Authentication in the_mind_of_the_consumer


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Authentication in the_mind_of_the_consumer

  1. 1. Authentication:IntheMindof theConsumer Experian® Partner Solutions
  2. 2. Authentication: In the Mind of the Consumer © 2014 Experian Information Solutions, Inc. © 2014 CreateWith Context, Inc. Reproduction of this white paper by any means is strictly prohibited. 2 Introduction Despite all of the concerns about online privacy, we still hear reports about people not protecting themselves online. They use simple passwords, they reuse passwords across websites, and they expose their most personal and intimate data through social media. Why is this the case? Do people not really care about their digital identity? Is it true that “privacy is dead”? As it turns out, people do want to control their digital identities. They want to manage if and when they are ‘known’ online, and they want their information to remain secure – especially financial, health, and insurance information. Interestingly enough, consumers ranked banks, credit card and Internet payment providers high in online validation, according to a recent study. More than 85% of those surveyed believe banking institutions have the strongest authentication and identity verification.1 Aspectrumofneeds People have a spectrum of needs, and their needs vary depending upon the context: At one end of the spectrum is when people want to be entirely anonymous. Perhaps it’s because they are doing something embarrassing, such as buying junk food or going to unsavory websites. Or, it might be when they feel deficient or are trying to improve themselves. Also, it can be when they are doing something for another person, for example researching for their job or getting help for a friend or relative. And sometimes, people want to be anonymous when they don’t yet understand the implications – why does this website want their information?What is it going to do with it? Sometimes, people want to be known, but not personally identifiable.This might be on a website such as ESPN or BBC News, where they want to be able to save their settings and preferences, but don’t want other people to know who they are personally. Or, it could be when they are leaving ratings, reviews, blog comments, or other digital traces - but don’t want these to link back to them. That said, there are many times when people do want to be known.They want to be “me” on Facebook, instant messenger, and other websites where they are connecting with people. Or, they are dealing with merchants that they trust - for example they want Macy’s to know who they are and where they live so that products can be shipped to their homes. But beyond being known, people sometimes want to be authenticated. For example, when shopping they want not only a personalized shopping experience, but some level of assurance that it is actually them when it comes to making the final purchase. Or, they want specific information that is related to their individual health conditions, legal matters, taxes, or financials.And at times, they want to ”softly” hide information from other people – for example they don’t want their spouse to know about a surprise holiday gift. And then there are times when people want it to be difficult to authenticate them. This is when there are big implications to their actions, such as large financial transactions. It can also be when they want to avoid making a mistake that they cannot undo, such as permanently deleting something important or making a purchase that they cannot return.This also applies when other people and their information are at stake – especially children and friends. And, of course, when they want something to be entirely hidden from other people. A recent study reveals that 46% of Americans and 50% of UK citizens couldn’t complete a transaction because of authentication problems.2
  3. 3. Authentication: In the Mind of the Consumer © 2014 Experian Information Solutions, Inc. © 2014 CreateWith Context, Inc. Reproduction of this white paper by any means is strictly prohibited. 3 But as difficult as the authentication process may be, consumers still want to be able to gain access to websites to conduct business. A recent study by the Ponemon Institute, however, revealed that 46% of Americans and 50% of UK citizens couldn’t complete a transaction because of authentication problems.2 As a result, many consumers are frustrated with authentication. Whybadbehavior? Why do people engage in bad behavior when it comes to authentication? This happens for a variety of reasons: they don’t understand how to authenticate, they don’t understand the implications, or, most importantly, because it’s too much work – they don’t understand the value versus risk, what they get, or what they lose. And, this is how people behave naturally.What consumers say and do are drastically different. People say that they care about their future, but they don’t save for college or retirement, they smoke, they don’t lose weight, and they don’t prepare for disasters. Likewise, when it comes to their digital lives, what consumers say and do are drastically different.They say that they care about privacy, security, and protecting their data. However, they do few things to protect themselves, their data, and their devices – because it’s work. Workversusreward People only do work if they feel that the reward is worth it, but the reward being worth it varies depending on circumstance. People are more likely to choose instant gratification than delayed gratification. ”Now” is more tangible, more powerful, we can always worry about the future later – save for