Keep Me Safe, Make Me Happy (Part 2)

Keep Me Safe, Make Me Happy (Part 2)



The first step towards securing the customer experience is a simple one: acknowledging that customers want you to make them happy and keep them safe.


In March, we started a conversation on the rapidly growing consumer expectation that you make them happy and keep them secure. In this installment, we turn our attention to the latter part of that directive: protecting our customers.



Security Does Not Equal Privacy

Keeping customers secure has, for many years, wrongly been assumed to mean passing more and more data privacy laws and regulations. But privacy and security simply aren’t the same, even though they are (and by nature must be) closely linked in order to be successful at achieving both.


The value of privacy mandates has been the universal recognition by countries and US states that the data an organization collects about its customers and citizens belongs to those same people. By establishing the rightful ownership of this data, the obligations and expectations for appropriate use and monetization of that data by organizations that collect it has finally come into focus.


There’s no denying the lack of effectiveness of privacy laws and regulations in providing security to citizens. The Verizon Data Breach Investigations Report, the Identity Theft Resource Center’s End-Of-Year Breach Report and the IBM Cost of a Breach Report agree that the number and impact of breaches and exploits continues to grow year over year. Our various regulations can’t be shown to have reduced bad outcomes for consumers anywhere in the world.


To keep our customers safe, we need to go beyond privacy considerations and turn our attention to how we can truly secure customer data.



Identity Is the Core of Security

The missing link in every data protection scheme is identity. Think about this for a moment. If a company is required to treat all my data as belonging to me but it isn't also required to protect me (my identity), all a hacker has to do is pretend to be me to steal my stuff. This, in a nutshell, explains almost every hack or exploit ever executed: someone pretending to be someone they aren’t to get something that doesn’t belong to them.


Unfortunately, no regulation anywhere in the world demands that an organization protect a customer’s identity. This isn’t just bad policy; it’s also poor design. But while there are no current regulatory demands other than exercising “reasonable security,” found in schemes like the California Consumer Privacy Act (CCPA), change is coming.


Right now, the CYBER LEAP Act (Senate Bill 3712 Act S.3712) is in the process of making its way to the Capitol floor. Included in this bill to address “grand challenges” within cybersecurity is digital identity. Other legislation promoting consumer identity protection nationally is in draft form. The obligation for you to protect your customers’ digital identities is on the way.


But the most forward-thinking companies will take the lead on tightly coupling a customer’s identity and their data in order to deliver the type of secure and frictionless experience that consumers are demanding—and not wait on government directives to do so.



Protecting Customers while Building Trust

Securing customers’ identity means building trusted relationships with them. It isn’t a one-time event. In fact, recent surveys suggest 40% of customers are willing to leave a brand after just one bad experience, whether that experience be a difficult return process, a slow response to their chat inquiry or a breach of their private data.


With account opening and takeover fraud continuing to grow exponentially, you have to make customers feel secure every single time over the course of their relationship with your company and your brand. Identity proofing solutions are a necessity, because relying on an account and password construct is simply an invitation to fraud, loss and an unhappy (former) customer.


Tools and technology to protect your customers and build their trust are already available. For example, most companies go beyond simply using passwords and employ techniques like two-factor authentication (2FA) to verify users are who they say they are. And while 2FA is certainly a step up, most companies today have more than enough risk exposure to warrant introducing multi-factor authentication (MFA) into their customer experience. When MFA is done well, the sign-on event itself becomes a key component in the customer’s trust experience with you.



Creating a Frictionless Customer Experience

As customer identity becomes a bigger part of digital transformation efforts across the globe, many business leaders worry about and even actively resist changes to customer security measures. Most, but not all, of this resistance is tied to a concern that customers will balk at the friction created by these requirements. But if customers are demanding that security be a part of their experience, why not use today’s available technologies to create a secure experience that also is frictionless?


Beyond the value created by improving customer authentication methods, we have the ability to apply analytics, AI and machine learning to evaluate and take action to keep that customer safe while providing a smooth experience. We can measure the risk of devices, locations, connections and transactions in session and invoke the optimal amount of additional security in a way that, once again, builds trust with the customer.



Making Your Customers Feel Empowered

The first step toward securing the customer experience is a simple one: acknowledging that customers want you to make them happy and keep them safe. This realization is what will provide the fuel needed to rethink and re-architect the customer journey entirely.


In our final installment of this series (coming in September), we’ll look at how the introduction of these security capabilities can do more than make your customer feel safe. By putting customers’ digital identity at the center of both security and experience, they’ll feel empowered and protected. These two ingredients create a new world of opportunities for interactions that will not only make your customers happy, but create exciting possibilities for increased revenue, customer retention and brand loyalty.

Richard Bird
Chief Customer Information Officer | Ping Identity
Richard Bird is the Chief Customer Information Officer for Ping Identity. An internationally recognized data privacy and identity-centric security expert and global speaker, he is a Forbes Tech council member and has been interviewed by the The Wall Street Journal, CNBC, Bloomberg, The Financial Times, Business Insider and CNN on topics ranging from privacy regulations and election security to cybersecurity-enabled consumer protection.

Richard received the 2019 SC Media Reboot Leadership Award, recognizing outstanding global CIOs. His focus is strongly oriented to using his experiences to help corporations, organizations, governments and solution providers to truly change the framework of cybersecurity by shifting our focus to protecting people ahead of protecting “things.”