CX and Cybersecurity: Don’t Treat Your Customers Like Criminals

Posted January 9, 2019

CX and Cybersecurity: Don’t Treat Your Customers Like Criminals

According to a new report from Forrester, 2019 is the year digital transformation efforts will shift gears—from big ambitions to nuts-and-bolts pragmatism.

At the center of it all: The digital customer experience (CX) and cybersecurity, which continue to create tension despite their mutual importance to business performance.

On the one hand, there’s word from TechRepublic that businesses are currently prioritizing the user experience at the expense of security, allocating 10% more funding to CX than to fraud detection and prevention. Understandable, given CX’s measurable connection to revenue. In far too many organizations, security is still viewed purely as a cost-center, making many IT departments wary of introducing any new anti-fraud measures that could prove detrimental to sales. Yet the trade offs are tough: less transaction abandonment and associated gains inherent in a friction free CX juxtaposed against potentially larger fraud losses derived from overly permissive authentication. Realistically, continued reliance on legacy systems and reduced investment in new identity solutions, leave many organizations either exposed to increased fraud risk or relying on even greater authentication friction further exacerbating the CX experience and adding to the operational costs of authentication step-ups and challenges. This year, IT professionals need to adopt advanced identity solutions and processes for the changing digital landscape and identify the weaknesses in their legacy authentication systems.

Identity as Achilles Heel

More specifically, I am referring to legacy technologies that rely solely on login and identity credentials. Yes, the same credentials that 75% of users say they reuse across multiple accounts and systems. Remarkable, given that these are also the same ones so readily available to cybercriminals thanks to an endless stream of corporate data breaches. Let’s also not forget that data breaches don’t just expose credentials but also the answers to your “secret” questions that so many organizations rely on to authenticate customers in their step-up workflows. And therein lies the weakness – many of the credentials and authenticators are equally compromised.

However, in the midst of this dynamic debate over CX and frictionless authentication versus legacy authentication technologies, many organizations are finding the cost and complexity of solving this conundrum on their own is non-trivial. According to Forrester, CX performance has flattened in 2018, with 50% of digital transformation efforts stalling out—some of this is due to organizations underestimating the cost and work involved; some over fears that it would hurt quarterly performance.

These organizations are right to be concerned. Beefed-up CX or not, dependence on those legacy authentication systems will very likely cause some serious pain this coming year. Without the ability to recognize returning customers in real time or confirm that they’re really who they claim to be, businesses continue to leave themselves and their customers open to fraud. In fact, Forrester predicts one major brand will lose valuation of more than 25% due to cyberattack in 2019—leading more organizations to operate on a Zero Trust basis adding crazy friction and alienating customers in their efforts to counteract fraud. So what is the Achilles Heel? Being too permissive or too restrictive – leaving organization equally vulnerable to badness.

Balance the Scales

Forward-thinking organizations are defining that fine line of introducing friction at those points were customers expect some push back while also using real-time global identity solutions to recognize good new and returning customers. But for too many, the scales remain unbalanced. So, rather than emphasizing speed and convenience and a reliable frictionless CX to improve sales, these businesses will move to protect themselves by beefing up security with step-ups and challenges that end up forcing legitimate customers to jump through flaming hoops to prove it’s really them. And the impact of this approach: a lukewarm welcome to legitimate customers and a “trust but verify on steroids” approach that implies customers might be more criminal than customer. Not the kind of inference any organization wants its customers or prospects to draw.

And that’s precisely where things get most precarious for businesses as they plan for the year ahead – finding that balance.

In one recent survey, 25 percent of consumers report that every retail website and app they use requires two-factor authentication. Meanwhile, studies have shown that 50% of consumers will bail on a transaction after even just 10-seconds of additional friction. To put a finer point on it, that’s money flying right out of organizations hands. And the magnitude is no joke. Shopping cart abandonment has already resulted in $4 trillion in lost revenues. That’s the downside of treating customers like criminals – a CX that sends customers running to competitors!

But it’s not like those customers just give up. They just go somewhere else. When the books are closed on 2018, it’s estimated that $1.6 trillion will have changed hands this year as consumers permanently defected from brands imposing stringent authentication and friction to those that can deliver the speed and convenience they want. Think about that figure for a second…it’s equivalent to the GDP of Canada or Spain!

How then can organizations balance the scales? By implementing security where it’s expected while prudently reducing friction where it’s possible.

The Optimal Partnership: Cybersecurity is the New CX

In response to this growing tension, some companies will find they need to beef up security regardless of their CX plans, but will likely find a continued reliance on old-fashioned, credentials-centric systems are of no help and expose them to fraud risk and increase operational costs.

Others will turn to modern, real-time digital identity-based user verification and assessment solutions that combine device, location, identity and threat intelligence with powerful AI and advanced behavioral analytics to enable businesses to instantly recognize and reward customers with a streamlined user experience while not abrogating their security imperatives.

Put another way, cybersecurity and CX can and should be great partners rather than representing competing interests for resources. This melding of smart cybersecurity and great CX may in fact be the secret to generating new business growth in an era when the company with the best CX wins.

For those that embrace this partnership, the payoff can be huge. According to Bain & Company, businesses that excel in CX grow revenues 4% to 8% above the average for their market by attracting new customers, earning stronger customer loyalty and boosting lifetime values—with fewer losses from cybercrime.

Want a great New Year’s resolution for CX and Cybersecurity? Try this: combine the two, treat customers like great customers, and reap the benefits!

To learn how a digital identity-based approach to user verification and authentication can protect your business and consumers while enhancing your CX, download this solution brief.

Frank Teruel

Frank Teruel

SVP/GM, ThreatMetrix

close btn