going beyond authentication

Going Beyond Authentication

User Authentication B2C

by Kimberly Biddings, VP of Product, BIO-key International

As companies look for multi-factor authentication (MFA) methods to keep them secure they find that there are different challenges present in authenticating employees and customers. As opposed to employee access, which is primarily guided by security, customers represent an organization’s revenue stream and as such companies need authentication methods that cater to the customer journey. The need for a smooth authentication process has never been stronger with a 2022 Gartner survey showing 86% of companies are competing based on customer experience. The very first step a customer takes in interacting with a company’s online or digital services is commonly to login. This first point of access becomes the first impression that a company makes with its customers and regardless of how well the app, website, or service works, customers can be driven away by login issues. Understanding what it takes to maintain high levels of security and a seamless customer journey is paramount to a company’s ability to build and retain a consistent customer base and revenue.

Convenience- the Driving Force Behind Customer Interactions

Customers are a diverse group of people with very different levels of technological competence ranging from tech savvy teenagers to older generations who didn’t grow up in a digital environment. All of them are driven by convenience. Any authentication method used by a company has to be intuitive, simple, and quick regardless of the customer’s tech background. At the same time there are fewer secure options available for businesses to offer their customers compared to employees. For example, it is impractical and inconvenient to apply methods like a hardware token in a business to customer (B2C) interaction. While employees can be issued new equipment or expected to learn new systems, this is a huge barrier to customers who need authentication methods based on what they already possess without too much hassle.

There does seem to be a greater public awareness developing surrounding the tradeoffs for convenience and security, with customers increasingly likely to take an extra step in the process of setting up access in the name of security. Companies need to be aware of the level of risk the customer feels when understanding this. For example, 8 out of 10 customers say digital security directly impacts their ability to trust their financial institution, an area where a high level of trust is needed. However, in less high stakes environments a customer’s willingness to be inconvenienced in the name of security goes away.

Solving for Customer Pain Points

To set up a system that matches both the security and convenience demanded by customers there are two important places to consider in the customer journey, enrollment and methods for MFA.

Ease of enrollment. Customers may be willing to tolerate stricter protocols for something like a bank, where they will be required to be on the phone or in person during enrollment, provide documents like a social security card or passport, and take a biometric measurement like a fingerprint or face scan. For access to lower stake environments, like accessing your Amazon account or logging into a streaming service, the convenience factor needs to be much higher. Self-enrollment is key. Having a method for customers to enroll their own authentication methods means greater autonomy for the customer, no need to wait on an admin, and faster access to a system.

Different MFA methods. MFA has become the standard for security, with an estimated 90% of breaches stopped by MFA systems. But not all MFA is created equally. While most still use a password, this is inconvenient for the customer who has to remember the password and not particularly secure as passwords can be stolen or shared. Other options include using one-time passwords (OTPs), or biometric measurements. OTPs, while secure, require access to a cellular network to send the passcode and this can cause problems for users who are traveling or out of service as well as customers who do not have a phone. According to the Gartner Market Guide for User Authentication, 50% of customers will struggle to use phone-based authentication methods. The convenience of biometric methods is hard to beat. Users don’t need to remember anything, carry anything, or have to type in a passcode, they are able to authorize themselves as a user through something that is uniquely them like a palm or fingerprint scan.

Accurate, Dependable Biometrics

Biometrics provide the unrivaled convenience and consistent experience that customers need. There is no need to remember a passcode or have them buy a new device, enrollment can be quick and easy, and a high level of security can be established. To use biometrics in the customer journey in the best way possible there are a few considerations for companies. First is enrollment, namely, how many devices does the customer need access to? As businesses like grocery stores are moving towards automated checkouts where customers may need to access different digital registers it is important to allow for a single enrollment to grant customers access across devices. While self enrollment is easy, having to do it often greatly reduces its convenience. Having a centrally enrolled and stored biometric, like the method used in identity-bound biometrics (IBB), allows a customer access across devices and locations, reducing enrollment fatigue and gives customers a consistent login experience during any authentication.

Next is ease of access. Not all methods for taking a biometric measurement are created equal, and few things are more frustrating to the customer than login failures and lockouts. With many customers and devices using high quality cameras, technologies like IBB can take a palm scan or face scan capturing thousands of data points. The benefits of this are twofold- thousands of data points means both greater accuracy resulting in fewer lockouts, as well as increased security.

Think it through

Customers are increasingly looking for convenient access across platforms wherever they are. There needs to be a streamlined experience geared to the customer across mobile apps, browsers, and kiosks that allows customers to authenticate themselves securely and with little or no effort. By thinking first about the customer journey and understanding their different use cases, organizations can tailor authentication methods to streamline the first point of contact between their business and their customers. Finding methods that allow for self-enrollment, convenient access, a consistent customer experience, and secure identification builds the foundation of trust between companies and customers.

About the Author

Kimberly Biddings authorKimberly Biddings, VP of Product at BIO-key International, Inc., has over 10 years of cybersecurity and Identity and Access Management (IAM) market knowledge and experience, gained across multiple authentication and cybersecurity firms. Now as the VP of Product at BIO-key International Kimberly is focused on driving growth and deployments of BIO-key’s IAM and Identity-Bound Biometric (IBB) solutions. Kimberly continues to be a thought leader and advocate for evolving the way organizations and people approach cybersecurity in our everyday lives.

Kim can be reached online through the company website www.bio-key.com


FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.