In March, we started a conversation on the rapidly growing consumer expectation that you make them happy and keep them secure. In this installment, we turn our attention to the latter part of that directive: protecting our customers.
Security Does Not Equal Privacy
Keeping customers secure has, for many years, wrongly been assumed to mean passing more and more data privacy laws and regulations. But privacy and security simply aren’t the same, even though they are (and by nature must be) closely linked in order to be successful at achieving both.
The value of privacy mandates has been the universal recognition by countries and US states that the data an organization collects about its customers and citizens belongs to those same people. By establishing the rightful ownership of this data, the obligations and expectations for appropriate use and monetization of that data by organizations that collect it has finally come into focus.
To keep our customers safe, we need to go beyond privacy considerations and turn our attention to how we can truly secure customer data.
Identity is the Core of Security
The missing link in every data protection scheme is identity. Think about this for a moment. If a company is required to treat all my data as belonging to me but it isn't also required to protect me (my identity), all a hacker has to do is pretend to be me to steal my stuff. This, in a nutshell, explains almost every hack or exploit ever executed: someone pretending to be someone they aren’t to get something that doesn’t belong to them.
Unfortunately, no regulation anywhere in the world demands that an organization protect a customer’s identity. This isn’t just bad policy; it’s also poor design. But while there are no current regulatory demands other than exercising “reasonable security,” found in schemes like the California Consumer Privacy Act (CCPA), change is coming.
Right now, the CYBER LEAP Act (Senate Bill 3712 Act S.3712) is in the process of making its way to the Capitol floor. Included in this bill to address “grand challenges” within cybersecurity is digital identity. Other legislation promoting consumer identity protection nationally is in draft form. The obligation for you to protect your customers’ digital identities is on the way.
But the most forward-thinking companies will take the lead on tightly coupling a customer’s identity and their data in order to deliver the type of secure and frictionless experience that consumers are demanding—and not wait on government directives to do so.
Protecting Customers while Building Trust
Securing customers’ identity means building trusted relationships with them. It isn’t a one-time event. In fact, recent surveys suggest that 40% of customers are willing to leave a brand after just one bad experience, whether that experience be a difficult return process, a slow response to their chat inquiry or a breach of their private data.
With account opening and takeover fraud continuing to grow exponentially, you have to make customers feel secure every single time over the course of their relationship with your company and your brand. Identity proofing solutions are a necessity, because relying on an account and password construct is simply an invitation to fraud, loss and an unhappy (former) customer.
Tools and technology to protect your customers and build their trust are already available. For example, most companies go beyond simply using passwords and employ techniques like two-factor authentication (2FA) to verify users are who they say they are. And while 2FA is certainly a step up, most companies today have more than enough risk exposure to warrant introducing multi-factor authentication (MFA) into their customer experience. When MFA is done well, the sign-on event itself becomes a key component in the customer’s trust experience with you.
Creating a Frictionless Customer Experience
As customer identity becomes a bigger part of digital transformation efforts across the globe, many business leaders worry about and even actively resist changes to the customer security measures. Most, but not all, of this resistance is tied to a concern that customers will balk at the friction created by these requirements. But if customers are demanding that security be a part of their experience, why not use today’s available technologies to create a secure experience that also is frictionless?
Beyond the value created by improving customer authentication methods, we have the ability to apply analytics, AI and machine learning to evaluate and take action to keep that customer safe while providing a smooth experience. We can measure the risk of devices, locations, connections and transactions in session and invoke the optimal amount of additional security in a way that, once again, builds trust with the customer.
Making Your Customers Feel Empowered
The first step toward securing the customer experience is a simple one: acknowledging that customers want you to make them happy and keep them safe. This realization is what will provide the fuel needed to rethink and re-architect the customer journey entirely.
In our final installment of this series (coming in September), we’ll look at how the introduction of these security capabilities can do more than make your customer feel safe. By putting customers’ digital identity at the center of both security and experience, they’ll feel empowered and protected. These two ingredients create a new world of opportunities for interactions that will not only make your customers happy, but create exciting possibilities for increased revenue, customer retention and brand loyalty. Learn more about how you can deliver extraordinary customer experiences by streamlining the customer journey.