Let’s assume this is your first day at a new job. After all the emails, video calls, and in-person interviews, how would you feel if your new manager forgot your name? What could possibly be more demoralizing than learning you didn’t make much of an impression?
Psychologists at the University of Aberdeen in Scotland conducted a study to assess people’s experiences of being forgotten. In one of the four experiments they ran, 56 students were made to keep online diaries at the beginning of the school calendar year so they could note every time they were forgotten.
According to the study, people feel less close to those who forget them, regardless of whether the person forgetting them is a relative or someone they just met. The same experience goes for consumers when you ask them for data you already have or information that isn’t necessary at any given time.
Today’s buyers don’t want you to remember their “first name” alone. They also want you to know their personal preferences and their purchase history. They want you to see them as a unique individual rather than another “sign up” or “payment notification”.
According to Accenture’s Personalization Pulse Check survey, 75% of customers are more likely to buy from a company that can:
- Recognize them by their name.
- Know their purchase history and preferences.
- Recommend options and products based on their purchase history.
- Send them relevant and personalized promotions.
Whether they are using your mobile or web app, reading your emails, or even engaging your support team, consumers want a personalized experience regardless of channel. This is why centralized digital identity has evolved to be a driving force in practically every successful company you can think of.
Gone are the days when brands were solely built on huge advertising budgets. Companies that have an all-round (360-degree) view of their customers are able to record all the touch-points and interactions they have with the business in order to create single digital profiles for each individual.
Today and in the future, businesses that are able to link their customer profile data to their customers’ identity will not only be able to generate deeper insights but will also be able to deliver new and rewarding experiences to their customers.
Unlike traditional IAM that facilitates access to internal systems based on credentials that might have been assumed by HR or some ERP system, CIAM provides insights into who your users are, the actions they take, and what influences those actions.
With CIAM, the consumer experience touches multiple lines of the business. So, companies can deliver secure, fast, and frictionless digital experiences that meet the ever-changing needs of their customers.
What is CIAM?
Customer identity and access management (CIAM) help organizations strike the right balance between customer experience and security, without having to sacrifice one for the other. With Customer IAM, brands can deliver a resonating user experience while also protecting consumers from fraud and security breaches.
The thing is, CIAM makes it possible for companies to capture and manage access to customer identity and profile data securely. One of the best analogies that clearly explain CIAM is one by Martijn Loderus, Global CIAM Director at IBM.
According to him, you need to think about CIAM as you would the entrance to Disneyland, where you want to get as many people through the gate as possible. And as they enter through the gate, you want to understand their persona and preferences so that you can build a long-lasting relationship with them.
User Experience As a Competitive Advantage
There are five key differentiators that set companies apart — product features, product quality, pricing, customer service, and the user experience. While your competitors can match up with your pricing and product features over time, it’s almost impossible for them to make your customers feel the same way you do (customer service and user experience).
Customers consider the UI/UX and customer service to be the product. They don’t really care if some form of authentication needs to happen behind the scene, they don’t care about your sophisticated algorithms, and they don’t care about your cloud architecture.
Consumers only care about their problems that you can solve and how you make them feel in the process. Do you really care if the black box of the airplane you’re boarding is orange in color or not? No! What you really care about is to have a frictionless boarding experience and land safely at your chosen destination.
In the same way, we all want to know that our information and experience are secure without having to authenticate and re-authenticate or verify and re-verify our identity. Consumers want to be able to seamlessly engage with multiple lines of the business without having to log in every single time.
Although cybercriminals are steadily on the watch for vulnerabilities in how you manage customer identity and access for your business, customers hate to deal with complex security measures that affect their experience using your product.
This is why leading companies focus on designing secure customer journeys that not only provide actual customers with engaging and frictionless experiences but are also safe and future-proof from identity attacks.
Amazon is a great example of a top company that is focused on delivering seamless digital experiences. Registered shoppers can visit the store without having to input their email addresses and passwords every time.
Amazon recognizes a customer from their initial authentication and goes ahead to use their purchase history and preferences to deliver a customized shopping experience without asking the shopper to authenticate regularly. They only have to authenticate again when they’re about to make a purchase because this “money step” obviously requires an extra layer of security.
