Every security control has a human story attached. When a medically vulnerable customer cannot remove a ventilation mask for a facial recognition step, the design of that control suddenly becomes a barrier, not a protection. That reality was brought sharply into focus by Mr Shalom Lim Ern Rong’s letter about the registration friction experienced with MariBank. The reaction from the bank was swift and responsible: outreach to Mr Lim, an offered alternative verification pathway, and a pledge to train customer-facing teams to handle similar cases with empathy. That response is the baseline. The expectation now is for continuous, deliberate improvement.
Security must protect people first
Security mechanisms exist to reduce risk. They are not an end in themselves. When a digital bank layers facial verification on top of account opening, the intent is clear: reduce identity fraud and keep accounts safe. Yet that same mechanism can exclude customers who, for medical or cultural reasons, cannot comply with the exact interaction the system expects. Those customers are not edge cases to be ignored; they are voices that reveal brittle processes.
Consider a recent field visit with a small-business owner in HDB heartlands. The entrepreneur relies on an oxygen concentrator and cannot remove a mask for long. During account setup, the app insisted on a live facial scan. Frustration mounted, trust frayed, and the onboarding process stalled. The resolution—an alternative verification offered after a manual call—worked, but only after unnecessary stress. That moment highlighted a simple truth: verification must be flexible without sacrificing safety.
Alternative verification must be practical and dignified
Alternate routes are not second-class measures; they must be designed as primary, respectful options. That means:
- multiple, clearly presented choices during onboarding (document upload, supervised video call, biometric alternatives);
- manual verification paths that are fast-tracked and empathetic, not bureaucratic and humiliating;
- frontline staff empowered to make decisions, with clear escalation criteria and privacy-preserving checks.
A bank that offers a single, immovable gate accomplishes neither inclusion nor protection. Offering options is an acknowledgement that trust is earned, not enforced.
Design decisions must account for people, not just processes
Dialogue matters. Labels such as “extra step” or “mandatory check” are tone-deaf when communicated without context. Customers need to understand why an action is requested, what it achieves for them, and what alternatives exist. A brief script during the verification flow that explains the security rationale and offers an immediate alternative reduces friction and preserves dignity.
“Removing the ventilation mask isn’t an option,” the letter stated plainly. That single line should have been all the software needed to pivot to another route.
Training matters too. Frontline teams must be equipped with both authority and tools. Empowerment includes: permission to verify identity via supervised video call, access to secure document-upload systems, and an escalation channel to resolve exceptions within the same business day. When a human is on the line, systems should bend, not snap.
Practical technical approaches that preserve security
There are proven, privacy-respecting methods that maintain strong assurance without forcing a single biometric interaction. Examples to consider:
- document-based verification combined with liveness indicators from short recorded videos; these can capture necessary identity cues while accommodating masks;
- supervised remote verification via secure video call, where an agent guides the process and confirms supporting documents;
- behavioural analytics and device recognition, used as part of a risk-scoring model to allow lower-friction paths for low-risk scenarios;
- branch or partner-assisted onboarding for those who need physical support or special accommodations.
None of these options demands a compromised security posture. What they do require is intentional implementation and regular review against fraud metrics and customer satisfaction indicators.
A cultural shift: empathy as control
Standard operating procedures must include empathy as a measurable control. That sounds soft, but it is operational. Embed feedback loops: every exception handled because of a medical need should generate a tiny case review, a short note about what worked and what failed, and a product tweak if patterns emerge. Over time, that data becomes the foundation for policy that keeps everyone safer without shutting anyone out.
MariBank’s outreach to Mr Lim and the public acknowledgement of the issue set a positive tone. The commitment to provide alternative solutions and to train staff is the type of action that bridges policy and practice. The next step is to document those alternative flows clearly, monitor their use, and publish aggregate learnings so the industry can do better together.
Closing challenge
Design for people first, then for fraud. Offer options, explain why controls exist, and make exceptions painless and dignified. That is not optional. It is the mark of a bank that understands its role in people’s lives. The technology is available. The will must follow. When a single sentence from a customer — a medical constraint stated plainly — triggers a chain of improvements across onboarding, accessibility wins and risk remains managed. That outcome is non-negotiable.
Read this as a call to action: build systems that are robust and humane. Train teams to respond with speed and empathy. Measure both security outcomes and human outcomes. Doing so will keep accounts safe and customers respected, the dual mandate every digital bank must uphold.