retirement, lose weight, exercise. People are more likely to do something they want over something they need, and least likely to do something that they should do. People are more likely to do something that is going to have a positive outcome, compared to something that is going to stop a negative outcome. As it stands right now, authentication is work, in the face of a nebulous potential future reward: “I authenticate now so that in the future people can’t hack or steal from me.” But right now, they just want to get in and go.There is no clear and present danger staring them in the face as they login. Authentication is a protection against potential future threats, it’s something that people feel they should do, and it’s against a negative outcome – all of which run counter to human nature. Thesolution:Makeiteasier But, there is a solution. It’s not education. It’s not forcing people to do “the right thing.” Rather, it’s by reducing the work and making it easier. By reducing the work, the future will be even more secure. Authentication will work not only due to the technology but because people will inherently adopt things that are good for them if there is no work required. The solution is to find ways to authenticate people passively, where they don’t need to do anything. There are a variety of identification methods that will help to solve this problem. First, your body uniquely identifies you and technology can determine if it is you by face recognition, voice recognition, fingerprint scanning, and eye scanning. Emerging technologies that can also authenticate include your unique scent, your gait when you walk, the shape of your ear, or the unique signature of your heart beating. Further, your body’s interactions with the world will be used to identify you. Gaming companies are using a biometric reading of your hand (size of the hand and grip strength) to create an identifying “pressure profile signature.” Once created, the signature can be used to log into a console simply by picking up the controller, or can even potentially identify people and read their emotions through pressure sensors. Survey data shows that 85% of respondents are dissatisfied with current authentication methods.3
  4. 4. Authentication: In the Mind of the Consumer © 2014 Experian Information Solutions, Inc. © 2014 CreateWith Context, Inc. Reproduction of this white paper by any means is strictly prohibited. 4 People’s behaviors and patterns will also be used to identify them. People are predictable– what they do, where they go, with whom they communicate, and so on. Just by repeatedly shopping at the same store or walking the same route every Saturday morning, systems can infer who is who. The devices that surround us can also be used to identify people.This can be further reinforced by proximity of other known devices, whether these devices belong to the person in question, their family members, coworkers, or even the person that lives on the other side of the wall in their apartment building. This can be used to provide varying levels of authentication. For instance when someone is physically in the office, it may not be necessary to authenticate them. At home, as long as it recognizes the user, perhaps light authentication can be used. On the road, on the other hand, stronger authentication would be necessary. In the future, we will predict a fusion of methods used to authenticate people based on the importance of the interaction, the available authentication inputs, and the risk of misidentification. “Your IP address is your home, your phone is next to your spouse’s phone, you are making reservations at your favorite restaurant, and your fingerprint matches... Transfer of $$ accepted.” Conclusion Will these methods of authentication mean that everyone will be safe in the future and the new technology will never fail?That’s highly unlikely. But industry leaders have to try to find better ways to authenticate their customers.The more secure and less frustrating that you can make it, the more consumers will provide their trust in your organization. And more trust means they will engage and interact with your products and services more often. After all, isn’t that what it’s all about – trust and relationships? 1,2 Moving Beyond Passwords: Consumer Attitudes on Online Authentication, Ponemon Institute, April 2013 3 Nuance/Opus Call Center/IVR Survey, Nuance Communications, May 2013 Who should invest in new authentication techniques? Services that have a lot to lose due to poor consumer behaviors, such as financial services, healthcare, etc. Services that store massive amounts of customer data Services that want customers to authenticate, but need for the service is not great enough to compel people to ‘do the work’ for authentication, such as media, ecommerce, targeted advertising, etc. About Create with Context Create with Context is a design strategy consulting firm focused on creating digital experiences, headquartered in SiliconValley and working globally. For further information on how your organization can design for trust, contact us today at About Experian® Partner Solutions Experian Partner Solutions offers organizations customizable and co-branded credit and identity protection solutions to meet the growing needs of your customer base. Strategic collaborations with Experian help organizations provide value-add products that will help increase revenue, customer engagement, loyalty and retention. All while providing consumers with industry-leading products powered by Experian. For more information on how to attract new customers and stay ahead of the competition, visit Experian Partner Solutions at