Apart from Amazon, other companies around the world are beginning to leverage consumer identity management platforms to aggregate and link consumer data across multiple channels of the business. Having a unified view of a consumer’s identity across all devices and channels allows you to deliver personalized recommendations and options that would resonate with the individual.
The User Experience of Security
Identity theft is no joke. In 2003, Malcolm Byrd was probably having dinner with his two kids when three police officers came to his door. They came with a warrant to arrest him for cocaine possession with the intent to distribute.
Malcolm’s predicament had begun in 1998 when one man who was arrested on drug charges identified himself as “Malcolm Byrd”. Although the real Malcolm made efforts to obtain court documents to clear his name, it didn’t stop him from losing his job, his driving license, and getting arrested from his home on that Saturday night.
Today, identity theft is not Malcolm Byrd’s problem alone. According to a Bureau of Justice Statistics report in 2010, 8.6 million households in the United States had at least one member who experienced identity theft victimization. Last year, over 13 million consumers who were victims of identity theft spent $3.5 billion in out-of-pocket costs.
With all of this in mind, it’s safe to say that companies implement strong security measures in order to protect their customers’ best interests. There are more than 2 billion people who browse the internet and interact with different apps using stored credentials. So, security is highly important and sacrosanct.
However, security is only a part of the overall user experience. While consumers want their identity to be secured, they will never be comfortable with complex security measures that either waste their time or increase how long it takes for them to realize value from your product (time to value (TTV)).
The companies that implement extreme security features without considering how their product will be used might lose customers in the end. One of the most secure platforms for encrypted communication, Pretty Good Privacy (PGP), lost many of its early adopters until it eventually lost its original inventor, Phil Zimmerman.
While one of Phil’s reasons for not using PGP was “no version of PGP ever ran on an iOS device”, Matthew Green, a cryptographic expert was of the opinion that “you have to use PGP in your existing email client, then you have to download keys, and then there’s the issue of ensuring they’re the right keys.”
Many people believe PGP’s user interface (UI) was highly technical and even poorly designed, however, it’s somewhat obvious that the cumbersome security requirements also made PGP difficult to use. People want the best security features in place but they want them to be invisible as possible so they can have a seamless experience.
How CIAM is Delivering Secured Digital Experiences for Consumers
Consumers interact with one and many applications in different ways. They interchangeably use their smartphones, laptops, and other smart devices to access dozens of applications daily. This is why CIAM solutions help to link user identity across multiple devices in order to reduce friction and the risk of fraud.
To give consumers more customization and convenience, CIAM providers operate across the web and mobile to offer important features such as social integrations, universal login, single sign-on (SSO), multi-factor authentication (MFA), progressive profiling, and more.
The Annoying CAPTCHA
Luis Von Ahn was a Ph.D. student at Carnegie Mellon when he created the basic form of CAPTCHA with the help of his advisor in the early 2000s. According to him, the sole aim was to help Yahoo block spammers from creating millions of free email accounts with automated computer programs.
At the time, Spambots were on the rise, so CAPTCHA quickly caught the attention of other websites. However, there were only about 361 million internet users who didn’t mind spending time deciphering hard-to-read texts.
Today, there are over 4.57 billion internet users who don’t have the patience and attention span to deal with the different forms of CAPTCHA on almost every website.
That’s why CIAM providers such as Auth0 offer smart bot detection features that can protect your users against credential stuffing attacks with reduced friction on the login experience.
Auth0 uses large statistical models to analyze traffic patterns in order to identify whether login is initiated by a legitimate user or a bot. This way, only people who are using suspected IPs will be required to complete the annoying CAPTCHA step.
Contextual Multi-factor Authentication (MFA)
In recent years, MFA has become more accepted as a method of ensuring security online. According to Google, multi-factor authentication can help prevent up to 100% of automated attacks, 99% of bulk phishing attacks, and 66% of targeted attacks.
Nevertheless, MFA should only be implemented in a way that doesn’t introduce friction for users. By utilizing contextual information, such as geo-location, login patterns, suspicious behavior, login devices, etc., MFA can be triggered based on assessed risks.
For example, whenever I access my PayPal account from some African IPs, I must solve more than 1 CAPTCHA test and complete MFA via email or SMS in order to sign in. While this doesn’t happen when I’m on an American IP, you get the gist about contextual information based on multiple risk factors.
