Customer Experience: The Authentication Adoption Driver
Convenience is one of the big drivers of new online experiences; according to a report by PwC, 32% of consumers would abandon a brand they were loyal to in the past after only one bad experience.
Authentication, and how this takes place, will have a big impact on the customer experience; studies have found that around 31% of users have abandoned lengthy or difficult sign up processes, translating to a loss of potential revenue for the business.
This shift has put a strain on businesses across various industries, who have had to deal with an unexpected surge of digital customers, or if unprepared, scramble to overhaul their product stack to meet these new customer demands.
The Current State of Affairs
This digital acceleration has transcended limited use cases - in the financial industry, traditional banks have now started looking at enhancing ther digital offerings, allowing their customers to do everything from the palm of their hands, from opening accounts to depositing cheques. There has also been a wave of digital-only banks coming up, giving customers even more options to save, invest and manage their finances.
The shift towards ecommerce has made its way into the food and beverage industry, with users now accustomed to firing up an app and ordering food right on their phones. It has even overhauled the transportation industry, with users simply picking up their phones to book rides. In the COVID-19 era, this digital transformation has even made it possible for people to speak to doctors, book appointments, and order medicines right from the palm of their hand.
However, this digital acceleration has not only impacted user experience and product offerings, but has also heightened the importance of security, strong customer authentication, and fraud prevention as well. With the sheer quantity of user data flying around, businesses are not only expected to protect user data, but also to abide by international jurisdictions and laws such as PSD2, the GDPR and the CCPA. Therefore, in order to protect user data, businesses must first ensure controlled access to their websites.
The most common way businesses ensure controlled access to their websites is requiring users to authenticate themselves, and the most common form of authentication is a username and password. Simple to implement, however, in terms of security, passwords are the weakest among all authentication methods for numerous reasons:
Passwords are often reused across websites and apps. Once a password is hacked or falls into the wrong hands, the fraudster can use it to access all the other websites or apps that the user has replicated the password on.
Some users may, due to the sheer volume of passwords they are required to remember, suffer from password fatigue; this could lead them to use easy-to-crack, weak passwords which a fraudster can easily gain access to.
Some users might have poor password hygiene - they might be writing their passwords down in easily accessible places, or saving them in unsafe apps that fraudsters can easily access.
Passwords face a number of various types of sophisticated attacks due to their common and widespread use.
The fact is, passwords are outdated; they have been deemed the weakest authentication method by numerous security firms and studies. Apart from the security aspect, passwords are also cumbersome for customers to use. Nowadays, users are accustomed to easier passwordless authentication methods such as scanning their fingerprint or their face to unlock their phones; users expect this level of ease and security to be made available to them on a global scale.
Companies need to add fraud prevention measures and enhance customer authentication security, with solutions such as strong customer authentication (SCA). Strong customer authentication allows companies to secure access to their users, reducing the risk that passwords carry. Strong customer authentication requires a user to provide 2 or more ‘factors’ to prove their identity.
Some examples of factors are:
Something a user knows (i.e. a PIN or a password)
Something a user has (i.e. a hardware token or their smartphone)
Something a user is (i.e. biometrics in the form of a fingerprint swipe or facial scan)
Europe’s PDS2 regulation requires strong customer authentication to protect electronic payments. The regulation is designed as a fraud prevention measure by requiring payment authentication for online transactions.
By adhering to strong customer authentication requirements and security best practices, companies have been able to add effective fraud prevention measures such as payment authentication to their checkout process.
FIDO2 (Fast Identity Online) has quickly become the de facto standard for strong customer authentication by reducing the world’s dependency on passwords and offering simple authentication methods that utilize a device's biometrics or an external FIDO2 supported security key.
Studies have shown that facial recognition is one of the most favored authentication methods by users, with an estimated 1.4 billion users worldwide looking to leverage the technology within the next 5 years. Another highly popular biometric authentication technology is fingerprint scanners, which are expected to be equipped on 93% of smartphones in the next 5 years. Due to the security and convenience of biometrics, 73% companies deemed it to be essential to a good customer experience, with 64% prioritizing the technology for user authentication.
Recent studies showed that approximately 65% of customers abandoned websites upon being asked to create a username and password, and an astonishing 92% said they would prefer to completely abandon a website than try to recover their credentials. Another 87.5% admitted to being locked out of a website for too many failed login attempts. 10% of users even admitted that they would rather undergo a root canal than create a unique password, resorting to bad password hygiene such as recycling passwords.
Highly effective against phishing attacks, FIDO2 passwordless authentication requires that consumers register their devices on each website. The device then generates a unique public/private key pair for each domain and returns the public key to the website. Any subsequent phished/fake website request then will fail since the attacker is not originating from the registered domain the devices are bound to.
Managing Usability vs. Security
Users no longer want to sacrifice usability for security. The first thing people see on your website or app is the login screen, and making this too cumbersome will direct users away from your business and straight into your competitor’s hands. Users are turning to digital interactions more than ever; they do not want to adjust to complex authentication methods for the sake of security. Businesses need to find the ‘sweet spot’ between protecting their customers’ interactions and data while making their experience as user friendly as possible.
Businesses, at the same time, need to pay attention to the authentication process, ensuring the user is who they say they are, and are performing transactions willingly and legitimately. A combination of a good user experience and security, creatively brought together, is the key to retaining and growing customers. By focusing on achieving this, businesses are assured of delivering quality experiences that are secure and enjoyable for customers, thereby reducing abandonment rates, and leaving a favorable impression in their users’ minds.
LoginID is disrupting the Consumer Identity and Authentication market. We are a FIDO2-certified passwordless authentication company providing a SaaS-based Strong Customer Authentication Solution coupled with Digital Onboarding, Identity Verification and eKYC solutions. Backed by serial fintech entrepreneurs and strategic partners such as Visa, we are a strong global team based in San Mateo, California and Toronto, Canada, and are experts in security, encryption and tokenization.