Convenience is king – the unlikely marriage of CX and security
In the wake of COVID-19, some form of digitisation has become a necessity for most brands. Richard Marr writes about how login functionality impacts users and why brands need to marry customer experience and cybersecurity to stay competitive.
This year has seen an almighty jolt for digitisation as brands are faced with the real prospect of shaping up or shipping out.
With this increased shift to online, the front-of-house touch point for many brands is no longer a young Australian behind a counter, or a clean-cut teller discussing finances. Instead, a mobile or desktop user interface, and more specifically, the login screen, is now often a customer’s first interaction with a brand.
For decades this experience has evolved around the tried and true method of username and password, but to the detriment of two core aspects: customer experience and cybersecurity.
So often I hear stories of these two opposing forces stepping on each other’s head to gain ascendancy, and C-suites feeling the only way forward with one, is to sacrifice the other. A true dichotomy. But these two pillars shouldn’t be considered yin and yang.
Both were at the top of the list before COVID-19, but now that everyone is at home and online, the need for these two to marry has only exacerbated. Customer retention and acquisition relies on it.
With the level of competition in the current market it’s simply not enough to have ‘good’ customer experience. Consumers can switch to another brand as easily as scrolling another centimetre on Google.
Think of the process involved when your customer has forgotten their username and password – not uncommon. They need to move through a multistep recovery system with several click-through stages, potential time delays and sometimes even a phone call where they are required to recall their first pet’s name. During this time, it’s very feasible they think, ‘maybe I will scroll that extra centimetre’.
Take one of our clients for example – a large Australian energy company. They were finding that users were only logging-in to check or pay their bills, that’s it. The chances of them remembering an 8-12 letter password with a capital letter, a number and a special symbol they hadn’t used in a few months was low. Cue many having to go through the ‘forgotten details’ rigmarole each time they try to pay a bill – perhaps not the great customer experience that the company was aiming for. Secure, yes, but not so user-friendly. And we’re back at our dichotomy. More on how they resolved this later.
More traffic online means more risk of cyber fraud, it’s as simple as that.
Just last week Prime Minister Scott Morrison announced Australia was subject to an attack by a “sophisticated state-based cyber-actor”.
More consumers are at risk and in tandem, as we shift to digital, have likely increased their volume of online accounts. Add in the fact that consumers are often using the same password and email username combination, and it results in even further vulnerability. If one account can be hacked, they all can.
What is even more concerning is the lack of secure passwords being used. The UK National Cyber Security Centre released the top 10 most common passwords for 2019 which included the likes of ‘123456’ ‘password’ ‘qwerty’ and ‘abc123’.
Not only is there increased traffic but there is a good chunk of consumers coming online for the first time or with little digital experience. Think of your grandparents using more online tools and services to stay connected socially and to conduct their day-to-day business. This isn’t by choice but by necessity, adding a vulnerable new group into the mix.
Stepping away from passwords
While the login functionality is only one cog in the wheel of the digital experience, it’s unavoidable, has a huge impact on CX and cybersecurity and takes a lot of investment to get it right.
Using social media logins is one way to avoid your customers’ needing to remember another email/password combo, in turn making your service easier and more appealing. A big plus is these social providers have some of the most worlds-most sophisticated security teams working in your court, with all eyes on them from a compliance perspective.
Unique SMS or email codes, also known as One Time Passwords (OTPs) is another way to eliminate the need for recall. OTPs are quick and highly effective for low frequency yet important accounts. This is exactly what the aforementioned energy company has now implemented, creating a much better experience and heightening security at the same time.
Biometrics such as fingerprint scanning and facial recognition, which many will be familiar with via their smartphones, are also on the rise and offer a frictionless and secure experience for the end-user.
One thing that these solutions have in common? All address customer experience and security in tandem.
When it works well, no one will ring you and say, ‘hey, that was a great authentication experience’. But when it doesn’t, customers will be quick to raise an issue or worse, switch to a competitor.
Is this the end of the age of passwords? Not quite yet. There are still plenty of examples where username/password is a strong authentication solution, but COVID-19 as the catalyst for digitisation has put the writing on the wall. Brands need to meet the consumers where they are and not the other way around.
Richard Marr is the APAC general manager of Auth0.