Auth0’s Contextual MFA feature leverages certain signals to assess whether a login attempt is legitimate, such as the device, the geographic location, or the IP address. Based on a user’s login patterns, the feature can predict which login attempts are genuine and will only send a prompt for multi-factor authentication if the confidence score is low.
Centralized Identity Management
While personalizing the onboarding experience is a proven way to skyrocket activation and conversions, it’s impossible to interact on a personal level with people you know nothing about.
As a result, companies are leveraging CIAM providers to create centralized identity sources for each customer across all channels. Okta’s Generic OIDC feature enables users to sign into apps with credentials from a wide range of identity providers, simplifying companies’ efforts to deliver custom and secure login experiences.
In the same way, Auth0’s Single Sign-On (SS0) feature enables both web and mobile apps to enable SSO across over 30 platforms and collect customer data automatically from these platforms.
For example, If users authenticate via any of the major social media platforms, you can set up rules in Auth0 to pull relevant associated data such as location, contact lists, birthdates, employment history, and more.
With centralized identity management, you have real-time visibility into how much access users have so you can efficiently detect anomalous behavior and respond to threats quickly.
The fact that you can link each customer's data to their originating ID greatly improves security. All of your user's information is in one place where admins can grant and revoke permissions quickly and easily.
CIAM will provide a single source of vision for your company, but it can also be a single point of failure at the same time. Nevertheless, relying on a trustworthy CIAM provider protects your customers’ identities from sophisticated credential exploitation by attackers.
Progressive Data Profiling
You shouldn’t ask for the same information or apply the same level of security to every use case with your product. Are you comfortable sharing your date of birth or marital status simply to download an ebook or whitepaper?
To build progressive trust, you have to collect information that is relevant to your business needs and the action(s) that a user is taking at any given time. With progressive profiling, the goal is to build up customer profiles as they continue to interact with your product.
Instead of requiring users to fill out long forms and questionnaires at a time, progressive customer profiling lets you gradually collect the right data at the right time.
This way, users can immediately experience your product without dropping off, and you can build robust profiles for each customer as they provide more information over time. Auth0 is one of the CIAM providers that make it easy to create and continually enrich user profiles.
When a user is authenticated via Auth0, the user gets a Profile record that is populated with information gotten from the form field they might have filled during authentication.
Users who access your application through Facebook, Twitter, LinkedIn, or enterprise accounts can also have their profiles automatically created and updated with the attributes Auth0 pulls from any of these sources.
Balancing User Experience and Security
According to Sierra Ashley, VP of Product and User Experience at DigiCert, “Security solutions are effective when they minimize user effort to achieve maximum results.” Nevertheless, the concept of balancing security with UX is still evolving with CIAM.
Creating a secure but unusable product is like building another Pretty Good Privacy (PGP) that you might end up not using. If you improve security in isolation, you will end up with a more secure product that nobody is willing to use. Consumers want additional security as long as it does not interfere with their experience.
Although two-factor authentication (2FA) has gained popularity as a more secure way to verify identity and protect accounts, less than 10 percent of Google users have signed up for 2FA to protect their Google accounts. When it comes to user authentication, some degree of friction will definitely impact the user experience.
However, different authentication methods will lead to varying user experiences and some applications will need to be more secure than others. So, it’s about understanding what works best for your application, your customers, and the possible trade-offs that will create the right balance.
The Future of Digital Customer Experience and Security
The pandemic significantly skyrocketed online engagement within a short time. As a result, we are swiftly moving from working in-person to working remotely, from visiting grocery shops to buying groceries online, from visiting the gym to attending fitness sessions over Zoom. The benefit to businesses will be the ability to collect more data which can help them improve the experience they provide for customers.
As customers continue to interact between dozens of applications using multiple devices, there will be an increasing demand for frictionless but secured end-to-end experiences.
Futurum Research & SAS surveyed 4000 consumers and 69 percent of them said they use more than one mobile phone, 67 percent have at least one wearable device, 60 percent have a smart voice assistant at home, and 59 percent anticipate an increase in use by 2025.
The point is, online consumers are more informed and empowered than ever so there will be an increased awareness about data privacy. More companies will engage their customers about data privacy and breaches, the security measures they have put in place, and what this means for their customers. Businesses that can balance user experience, security, and privacy will truly thrive in the future.