One-half of one second—that is how brief of a time-span it seemingly can take for a business to lose a customer. Gaining and retaining consumer attention is something of a nuanced art form and science that can be completely undone by an easily misplaced word or a cumbersome process. Businesses frequently lose customers not because they have an inferior product or service but simply because, for some reason, the customers had a brief negative experience. While it is impossible to control what customers are thinking and feeling at any given time, it is clear that many of these negative impressions are self-inflicted by businesses that fail to create welcoming environments. Unfortunately, many organizations find it difficult to adopt CIAM approaches that enable favorable consumer experiences without violating security requirements. After all, the primary purpose of CIAM is to protect a business’s intellectual property, secure private customer information, and prevent account misuse or fraud.
Different use cases will require different levels of security controls. Access to a bank account, for instance, will undoubtedly require more stringent security policies than, say, access to an online gaming system. CIAM process will also need to be customized to support each unique use case. For example, granting customer access to user accounts, shopping carts, or online applications all require different sets of usability and security considerations. However, there are some general consumer experience improvements that can be applied to just about all CIAM scenarios. Here are three key opportunities to enhance CIAM processes to improve customer perceptions:
#1 - Minimize Registration Efforts
Registration processes govern the creation of customer accounts and the definition of access credentials. This could be as simple as requesting an email address and setting a password or may require more complex processes for identifying the user, setting answers to a security question, and/or requesting additional personal information. The most common approaches authenticate users with basic two-factor authentication, sending an email or text message for verification. Low-risk IT services may alternatively verify and register users through third-party social media accounts.
In most cases, registration processes will be the first actual interaction the consumer has with the business, so creating a low-friction experience at this phase is critical and businesses should resist the urge to gather too much information right from the outset. Focus on collecting the information necessary to activate the account. Consumers can always be prompted later to provide additional information such as mailing addresses and account preferences using progressive profiling. If social media accounts are used as a primary authenticator, it may be possible to extract the user’s personal information from these services (with consent, of course) without having to prompt the customers at all.
#2 – Support Passwordless Authentication
The most common method for authenticating any IT users is a password. However, proper password management is extremely cumbersome and ultimately not very secure. Users often utilize the same password for multiple accounts, rarely change passwords, and fail to use strong, hard-to-guess passwords. Common password management solutions enforce the use of strong passwords and periodic password resets, but these create high-friction experiences that will be frustrating, or even intolerable, to customers.
Passwordless approaches to authentication are generally more favored by consumers. Biometric-based authentication technologies, such as thumbprint readers and facial recognition, are often preferred by users with devices that include these capabilities. Web-based CIAM solutions that support the FIDO2 standard can enable authentications with a variety of passwordless technologies and allow consumers to select the ones they prefer.
#3 – Reduce the Frequency of Authentications
Even a low-friction authentication process can seem annoying if required to be executed repeatedly during a session. However, digital services that call or redirect to application subsystems sometimes requires additional authentication steps. The use of single sign-on (SSO) technologies can ensure customers are only required to authenticate once when accessing all supported services. SSO can also operate across partner businesses to further reduce the number of customer authentication steps.
Reauthentication processes are sometimes necessary to meet enhanced security requirements. For instance, if a customer wishes to change their account settings or authorize a transaction, it is not uncommon for them to be presented with a request to first re-enter their credentials. The use of contextually aware step-up multifactor authentication (MFA) can minimize the number of security-required reauthentications. Related systems use intelligence technologies (analytics, machine learning, language processing, etc.) to determine the level of risk associated with allowing a transaction to occur based on contextual information. For instance, by considering how recently customers authenticated and if they were using a known device. In low-risk scenarios, it may not be necessary to force customers to reauthenticate or the users could be presented with a low-friction authentication method, such as a biometric scan.
A responsible implementation of CIAM balances minimized customer interaction while simultaneously meeting security objectives.
For a more detailed dive into this topic, be sure to check out my upcoming webinar on “Advancing Consumer Engagements by Improving Customer Identity and Access Management (CIAM).”