Balancing Security and User Experience


With so much of modern business taking place online, IT security is a strategic priority. When it comes to customer-facing systems, balancing security and experience can be a challenge. By factoring user experience into early designs, you will avoid future problems that annoy – and potentially deter – your customers.

Identity and authentication mechanisms can be slow and cumbersome, particularly when trying to enter complex passwords on a smartphone. This is a significant problem when you consider how little patience people have for poorly performing apps.

You can’t relax your defences, but you do have to deliver the very best experience possible. So what can you do?

­Simplify where possible

The process of registering for a service needs to be as simple as possible – at least in the first instance. What is the least amount of information you need to capture for an initial sign up? Do you need any at all, or can crucial information – like delivery addresses – be acquired automatically from another source?

Obviously, you must observe all relevant legal and regulatory obligations, but the registration process must be reduced and refined. If you need nothing more than an email address and password, make sure that is all you collect at initial registration.

Best practice (and regulatory requirements like PCI DSS 3) demand the use of multi-factor authentication (MFA). PCI DSS 3, the framework that is used by card payment providers to enhance cardholder protection, demands two separate forms of authentication before a customer’s account is charged. In the past, simply entering the three-digit CVC number from the rear of the card was enough to process an online payment. Now customers must supply the CVC number and a 6-digit temporary code that is sent to the customer by text message.

MFA adds a layer of complexity to the login process, so think carefully about which channels to use. SMS text message codes are relatively simple to implement, but do you really want your customers to exit your app in order to log in? You must carefully consider which MFA channels offer the least disruptive authentication method as you build your apps.

Using the cloud to simplify customer authentication and sign-on

Customer identity and access management (CIAM) technology like passwordless authentication can provide a boost, particularly when developing for the modern multi-channel operating model. The same cloud-based authentication platform can be used by all your systems, reducing development time and time to market.

Authentication needs to be consistent across all your channels, so plan your system using single sign-on (SSO) and unified customer profiles. Unified customer profiles collate your customer’s authentication data into a single repository so that it can be used seamlessly across your systems.

Using CIAM in system design goes beyond providing enhanced gatekeeper control. Your CIAM platform becomes an identity directory, a centralised store for customer profiles and preferences. This information can be analysed and mined for insights that allow you to tailor services and communications to individual customers.

Once your customer has completed initial sign-up, you can look at ways to capture the other important information required for service personalisation, product development and general analysis. Again, wherever possible this process should be quick and easy, building trust to encourage customers to provide the information you need to serve them better – and to improve their overall experience.

Originally posted on: https://condatis.com/uncategorized/balancing-security-and-user-experience/