The Case For Intelligent Friction
Customer friction and biometric solutions
We all know the feeling; blood boiling, heart pounding in your chest, grip on your phone tightening. This all-too-common reaction is the frustrating reality of customer friction. It can be encountered when trying to purchase something via an automated phone system, attempting to speak to the right person to solve your query, or simply trying to access your account online. There are few customer experiences as frustrating as coming up against a system that makes life harder for you or slows you down. One that makes you question why you’re trying to, or already are, paying a for this service or shopping on this site.
However, despite their irritating nature, these systems exist for your security and your sense of safety. In having to enter personal information or authentication codes, companies are protecting their customer’s accounts from malicious actors all-the-while conveying a sense of security. Depending on how advanced the security technology the financial institution or eCommerce company is using, companies are capable of knowing whether or not their customers are who they claim to be even before they log in. Any business with login environments can be able to tell whether a session is high-risk or not based on inputs collected from that user such as device, location, and natural behavioral data.
Although friction is often viewed as a negative aspect of any online experience, there is a case for what is called intelligent friction – where the company purposefully applies friction to benefit the user’s experience.
Even organizations that employ passive behavioral biometrics which offer a high confidence of the user behind the device, still often leverage second factors of authentication such as passwords or fingerprints. This offers users a sense of comfort for their customers’ security. Imagine accessing your online bank account without typing in a password and security question or swiping your fingers across the screen, your account information simply just appears upon entering the URL or opening the app. This may leave you nervous concerning the security of your account or feel “creepy”. For many customers, entering credentials gives them a sense of reassurance that their account is safe from malicious actors. Providing some sort of barrier between a user and their account can be a clever practice for companies to offer their valued users a sense of security, even when it is not needed. There is much to be said about comfort and convenience in an online experience.
Another type of intelligent friction is to apply friction only to high-risk sessions. If red flags are being raised on an account attempt, for example, instead of freezing the account or denying access, businesses can take a third course of action: challenging those “users” with two-factor authentication. They may choose to pass their good customers through with white gloves and no additional security questions while challenging the high-risk sessions with a captcha or other security measures.
Customer Experience vs. Security
In the end, the familiar conundrum for businesses is this: How can they ensure that they keep their customer accounts safe from bad actors while simultaneously making sure that these same measures don’t drive their customers to distraction or even abandonment? It’s a delicate balance for organizations, who can’t afford to have the scales tipped in favor of the hackers. The traditional model of password/username authentication, while largely accepted and offering a feeling or sense of security by consumers, is easily compromised. If users re-use passwords, share things about themselves across social media feeds, or are subject to social engineering, these passwords are rendered completely useless.
How to Get Personal
So, what’s to be done? The field of physical biometrics can offer some solutions. The use of a fingerprint scanner, iris recognition technology, or even selfies, can make for safer user accounts and provide a better sense of security. But even these latest authentication options are not fool-proof when it comes to being compromised. Customers might not be too keen on the idea of taking a selfie every time they feel like checking their bank balance.
We see the solution as a simple one. While the field of physical biometrics might not be the most frictionless customer experience, the field of passive biometrics works to verify users behind the scenes. Passive biometric solutions work by understanding the behavior patterns of a client’s known, good users. We build up a detailed understanding of their behavior so that anything which seems anomalous (logging on from an unusual location, different device, or at an unusual time of day, for example) is immediately flagged as abnormal and therefore potentially risky.
Passive biometric solutions also monitor the minute physical engagements with our devices that can pinpoint an individual user with almost total accuracy. This can be anything from the angle a phone is used, to how hard a user pushes the buttons, screen, or keypad on a device. When combined, the accuracy of these measures is astounding. As a bonus, these passive biometric inputs and are impossible for a malicious user to steal or replicate. Once the online merchant or financial institution combines multiple layers of security, such as traditional two-factor authentication or active biometrics, passive biometric solutions can ultimately solve the conundrum between security and experience and the needed sense of safety – to a degree that many businesses have not thought possible since the dawn of the digital age. And the customer knows that if these solutions are working in conjunction with their traditional password/username format, they are safer from account takeover, loss of funds, and identity fraud than they ever have been before.
Want to learn more about biometric authentication? Download our co-sponsored Aite Group report, Biometrics: The Time Has Come.
Want to read more posts like this? See our full blog here.