Companies must attempt to divert cybercriminals without inconveniencing or possibly exposing customers and their data. One expert explains how it’s possible.
We all know the drill: Passwords are difficult to remember and manage, so we reuse passwords across multiple services and devices, which often includes using the same passwords and computing devices at work and at home.
SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
This obviously helps employees and customers, but what may not be obvious is the effect on businesses and customer relations if leaked reused passwords help facilitate a data breach. Now tack on the tremendous uptick in online shopping this time of the year, and we have a perfect storm brewing.
Striking a balance
Jim Taylor, chief product officer at SecurID, in an email conversation, offered some thoughts on how upper management and those responsible for a company’s cybersecurity and customer privacy can make life more difficult for digital bad guys while remaining convenient for employees and customers.
Balancing security and convenience is especially important for retailers, who need to maintain trust without adding undue inconvenience, which could drive paying customers away. “To find this balance, businesses need to provide an identity platform that works however and whenever its users do—and across different operating systems and devices,” Taylor said. “Businesses can also make it easier and safer for users to authenticate by eliminating passwords and using risk-based authentication to simplify verification.” Risk-based authentication falls under the umbrella of continuous or contextual authentication, which is broader in scope.
By verifying that users are who they claim to be, authentication helps ensure customer privacy. “Customers should expect that businesses require authentication for certain requests, such as viewing delivery information, placing orders, changing credit card information or reviewing previous transactions,” Taylor said. “Customer authentication also helps businesses secure their operations and ensure customers can place or track orders but not log into the corporate network.”
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Something not always considered is that employees and customers may use new devices to log in and register for services, which in turn increases the likelihood of users needing password resets. “These are some of cybercriminals’ favorite situations: the high degree of change and the resulting confusion distract and stress security teams, providing hackers with cover,” Taylor said. “Risk-based authentication can help businesses prepare for these high-risk situations with policies that adapt to the moment. They can also use context-aware authentication to start learning what ‘normal’ looks like for each user to harden their security posture.”
Authentication, according to Taylor, needs to look and feel like a natural extension of the overall brand, as well as be seamless and consistent across all channels, from the web to mobile. He also recommended that businesses work with vendors who can adapt their solutions to the businesses’ environment—not the other way around.
Holiday shopping changes everything
To put it simply, consumers tend to act differently during the holidays—stepping outside their typical pattern box. For example, consumers, when shopping in person, handle confusion relatively well. Shopping in brick-and-mortar stores allows us to integrate cues and other information to determine whether we trust someone enough to do business with them. Some examples are:
- Does the sales clerk have a name tag?
- Does the person assisting have the same uniform as other clerks?
- Have my friends shopped here before?
- What have my friends’ experiences been?
- Do the sales clerks seem to know what they’re talking about?
Shopping online is very different. Cues and relevant information are hard to come by, thus making it difficult to make judgments and build trust. “It’s just as difficult for retailers, who need to establish trust almost instantaneously to win a customer’s business,” Taylor said. “E-commerce leaders study the rate of abandonment, which shows how often customers walk away from making an online purchase and the factors that contribute to that decision.”
- Over 50% of online shoppers will abandon a site if they have to wait three seconds for the page to load.
- Over 60% of online shoppers lost interest in creating an account due to password requirements.
- Nearly 40% of mobile users abandoned their cart when it became too difficult to enter their personal information.
Regarding the 50% who get impatient waiting for a page to load, Taylor offered some advice:
“I’d ask consumers—particularly consumers shopping at a new retailer—to give e-commerce sites a little longer than three seconds. Your digital persona is valuable, and how you’ll represent yourself in any number of online interactions.”
Continual or contextual authentication
One way retailers and customers can build trust in each other is through continuous or contextual authentication, technology that replicates the real-world process of reacting to and processing social cues and additional information when interacting with other people. “Businesses can look at me and see that Jim is on a device he’s used before, logging in from an IP address that we recognize, shopping for a product similar to what he’s used in the past, and he’s online during a time where we’d expect him to be awake,” Taylor said. “Continuously assessing and reacting to those factors should give the retailer some confidence that I am who I say I am, and that I’m the one who is spending my money.”
E-commerce is relatively new, which means unexpected—thus uncontrolled—variables can enter the equation. “But what we can control is identity,” Taylor said. “And, it’s worth your time and business to work with retailers that take care to protect your information and verify you are who you claim to be.”