a good thing!
What is Customer Identity and Access Management (CIAM)?
And Why it Matters to Financial Services
With privacy concerns, security risks and fraud on the rise, financial organizations are making a seismic shift to meet compliance and regulatory demands. For these organizations, delivering a secure, seamless, digital-first experience on all channels isn’t just a nice-to-have—it’s a must-have.
Customer identity and access management (CIAM) can help you deliver that experience, by enabling you to securely capture and manage customer identity and profile data, as well as control customer access to applications and services.
Strong CIAM (aka customer identity) solutions usually provide a combination of features, including customer registration, self-service account management, consent and preference management, single sign-on (SSO), multi-factor authentication (MFA), access management, directory services and data access governance. The best CIAM solutions ensure a secure, seamless customer experience at extreme scale and performance, no matter which channels (web, mobile, etc.) customers use to engage with your brand.
These solutions can be delivered via software that can be deployed on premises, in private clouds or via API-first Identity-as-a-Service (IDaaS) platforms. These platforms expose their capabilities—including admin capabilities—via APIs and are geared toward development teams who want to embed CIAM services into their applications. Regardless of delivery method, the goal is to make the experience of accessing digital applications seamless and secure.
Why CIAM Is Important
Customers want two simple things as they interact with your brand. Firstly, they want you to delight them by providing great user experiences. Secondly, they want you to protect them from fraud, breaches and privacy violations. CIAM helps you do both.
Delighting your customers means ensuring their journey—from their initial introduction to your brand to the time they become your loyal advocates—is as smooth as possible. If you fall short of providing an exceptional experience, your customers may go elsewhere.
“One in three customers will walk away from a brand they love after just one bad experience."
Source: “Experience is everything: Here’s how to get it right,” PwC, 2018
Given what’s at stake, a great customer experience is no longer just nice to have; it's a critical differentiator. In their ”Experience is everything” report, PwC found that 32% of customers will abandon a favorite brand after just one bad experience.
You can’t stop at experience either. Customers also care deeply about security. A 2019 Ping Identity report revealed that 81% of customers would stop engaging with a brand online following a breach (a 3% increase over 2018), and one in four would stop all interaction whatsoever. The most recent Cost of a Data Breach study found that of the $3.92 million average cost of a data breach, 36% of the total, or $1.42 million, was the direct result of lost business.
A lot of money is spent getting new customers to interact with your brand for the first time. Their first impression starts with the registration process, making it a critical aspect to get right.
Registration is the pivotal point when you’re able to capture a new prospect. Because you’re asking them to give you information for the first time, you need to streamline the experience. Customer identity helps you ensure they complete the process by:
Once customers have successfully introduced themselves to your brand, you must turn your focus to delivering convenient and consistent customer experiences across channels. Here are the fundamentals that help you do so.
Your customers need the ability to access their data consistently across all channels. Even if you’ve implemented SSO and are providing consistent sign-on experiences for all your apps, your apps may still lack access to a single set of customer data. Application A may think a customer’s phone number is 512-555-5555, while Application B says it’s 555-867-5309. These are the types of discrepancies that create disjointed and disappointing experiences for customers.
Imagine that you’ve just moved and updated your address in your bank’s web application. You then order checks—not realizing you’re using a separate application—and assume the address change will be reflected. But your checks get delivered to your old address. That’s the kind of negative experience that sours customer relationships. Customer identity ensures that all applications have access to the same view of the customer. If a customer updates their information in one place, it’s updated everywhere.
If a customer is requesting support, they’re likely having a negative experience. To ensure a small problem doesn’t balloon into a major issue and a lost customer, you need the ability to quickly and effectively address support requests. By streamlining the authentication process, customer identity helps you provide a better experience, including stronger support capabilities.
Support calls are typically frustrating and tedious experiences that require you to first identify yourself through an interactive voice response (IVR) system, then identify yourself again once you get a rep on the line. Using CIAM capabilities, your support reps can identify a logged-in support customer without requiring them to login again. They’re able to answer the phone with a friendly “how can I help you?” instead of an impersonal “who are you?”
As customers progress in their journey with your brand, they begin interacting with different applications and channels. These different applications may want to store different details about customers. Some examples include:
Like loyalty, trust is something that’s built with your customers over time. You do this by giving them control over and visibility into their data and how it’s being used.
Privacy regulations like GDPR and CCPA impose steep fines on companies that fail to comply. But at their core, they exist to encourage companies to be good stewards of customer data. Customer identity plays a critical role in helping you protect the privacy of your customers’ data and build a foundation of trust with your customers.
Collecting customer consent and enforcing it are two different things. CIAM helps you do both. Giving your customer the ability to accept your privacy policy or decide who you share their email address with are examples of collecting consent. To enforce it, you need to make sure apps are able to access only the data that the customer agrees to share.
Customer identity allows you to inspect customer consent and make sure it’s enforced. In the case of sharing emails, if the customer has specified that their email shouldn’t be shared with a partner app, the email address will be excluded when the app requests customer data. This type of enforcement ensures compliance with privacy regulations and also facilitates responsible open business. By giving you assurance that data is being shared based on consent, you can leverage open business to provide even better customer experiences and gain a leg up on your competition.
At every stage of the user journey, CIAM ensures customer data is protected and secure. The unique capabilities of customer identity help you strengthen security, while minimizing the likelihood of data breach and fraud.
Data breaches typically involve a bad actor gaining access to many customer records—often many millions of records. Those records may contain passwords, usernames, phone numbers, credit card numbers or other personally identifiable information (PII). Simply posing as a customer will usually not help a hacker successfully breach large amounts of data, because customers don’t have access to the data of other customers. Instead, these attacks are often performed by insiders or are due to inadvertent mistakes made by IT or development teams.
Customer identity helps you thwart breaches across several fronts:
When it comes to IAM, the fundamental difference between customers and employees is your customers have a choice about doing business with you. If you're not meeting their experience expectations, or if they fear their data might be compromised, they can easily go to a competitor. On the other hand, when you’re able to delight them with seamless financial services experiences and protect them through every stage of their journey, you’re able to acquire and retain more customers, drive increased revenue and loyalty, and earn their trust.