I recently had the privilege of hosting a series of think tank sessions in Melbourne and in Sydney for the occasion of the FST Future of Security events in March, which Pirean was a sponsor of. The subject of the discussion was Consumer Digital Identity Management. The think tank aimed at addressing the boosting of online services adoption with efficient and attractive consumer identity management practices. The following questions provided a starting point to the group discussions:
- What are the consumers’ expectations with regards to their online identity and access management?
- How well do identity and access management, time-to-market objectives and user experience currently come together for consumer online services?
- How to boost online services adoption through winning consumer identity and access experiences?
I was joined by the following two senior financial industry representative and guest speakers who provided great insights to the discussions: Dr Chris Rathborne, Chief Digital Information Officer in Melbourne, and Phillimon Zongo, Published Author and Cyber Security Advisor in Sydney.
We had the pleasure of engaging with more than 60 FSI delegates across 6 sessions in which great insights and ideas were shared.
We have documented a summary of our discussions here: Consumer Digital Identity Management Think-Tank. The key points of our report are the following.
Managing consumer digital identities
Managing consumer digital identities is about efficiently connecting people with online services such as web-banking or online-retail applications through web-browsers or mobile applications. Such connections typically involve managing key functions such as identity enrolment and access.
Businesses have a lot at stake in best managing consumer digital identities
Businesses can satisfy, dissatisfy, lose, gain and retain online customers depending on how well they manage digital identities. There is a cost to authentication related inconvenience. There is also an opportunity in increasing digital usage through easier authentication and security.
Financial services providers rely on the efficient consumption of their online channels to satisfy their customers and to remain competitive. Such consumption is subject to the conundrum of the secure user experience: “efficiently balancing usability and security”.
Online customers and their digital trust
“Our customers expect us to be open and transparent on security and to make security easy for them. They also have preferences for authentication. They want options for security.” (A CISO, speaker at FST Security).
People develop different expectations with security preferences based on their socioeconomic and cultural background. Some expect security to be transparent. They don’t need to see it to believe in it. They importantly don’t want to experience it as a step in the middle of their digital business. However, others need or want to see security in the middle to develop a feeling of trust towards a digital service.
Importantly, digital identity management creates a first impression that influences the successful uptake of online services and apps. The challenge is about securing transactions well enough while providing a satisfying customer experience from the first interaction a customer has with an online service.
The double edge risk of online consumer security choices
Providing consumers with security choices may come at some extra risk to the service provider and to the consumer. Consumers can make ill-informed choices, and the service provider is probably the party feeling the most responsible for it. It may not always be natural to contemplate how to best manage security options. Some may then refrain from offering options. However, the risk of client retention should also be considered as part of it. The usability and the consumer feelings towards accessing applications cannot be ignored, because it can really have a business impact. Consumer Digital Identity Management can deliver a business differentiation when efficiently implemented.
Managing the extra consumer risk
The following ideas were provided by the think tank delegates to help in best managing consumer digital identities.
- Implement user driven adaptive security: let users make their own choices of security strength in a manner that the selected strength (or inconvenience) explicitly informs the boundaries of what they can do online.
- Raise consumer security awareness: consider an option to trade-off security awareness for rewards (incl. be allowed some security choices).
- Leverage User Behaviour Analytics (UBA): use UBA to improve security and use it in a manner that offers personalised functions (e.g. detect international airport location: “Heading overseas? Enable overseas travel feature?”)
- Manage consumer devices thoughtfully: consumer devices are an extension of consumers’ digital identities. Manage them efficiently to improve security and offer better usability (e.g. an app on a trusted device, regularly used and registered could be used with just fingerprint of PIN authentication).
Delivering secure and good customer experience altogether
In Australia, reports of FSI Customer eXperience (CX) teams directly managing security process discussions are increasing. It includes CX teams also leading some direct engagement with security vendors for first-hand discussions on the CX considerations of security options available.
The key to delivering a secure and a good CX altogether hinges on enabling an efficient collaboration across security, digital, marketing and other business stakeholders on the IAM functions from the beginning. It is suggested not to leave it to a User Acceptance Testing (UAT) phase for the business stakeholders to realise, very late, what their clients must go through to access business apps. Some IAM technology platforms may also make it easier to orchestrate such a collaboration.
Please find a copy of the Consumer Digital Identity Management Think-Tank here.