In the world of identity management and security, fraudsters are constantly evolving their tactics, exploiting weaknesses in outdated device identification methods. For fraud, identity and digital experience teams, securing...
By now the issue with passwords is prevalent to both customers and online vendors. As our world continues to rely on digital services for almost every factor of our lives (think: banking, grocery shopping, work and socializing), our reliance on passwords and the need to manage our digital identities has become something that customers and vendors need to properly manage. More than that, it should be at the forefront of any business’s customer experience journey and part of any security plan.
The state of customer authentication today is certainly not up to par with the high demand for seamless customer experiences. Here we explore the 8 biggest issues in CIAM today and how Transmit Security’s innovative solution is paving the way for a brand new way of customer authentication.
Passwords are inherently insecure
Many customers have fallen to bad habits as a way to cope with the amount of passwords they need to remember. To cope, many often reuse easy to remember (read: weak and easy to guess) passwords across multiple accounts. The password “123456” is still used by around 23 million account holders (First Contact). While that might make your customers’ lives temporarily easier, these easy to crack passwords pose a threat to the security of your company and their sensitive personal information.
As long as passwords are in use the security issues that follow and the friction they cause customers will continue. Vendors who can’t offer a more seamless authentication experience will be left with frustrated users and a steady decline in profit and customer loyalty.
Authentication is too complex
Identity security tends to either ensure high levels of security or an optimal user experience – but never both. In many cases, if you are in search of strong authentication that usually comes at the price of usability. Traditional methods of ‘strong’ authentication include knowledge-based questions, one-time codes sent via text messages or email or the use of hardware devices. Basically, a process full of complexity, roadblocks and frustration.
Considering the arduous process that customers have to endure, it’s not surprising that up to 50% of consumers abandon identity registration processes due to high levels of friction (Fintech Futures).
Securely authenticating unrecognized devices
With 22% of smartphone owners changing their phone at least once a year (PhoneArena.com) online vendors need to find ways of re-authenticating an existing customer’s new device. This could also be true if a customer simply needs to replace a lost or stolen device. Regardless of the current method of authentication, let’s say the use of device biometrics is in place, in order to re-authenticate that device usually vendors are forced to fall back on older, less secure methods (such as OTPs). Essentially negating the use of the secure updated method of authentication and once again, leaving you and your customers at risk of a security breach.
Keeping customer information up-to-date
Some online services are accessed daily, if not hourly (think about your social media accounts). But there are others that may only require access once a year (think about a pet insurance policy for example). Within that year, a lot can change in terms of a customer’s information – updated device, new address, new phone number. If online vendors have no system in place to keep track of infrequent users, customers need to re-authorize their account, devices and biometric information every time to gain access to their own account. An annoying process to say the least.
An Inconsistent customer experience across channels
Speaking of our over-reliance on online services, this also means that customers use multiple devices to access different services. According to Google, 90% of consumers flip between multiple devices in one day. Unless you have a cross-channel solution in place that offers a unified experience, customers are faced with multiple user experiences depending on which device or browser they use.
In an era increasingly characterized by competition around customer convenience, experience and brand recognition, an inconsistent cross-channel customer experience is detrimental to your organization’s overall authentication process.
Low mobile-app adoption rates
In an effort to increase security measures, many enterprises have gone down the route of creating a dedicated app. Something that costs a fortune in terms of time and resources. While the security benefits of a dedicated app are clear to an organization, customers are very reluctant to download yet another app – even if they know it was created specifically to protect them.
The constant bombardment of apps has led most Americans to not download any apps at all. According to comScore, in a given month 65% of U.S smartphone users don’t download a single app. These low adoption rates are a clear indication that even with a dedicated app, authentication is still too intricate and complex.
Call centers rely on knowledge-based questions
Many call centers rely on knowledge-based questions as a way to verify a customer. While this method might have been successful in the past, with the rise of our ‘show all, tell all’ culture spearheaded by social media, it’s proved ineffective and insecure. With the right access, it doesn’t take much for a hacker to find out your pet’s name, your date of birth or the city you grew up in.
Since many ‘secret’ questions can easily be found on social media or the dark web, companies are more vulnerable than ever to social engineering attacks and account takeover (ATO).
Just in the year 2020, an estimated cost of $775 million was associated with account takeover losses in call centers (Aite Group).
Customers face inconvenient experiences
About a third of online purchases are abandoned at checkout because consumers can’t remember their passwords (MasterCard). That’s a lot of money that goes unspent in the online world simply because users can’t remember their password. Customers will spend valuable time adding items to their cart but when asked to sign up or re-enter their password they flee. Why? Because it’s inconvenient and they know they can hop on over to the next site that won’t make them jump through hoops to check out successfully.
BindID: The future of CIAM is here
Given the current state of customer authentication, Transmit Security set out to create a solution that would cover all the issues discussed above. BindID powers businesses with the industry’s first app-less mobile authenticator that customers can use to authenticate to any application or any channel. Delight your customers with a truly passwordless experience with no user ids, passwords or failed logins. BindID welcomes the end of poor customer experience and the beginning of a seamless, secure and advanced new method of authentication.
As a content writer for Transmit Security, Taira specializes in discovering and sharing trends and insights in the identity security industry. Her experience in various marketing and content roles in high tech gives her a unique perspective on content creation. Previously, Taira served as blog manager at leading website builder platform, Wix.com.