Balancing strong security with customer convenience

June 21, 2021

Over the past few decades, technology has made our lives increasingly convenient. From Amazon’s one-click shopping to voice operated smart home devices, the digital landscape has made it easier for people to do most things with very little friction. Effects of the COVID-19 pandemic have resulted in a further catapult in progression. Now, even more consumers are becoming increasingly used to interacting with new digital technologies. As a result, they’re also becoming more comfortable with how financial institutions are using these technologies to create improved digital experiences that meet customers’ changing needs and expectations.

Unfortunately, the rapid changes and increased use of digital accounts and resources are raising concerns about data breaches, hackers, and security threats. There are more online user accounts per person than ever before, and all of these translate to increased security risk for identity theft. With the majority of people reusing passwords for multiple (or even all) their accounts, this means that company resources are at greater risk of being infiltrated.

With stringent password policies that require employees and customers to set complex and unique passwords, digital interactions become cumbersome and compromise on convenience and a positive customer experience. So how do you achieve the ideal trade-off between customer convenience and strong security?

One way to balance the need for security without compromising on user experience is to use multi-factor authentication. This solution, which seems simple on the surface, protects online resources more effectively and efficiently than even the strongest passwords. Below is a brief explanation of how it works, and how to find the best balance between security and convenience, based on the customer experience you’re aiming to create.

Multi-factor authentication: An introduction

Multi-factor authentication is a critical tool in the fight against fraud and theft of sensitive company information. It adds at least one additional factor to the login process, which usually requires an additional piece of information like a code in a mobile push notification or SMS message, a token, or a fingerprint scan. The first factor is usually the traditional username and password. The additional factors can be divided into three broad categories:

  • Something the user has: A keycard, USB, or mobile device could be used to verify identity.
  • Something the user is: This includes unique and non-changing attributes like facial recognition, iris scans, fingerprint, or even typing patterns. These are widely believed to be the most secure, but they’re also quite difficult and costly to implement.
  • Something the user knows: An answer to a secret security question, facts about the user’s life or family, etc. can also be used. Passwords also belong in this category, so it’s usually more secure to use a strong authentication method from one of the other two categories as the second layer of security.

Finding the right balance between cybersecurity and convenience

A common belief in the security industry is that if something needs to be secure, it can’t be convenient. In fact, the 2018 Norton LifeLock Cyber Safety Insights Report says that 66% of Americans accept that their online privacy comes with risks to make life more convenient. The same seems to be true for security, as the Norton survey reports that 75% of Americans know their smart home devices can be hacked, and 80% are aware that if criminals can hack an email account, they can also access all linked devices.

In today’s fast-paced digital landscape, balancing security and convenience has become vital. Millennials drop off if the onboarding process isn’t quick and smooth, and a system with too many security steps confuses Boomers who are less familiar with digital technologies. Every second spent trying to log into an account impacts the customer experience and people can become impatient very quickly. Yet, expectations for security are also high. Companies could face devastating lawsuits in the event of data breaches where customers’ private information is accessed without authorization.

The balancing act is precarious, but it’s possible to ensure a smooth customer experience without compromising too much on security. This can be achieved using a multi-factor authentication process. Adding that additional layer of security removes the hassle of remembering impossibly hard passwords while making the system much more secure than it was with only one layer of authentication.

To ensure convenience, companies can invest in seamless IT integrations and hardware. Using biometric authentication as the second layer is considered the most secure, but it needs to be done right to ensure the least risk of false rejects or accepts. For example, if a facial recognition system is used, demographic biases must be accounted for.

Next steps

Sometimes, it may feel like you can’t have one without the other, and the more secure you make your system, the less convenient it becomes for consumers. But with increasing privacy concerns, customers are willing to accept a little friction in return for a highly secure experience. Businesses that can offer a moderate level of convenience in tandem with strong security are the winners in this ecosystem, as customers become loyal to such companies as long as the balance is maintained.