In Part 1 of this series, we started our journey of understanding why customers want both security and great customer experiences by examining how customer expectations have changed in the past few years. Customers want more than just great digital experiences: they also expect companies to protect their privacy and security and insist on true security for their digital identities.
Today we’ll conclude this series by explaining how frictionless and enjoyable customer experiences can only be achieved by addressing security first.
A Sea Change in Customer Expectations
In March, I shared survey results (as well as Apple’s announcement of better security and privacy for consumers using their products) as evidence of changing consumer attitudes. These insights truly pale in comparison to the realities and lessons we’ve since learned—thanks to the global pandemic of 2020. Customer use of digital channels to interact with brands and companies exploded. The early days of the epidemic weighed heavily on companies like Netflix, Amazon and Zoom as they tried to accommodate accelerating demand from customers around the globe.
The true test of consumer patience and security expectations manifested later. Fraudulent account takeovers boomed, from unemployment filings to stimulus checks to online shopping. And call centers buckled under the weight of inconsistent digital experiences compounded by the failure to migrate employees to remote work quickly. 2020 has shown a harsh light on our ability—or inability—to provide customers with both security and excellent digital experiences.
The result? Companies are moving faster than ever to address the gaps exposed during this crisis, specifically working to mitigate the risk of losing those very same customers. Keeping customers happy isn’t just a company platitude or marketing slogan anymore; it means staying competitive and staying in business.
When we started this series together, the focus was to show how the customer world was changing and how we could use customer identity to improve security outcomes and create great experiences for them. But now convincing companies that such a change is good has been replaced by the urgent need to convince them that the change is necessary for survival.
Achieving Frictionless Security
So, how can we meet the dual requirements of higher security and better experiences? The key truly does rest with the security practitioner. This may sound counterintuitive since cybersecurity has frequently been referred to as “the office of no.” We can debate the fairness of that another day, although there’s certainly some technology-dictated truth to it. It’s a dangerous cyber world, and as a result, friction often happens by design. But friction is the death of customer experience.
With the arrival of multi-factor authentication and continuous or adaptive approaches to both authentication and authorization, the pathway to frictionless security has flattened out. Along with the rise of technical capabilities that can fundamentally change the way that we acknowledge customers and direct their flow within our systems, we’ve collectively arrived at the same conclusion about the fundamental weaknesses in our customer-facing security frameworks. If we authenticate the wrong person, bad things happen.
Are you who you say you are? The answer to that simple question is the very core of security, but the door that gets unlocked is the portal to a level of enablement and engagement that most customers have yet to experience. With high confidence and assurance in the authentication of our customer, we can enable greater access and elevated levels of customer self-management.
Rock-solid proofing of our customers’ identity during registration events affords us the ability to more tightly couple a digital identity to the data associated with them. We have a much lower risk of authenticating the wrong person if we get the proofing exercise right at the onset of our relationship.
Identity proofing and strong authentication are no longer isolated security measures; they’re business enablers for exponentially better customer experiences. With the surety that customers are who they say they are, we can now invoke additional security measures transparently in the background with much less or even zero friction for the user. For the first time in our digital history, “strong security” and “outstanding customer experience” can be used in the same sentence.
Rich Digital Identities
The evolution of identity-centric security technologies isn’t solely limited to authentication and proofing. Hybrid infrastructure and application deployment capabilities across on-premises assets and cloud now provides both the compute power and storage capacity to aggregate details about preferences, patterns, behaviors and characteristics of users. Building these deep digital profiles about a customer, citizen, partner or employee allows us to develop, for the first time, useful identity authorities to facilitate seamless and frictionless authorization flows for these users.
Our security architectures can now leverage these identity authorities with even more precise authentication authorities: user-specific aggregations of critical information that allow us to correctly authenticate that user with a high degree of certainty. The building of these rich identity authorities, in combination with powerful authentication authorities, provides a company with the type of actionable data that can be leveraged to create truly unique and personalized experiences at the individual customer level.
As we wrap up this series, we stand on the edge of a truly new frontier. We finally can create a more meaningful, useful and secure digital version of “you” that more closely aligns to the real-world, analog “you.”