And how your security process may be driving customers away.
It’s a common scenario these days: Your customer is returning to take advantage of your spring offers, so they go to log in, but they can’t get in right away. Your site or mobile app now requires them to verify themselves—even though they’ve been a customer and spent money with your business in the past. Your authentication solution kindly informs them they’ve been sent a one-time PIN (OTP) via email or text and they should now find and enter it.
This traditional security measure has placed friction at the start of their buying journey, banking transaction, or airline reservation. According to the FIDO Alliance, a third of online purchases are abandoned because of forgotten passwords.
And it can have a huge impact on your business. After all, being denied access in-person or online results in a universal emotion we’ve all experienced. How often have you uttered an expletive and then had to find that one-time code, or re-enter that forgotten password, only to find yourself forced into the password reset routine?
All this hassle when all your customer wanted to do was buy something. You hate when it happens to you. And you definitely don’t want it to happen to your customers, but it very likely already is, as false-positive Multi-Factor Authentication (MFA) challenges may be costing you brand reputation and potential customers right this very minute—according to Zendesk Customer Experience Trends Report 2020, 50% of consumers said they would switch to a competitor after just one bad experience.
While there can be many contributing factors for customer friction, the login process is an especially deadly source for it, and it’s one that is too often overlooked. Especially when, too often, it’s the digital equivalent of being required to iron your bank notes, present them all facing precisely the same way while standing on one leg—oh yes, and all while wearing a red t-shirt.
Can any of us blame the customers who shake their heads and simply walk away without completing their planned transaction?
Finding Middle Ground
As demonstrated above, one of the fastest ways to annoy a returning customer is to force them to verify themselves.
The problem is, you’ve got two senior executives at diametrically opposite ends of a continuum. The user experience leader wants as little friction as possible to serve up the custom-tailored offer to a returning or new customer. While your Chief Information Security Officer wants to challenge everyone in an effort to protect their identity and your bottom line.
This dichotomy can be resolved to the satisfaction of both parties, because, let’s face it, they’re both right: It takes data, and lots of it.
The Problem of Data Poverty
Here’s the challenge, though—in this regard, your company, unless you represent Meta, Amazon, Microsoft, Apple or Alphabet, has a data poverty problem.
What this means is that you have no data about who is signing up for your service before they arrive at your application or what they’ve been doing online before they return to your service. Sure, once the potential or returning customer completes your account creation form or logs in, all manner of data services subscribed to by your risk and fraud teams kick in, with ID verification against static data sources such as name, address, email, phone, the first car you owned, your mother’s maiden name, etc.
Unfortunately, yes, all of these are valuable, but the truth is, sadly, that most of that data has already been stolen in previous widespread consumer identity data breaches. Remember Equifax? For a sobering list of data breaches check here. Even legacy identity protection schemes such as device fingerprinting are no longer reliable as well funded and organized criminal groups become increasingly sophisticated.
It All Comes Down to Data
There’s another complication here, too. You may know about how your customers usually interact with your service, but what if the customer’s profile has been compromised, and now the person logging in with their credentials is actually a bad actor perpetrating an Account Takeover (ATO) identity fraud attack? This requires your risk and security teams to be virtually clairvoyant regarding your online users—an unfair task, to say the least, as clairvoyance is regrettably not a widespread talent.
Back when I worked in the adtech industry, we did a lot of work to combat advertising fraud, including technology that, for instance, prevented BOTs from hoovering up all the Rihanna concert tickets and selling them at a massive premium on the aftermarket. At that time in my career, all of my businesses had one thing in common—they used a massive amount of data to build an identity graph that captured historical behavioral profiles in such a way that predictive analysis could be applied to determine, with a high degree of certainty, the likely outcome of a particular user profile.
As I said, every problem has a solution. So following are three ways to improve customer experience by reducing friction without compromising identity security:
3 Ways to Remove Churn and Smooth the Login Process
- Participate in data sharing.
The more data you have, the more power you have over your customers’ online experiences, because you’ll be better armed to recognize and facilitate legitimate login attempts while still keeping out the bad actors. It’s commonplace in the banking and financial industries to share data (even between competing institutions), and this approach is just going to become more widespread as time passes, as only sharing at scale can really be effective in the fight against identity fraud. Enhance other identity data sources with intelligence derived from real-time, online live and historical user behavior to make more accurate risk decisions. - Implement a journey toward a passwordless future.
It’s increasingly apparent in today’s constantly shifting security landscape that passwords aren’t really effective or, ultimately, necessary. Most consumers use just two or three repeated passwords to access over 90 online services on average, and that right there is the root cause of most account takeover fraud. A passwordless future will make your company stronger, remove friction from the login experience for the customer, and still help to reduce your vulnerability to fraudsters. - Move verification steps to later in the customer journey.
This is a big help in reducing account creation churn. For example, one fast food company was seeing tremendous adoption of their mobile application to order food ahead of arrival. But forcing the new customer to verify their email address on account creation was costing them almost 10% of signups, with their corresponding lifetime value affecting the bottom line. So they moved those steps to later in the customer journey and found their customers were much happier, overall.
Don’t overlook the costs of customer churn due to an outdated or time-consuming login process. Ultimately, by streamlining the login process and balancing ease of use without compromising security, your customers will be happier, you’ll be happy, and therefore your shareholders will be happy, too.
It’s win-win.
Written by Ari Jacoby.
Have you read?
# Best CEOs In the World Of 2022.
# TOP Citizenship by Investment Programs, 2022.
# Top Residence by Investment Programs, 2022.
# Global Passport Ranking, 2022.
# The World’s Richest People (Top 100 Billionaires, 2022).
Track Latest News Live on CEOWORLD magazine
and get news updates from the United States and around the world.
The views expressed are those of the author and are not necessarily those of the CEOWORLD magazine.
Follow CEOWORLD magazine
on Twitter and
Facebook. For media queries, please contact:
info@ceoworld.biz