Cyberattacks and fraudulent transactions are increasing in their sophistication and impact, making the balance between customer experience and security more complex and more challenging than ever. It’s become abundantly clear that relying on complicated passwords is an untenable way to secure data online. That’s why businesses are increasingly migrating to biometric systems, which can ensure greater security for personal information, while also providing customers with a more seamless experience across multiple devices. But to make biometric systems customer-friendly, companies have to provide options: some customers will never want to rely on a thumbprint scan or facial recognition software. Others will want to rely on a mix of biometric security options and more traditional password or PIN methods.
Passwords have become a ubiquitous requirement for consumers who want to perform any online activity in a secure environment. It’s safe to say that most of us are overwhelmed by the plethora of passwords (and associated security questions and protocols) we must keep track of just to access our online accounts. It’s become abundantly clear that passwords are an untenable way to secure our data online. And asking your customers to keep track of complicated log-in information is a terrible user experience.
Even when transactions require a two-step verification process — say, a text message delivering a code to unlock your account — there is no guarantee that the information is safe from the prying eyes (and fingers) of sophisticated thieves, hackers and other bad actors, who can easily use “digital signature” patterns to latch onto correct answers, break into people’s accounts, and steal sensitive personal information. Several recent instances of thieves hacking into IT systems at major corporations and cracking customer passwords to steal identifiable personal information underscore a vulnerability where even the most complex passwords provide very little protection.
The threat to security when relying on passwords is one reason businesses are increasingly migrating to biometric systems. Identity verification through biometrics can ensure greater security for personal information, while also providing customers with a more seamless experience in the digital environment of smartphones, tablets, sensors, and other devices.
What makes biometrics so special is that they are industry agnostic. No matter the technology or device — e.g., fingerprint readers, retinal eye scanners, voice recognition systems, hand geometry, facial recognition, or even a new, “selfie”-based authentication method that MasterCard and USAA have rolled out — the idea is to verify someone’s identity with a high degree of assurance by tying it to multiple mechanisms at once, known as biometric modalities. These modalities, when used in concert, can provide a significantly safer environment for the customer, and are much easier to use.
Biometrics are also harder to manipulate than passwords and other two-step verification processes. While a bad actor could feasibly gain access to your thumbprint on the specific device it is stored on or to your digital voiceprint, if an app simultaneously requires a thumbprint, a retina scan, and a vocal recognition signature, it would be close to impossible for a bad actor to replicate that in the seconds needed to open the app. While this system is a much safer alternative to passwords, executives who are engineering new digital products, apps, and websites will need to find the right balance between security requirements and user experience. This is easier said than done, especially in an environment where customers expect to be able to interact with your product on multiple digital devices.
In our experience and advisory work with clients, we’ve frequently observed companies using a one-size-fits-all approach to the user security experience. When businesses invest in one particular type of biometrics (e.g., thumbprint or facial recognition), there is a tendency to force all of their customers into the same “digital straitjacket.” This offers users no choice in information security. One customer might be very comfortable in using their thumbprint to open social media apps, while another might flat-out refuse. When a company offers only one option, it severely limits its reach. A much better approach is to rethink security from a user’s perspective, offering personalized options.
Consider this example of an omnichannel biometric security experience. Let’s say that a customer uses their thumbprint to log in to their mobile banking app, which knows that the customer is standing only a few feet away from the ATM. Based on the user’s known preference, the app can either ask if the person would like to withdraw money at that ATM or ask them to proceed to the machine and authenticate the traditional way, with chip card and pin. The customer may also want this preference to change based on the dollar amount they would like to withdraw. For example, if under $200, they may feel comfortable with the mobile banking app withdrawing money at the machine. But they may consider a larger amount to be a riskier transaction, and in such cases may prefer the security of inserting the chip-enabled card and entering a PIN into the ATM. It’s all about delivering a seamless digital experience, aligned to the preferences of individual customers, that combines speed, accuracy, safety, and ease of use.
Cyberattacks and fraudulent transactions are increasing in their sophistication and impact, making the balance between customer experience and security more complex and more challenging than ever. Ensuring the proper balance between security requirements and customer experience is key to driving the optimal digital experience and, ultimately, the right business outcomes. Our research has shown that customers are more likely to stay with a company — or switch to another company — that offers better security and transparent communications around how they approach security and remediate problems.
Client-centric security experiences can create value for customers by giving users what they expect from digital security: the ease and convenience of doing business seamlessly in a safe environment.
Powered by WPeMatico