sp3n - stock.adobe.com
Risk-based digital identity benefits CIOs, CMOs and customers
Asking customers to reaffirm their digital identities by sharing private information undermines CX and data security. Instead, use a risk-based approach to digital identity.
Companies understand that providing a great customer experience is essential in this digital age. But a new speed bump threatens to be the undoing of many CX strategies: the ubiquitous requests to authenticate one's digital identity by sharing personal information.
In the past, requests for personal information in the course of digital transactions were relatively infrequent, and security checkpoints ensured money or private information was protected. In today's integrated, omnichannel world? Not so much. The frequency of requests and reasons for asking have ballooned so that digital identity verification often becomes a barrier to building trust and positive positive CX.
Indeed, the common practice of asking customers to reaffirm their identities at every touch point has become a stumbling block both in terms of customer service and data security. Isn't it potentially risky to keep reciting the last four digits of their Social Security number -- again? Who might be eavesdropping? And why provide digital identification to, say, sign up for a newsletter? What's that got to do with security?
These issues highlight two challenges with managing customer digital identities. First is the onerous process to which most security strategies default, making it potentially as difficult to, say, buy a replacement fob for a set of car keys as it is to buy the car itself. Next is a siloed view of the customer, where digital validation often isn't connected to nondigital validation and access records for different customer touch points are stored in separate locations -- many dots but no way to connect them is still the norm at many companies.
Underpinning these challenges is the tension between IT leaders who want to safeguard this data and their marketing counterparts who want to mine it to improve CX. On the face of it, these two perspectives can be hard to reconcile.
Digital identity management: Finding middle ground
Today's CMOs and chief digital officers are expected to drive brand value. That value comes from delighting customers; in many cases, customers are delighted when they feel understood by brands – and, typically, that can only happen if marketers have access to the personal data they need to finely tailor CX.
Done right, these tailored experiences can build not only trust, but also brand advocacy. For instance, I (Daniel) am an avid golfer and loyal to a particular brand. Since this brand has earned my trust, I share personal information that I wouldn't necessarily share with other golf brands. CX, emotional connection, brand value -- these things are now inseparable, and all rely on digital identity.
Digital identity is the fuel for customer engagement. It's also a source of great concern for the CIOs, CISOs and IT teams charged with ensuring sensitive information, like digital identities, are secure.
But, while these imperatives for both CX and security seem at odds, they don't have to be. There is a middle path. What both marketing and technology teams need to serve customers better and more securely is a way to see and connect the dots. Here's a way this can be accomplished: risk-based digital identity authentication.
Four principles of risk-based digital identity management
First, business and IT leaders should consider the notion that customer identity isn't just about security. Instead, they might think of it as a resource that can be applied flexibly across platforms and tailored to marketing motions and individual preferences while making it less obvious for customers. Marketing and IT leaders can help by working together to design a system with four defining characteristics.
Context-dependence. Businesses using a flexible approach might, for example, require multiple means of authentication for financial transactions but a lower level of verification for interactions like updating a newsletter subscription. This type of risk-based authentication (RBA) has the potential benefit of both better CX and reduced complexity for the organization.
Transparency. Instead of sticking out as a separate, onerous activity, RBA can be made an integral part of the online experiences customers already engage in, like researching, buying, servicing or registering. Getting rid of CAPTCHAs or remembering a favorite teacher's name at each step of the customer journey is only part of the shift; in this vision, the initial setup of customers' identity profiles is more comprehensive and expands beyond just a few obvious tests so that fewer -- if any -- visible authentication steps are required once a customer becomes engaged.
One example of a front-loaded, unobtrusive means of authentication is Biometrics. Fingerprints, facial images and voice patterns all can be captured up front on a customer's smartphone and used for simple verification when necessary. Businesses are also increasingly deploying invisible, behavior-based authentications. These use background factors, like customers' device, location, browser or typical use patterns, to confirm who they are. If one of those data points stands out -- say, a known American shopper logs in from a foreign IP address -- then an additional authentication method is required.
Customizability. The digital age has trained us to expect choice; one customer may like authenticating via a secure password manager, while another may prefer biometric recognition. Combine this ability to choose with an identity-fueled relationship management system that can apply these preferences across time and platforms, and the result can be an experience that encourages customers to engage with a brand more often -- and more willingly.
Ubiquity. Any customer-friendly digital identity system must work consistently across marketing, commerce and mobile platforms so that customers don't have to deal with different authentication requirements for different parts of the business. By working together to ensure this is the case, marketing, IT and other leaders can help deliver unified and secure CX that starts building brand loyalty and trust.
Digital identity transformation
A flexible approach to digital identity that follows a customer from touch to touch and channel to channel helps business leaders unlock new capabilities to use that identity to make sensible, context-based decisions. Among other benefits, marketers can gain omnichannel marketing capabilities underpinned by integrated identity and data management with a potential for more loyal customers with increased lifetime value to the business. IT leaders can empower marketers in a safe way and expand IT's role from security guard to directly contributing to CX. (Remember: If the information collected isn't secure, then relationship-building efforts with customers will be moot. The moment there's a breach, they'll likely go to the competition.)
Digital identity transformation is about more than just implementing new security technology and tools. It also involves systemic change -- from core information security, marketing and service functions to areas like governance, finance, culture and even business model.
About the authors
Daniel Poliquin, principal at Deloitte & Touche LLP, has more than two decades of experience in providing advisory services, with more than 15 years of that time spent on identity and access management. He helps organizations establish or improve their security posture to support business-critical processes, meet various regulations and provide improved security services.
Apurva "AP" Pangam, principal at Deloitte Consulting LLP, is a leader in the digital space with a focus on CX, commerce and digital marketing. He helps enable clients in the life sciences, technology and manufacturing/retail sectors to increase sales, improve margins and enhance CX through global digital transformations, B2B/B2C marketing and e-commerce solutions.
Personalization technology is a double-edged sword for CX strategies