As customer journeys have migrated from the physical to the digital realm, brands have tried to recreate personal in-store experiences online. Unfortunately, early attempts at achieving this relied on data collected from browser cookies and third-party data brokers, often resulting in anonymous, intrusive and even creepy interactions. This trend has caused modern consumers to start demanding more trusted experiences in exchange for their information.
However, with transactions originating from a widening variety of touchpoints and devices, old username and password-based authentication methods are proving to be increasingly risky, in addition to creating friction in the user experience. In response, businesses are looking to new strategies and technologies to enhance safety and privacy while offering more seamless customer journeys. So what are some of the trends driving these changes and the solutions being put forth to address them?
Passwordless Authentication
According to figures from Adobe, during 2015’s Black Friday and Thanksgiving sales, $1.5 billion out of a total of $4.45 billion net sales—or 27¢ on the dollar—occurred on mobile devices, and this trend toward mobile purchases is growing year-over-year. It’s important, then, to offer users a frictionless and secure way to register and log in from any device.
One effective method bypasses passwords altogether and uses a mobile phone number as an identifier. At the registration or login screen, whether from a desktop, laptop or mobile device, the customer is simply asked to enter the number for her mobile phone, where she then receives a one-time verification code. When the customer enters this code, she’s automatically logged in, with no new password combination to remember. The whole operation is inherently safer and also reduces friction for the customer.
Risk-Based Authentication (RBA)
With the proliferation of digital channels and connected devices, consumers are now able to engage with brands across laptops, smartphones, tablets and even smartwatches. The convenience of this cross-channel experience comes with inherent risk, as there are multiple opportunities for data to be hijacked. To combat this, forward-thinking brands are using contextual information to trigger step-up authentication and safeguard against fraud.
RBA can be applied dynamically as users interact through web or mobile browsers or mobile apps by flagging high-risk behaviors and initiating an additional authentication step to ensure that users are who they say they are. Thresholds can be set for logins from unusual locations, or for the use of new devices or user agents. When these thresholds are exceeded, a second authentication factor is invoked in the form of a one-time code sent to the user’s email or mobile phone via text or voice message. This reduces the risk of hacked accounts or pilfered data and provides peace of mind to customers without making them jump through unnecessary security hoops.
By letting go of old habits and embracing new technologies, security professionals can help usher in a new age for digital business. Brands should empower customers to own their identities and online experiences by demonstrating a commitment to well-designed and transparent authentication processes. Leading customer identity management (CIAM) platforms are announcing functionality that maintains industry-leading security standards and cutting-edge processes to optimize safety, privacy and user experience.