Do passwords still instil trust with the digital consumer? asks Mike Gross, Head of Global Fraud and ID Product Innovation, at the credit checking agency Experian.
The most valuable commodity a business can earn is the trust of a consumer. Many studies show that within the next two to five years, digital businesses with a differentiated customer experience, specifically when consumers open new accounts or log into existing accounts, will earn more revenue. What do customer experience and trust have in common? Twenty years ago, trust between consumers and businesses relied on the business’ reputation and its product quality. Trust was built on face-to-face interactions with sales associates relying on the spoken word, human touch and subtle visual cues. However, as the marketplace continues to shift from brick and mortar shops to click-n-mortar to virtual bazaars, trust has become difficult to establish. Practically speaking, it requires maximising both security and convenience in the digital environment. The challenge for businesses is how to do that when security and convenience have often been at odds with one another.
Consider the following scenario. A woman is shopping online for a new book. After 10 minutes of searching and browsing, she decides on a title and places it in her cart. She goes through the purchasing process which includes creating a user account with email address and password. Before finalising the transaction, she’s added her address and payment information, and saved it for future purchases. This interaction has given the retailer personal information to recognise her in the future – her email, shipping and payment information, her IP details and browsing habits, product preferences and interest. Additional third-party information is also available to the business to help verify and authenticate her identity in the future for faster, easier access to her account.
An unprecedented amount of financial and personal data will be online by 2023, which means consumers expect businesses to protect this personal information and be transparent about how they use it. According to our 2019 Global Identity & Fraud Report, seventy four percent of consumers see security as the most important aspect of their online experience.
It’s more important than ever that consumers can trust that their personal details will be kept secure and safe while at the same time, provide the convenience they expect. Consumers don’t want to have to complete endless forms with the same personal information every time we log in, ultimately increasing exposure to fraud risk at every login. In fact, 72 percent of customers are more willing go through a more vigorous enrolment process if it streamlines access to their accounts. Traditionally, security and convenience always lived in tension, with one often coming at the expense of the other. The more security businesses applied, the less convenient for customers. The more convenience, the less secure. At the time, the password was a blend between the two. It was easy enough to remember and offered consumers the perceived protection they desired. However, over the last decade or so, the password’s weaknesses have begun to show. Hackers can now simply steal or get around password defense systems, while others will try the same password for different accounts. Some sites have even tried to make passwords more complex, forcing people to insert a certain number of special characters or numbers and limiting sequences, but hackers can still get around this and many consumers find this process frustrating.
New technologies, however, are creating a more secure online environment without sacrificing convenience. Biometric security features like finger prints or face-ID are becoming more popular and mainstream authentication approaches. The public also trusts these measures, with consumer confidence growing from 43 percent to 74 percent when physical biometrics were used to protect their accounts. So, while passwords are a well-recognised feature of security and not going away, they are not the only line of defense businesses can take in protecting their customers.
In order to offer consumers security and convenience, a balance must be struck. Businesses must take a multi-layered approach that involves a variety of technologies and techniques. On the consumer side, this could involve having to type in a password, followed by a two-factor authentication code from their phone. On the business’ side, you can monitor behaviour metrics for things like how a password or other details are typed, activating a second, more vigorous security feature if the information is entered at an abnormal speed. You can also have different levels of authentication for various consumer actions. While logging into a bank account could just require a password, making a large wire transfer could demand a step-up challenge to biometrics or a series of security questions.
As authentication technology becomes more advanced, even more options will become available. The key is to find the method that earns your business the trust of consumers. In the meantime, now may be a good time to change your password.
