Bank customers take advantage of payment deferral programs during the COVID-19 pandemic. Customers can now more easily manage their money, creating an even better experience.
Last but not least, the bank achieved PSD2 compliance by implementing continuous, risk-based customer authentication. Looking ahead, McConchie is excited about the possibilities to leverage customer identity to continuously improve the customer experience. A regular participant in Ping’s IDENTIFY user conferences, McConchie says, “What Ping talked about at IDENTIFY last year is exactly where we are now: delivering an integrated Tesco customer experience and positioning customer identity as a business enabler of that.”
More About Tesco Bank
Serving more than 5 million customers, Tesco Bank is the retail banking division of Tesco, the UK's largest supermarket retailer. Since 1997, the bank has provided its customers with a range of financial products and services to help them manage their money better.
ProofID is an identity security partner, integrator and service provider. Trusted by Tier 1 enterprises and mid-market businesses around the world to design, deliver and manage IAM services. Earning Global Delivery Partner of the Year Award for three consecutive years and North American Channel Partner of the Year 2020 from chosen partner Ping Identity.