enterprisesecuritymag

How Gamification helps organizations improve Ux, reduce cost and increase security of customer identity

By Hugo Lowinger, Principal Identity Strategist, PwC

Hugo Lowinger, Principal Identity Strategist, PwC

The seven key capabilities of customer identity

Whether opening a bank account, renting a car, buying a plane ticket, or logging into an online streaming service, seven key customer identity capabilities are key in making these interactions usable, affordable and secure:

(1) Identification (2) authentication (3) signing (4) attribute management (5) access management (6) fraud-/risk management (7) logging.

Together, these capabilities form the technological basis of the ‘Customer Identity’ solutions that hundreds of millions of people use every day to interact with their banks, telcos, hospitals, cars, supermarkets, social media accounts and municipalities to give some examples.

... that form a highly connected hygiene factor

Although a critical enabler, customer identity is ultimately just a ‘hygiene factor’. This means: get it right, it is most likely taken for granted; however, get it wrong and your organization will make the headlines.

‘Getting-it-right’ requires close alignment of the identity domain with channels and products within the organization as well as adherence to its policies: authentication that works well on a mobile device such as fingerprint recognition may not be applicable by default online or in a branch as well. An authentication that is ‘strong’ enough to login to a website on food recipes online, may not suffice to access medical records. And depending on the industry, geography or competitive landscape an organization operates in, certain rules, regulations and/or standards may or may not apply.

A rapidly changing domain

Ultimately it’s the people within the organization that have to make sure things are properly aligned between the above mentioned domains. This is no small feat, particularly since the past fifteen years have introduced a tremendous amount of change.

“There should be an understanding built across traditionally siloed disciplines such as products, channels, IT, security, marketing, and compliance, at all levels of the organization”

Customer identity has seen the introduction of biometrics, MFA, risk-based and adaptive- authentication. Online has become the main distribution channel with email, web, mobile and more recently API’s and things. Products and services are now expected to be digital and available 24x7.

Moreover, the number of identity related policies has skyrocketed. Most recently, policies have been driven by new regulations such as GDPR, PSD2 and AMLD5; the steady growth of cybercrime such as phishing, skimming, malware, ransomware and CEO fraud; and the fast proliferation of cloud computing and SaaS solutions.

On the people side, things have not exactly been quiet either. The wide proliferation of Scrum, DevOps and Agile has brought IT out of the engine room, right into the center of the organization.

Interdependency and complexity: Customer Identity Twister

The resulting complexity of the customer identity domain is daunting. Think about all the systems, processes and teams involved. Not only did they have to support the basic interaction, but also had to enable unhappy flows and exceptions in environments that are riddled with the shortcuts and workarounds taken over the years when they were put in place and or altered.

This leaves the landscape in a state of ‘Twister’ (you know, the floor game invented in the 1960’s that “ties you up in knots”) to which customer identity is an important contributor.

Organizational impact far exceeds the cost of the core customer identity capabilities ...

The cost associated with this customer identity induced entanglement far exceeds the seven key capabilities we talked about earlier.

Consider the costs associated with the workaround processes for example. For onboarding, requiring customers to call your call center, wait for letters or visit a branch just because implementing a more customer friendly solution is resource and time consuming.

Think about those amber and red compliance items that require monthly reporting (sometimes to the regulator) that you are unable to close. Or even those avoidable fraud damages – not only the direct losses, but also the recovery of funds, accounts, and for example, reputational damage.

Consider the customer identity policies that are hard-coded across multiple systems, requiring coordinated change of multiple teams and backlogs, forcing all those involved to study low-level technical details, and extrapolating the risk of delays: if one is late, all are.

... it hurts customer experience

But what’s potentially even more important is the adverse impact on customer experience. Because of the complexity of customer identity projects, product introductions are delayed, customer-facing processes are more error prone than they should be and commercial opportunities missed. Ultimately, both the bottom and top line suffer. In today’s hypercompetitive landscape, this is hardly a sustainable situation.

Gaining a shared understanding of customer identity through gamification

Untangling this customer identity Twister starts with understanding of the interrelations of the associated processes and systems with the wider organization and its infrastructure.

This understanding should be built and shared across traditionally siloed disciplines such as products, channels, IT, security, marketing, and compliance, at all levels of the organization.

To facilitate and accelerate this process, we apply gamification. Participants of ‘The Customer Identity Game’, a serious game on customer identity, are charged with building a customer identity landscape for their organization. Embedded in organization specific use cases, up to five teams compete to simultaneously maximize user experience, minimize cost and optimize security. The team striking the best balance between these three objectives wins. Does it work? Well, we have never seen so many people happy to untie the knot and build identity processes their customers love!

Weekly Brief

Read Also

Physical Security for a Confident Future

Physical Security for a Confident Future

Jana Monroe, Vice President of Global Security, Herbalife
Keep It Simple, Stupid: Less is Sometimes More When Preventing Security Breaches

Keep It Simple, Stupid: Less is Sometimes More When Preventing...

George Finney, Chief Security Officer, Southern Methodist University
The role of Cybersecurity in Transformation

The role of Cybersecurity in Transformation

Shuky Bendek, Head of Technology Risk, HBF Health
MULTIFACTOR - Too Little, Too Late?

MULTIFACTOR - Too Little, Too Late?

Peter Rietveld, Domain Architect Identity & Access Management, Ahold Delhaize [Euronext: AD]
IAM-It's a Business Problem

IAM-It's a Business Problem

Ian Hill, Global Director of Cyber Security, Royal BAM Group [AMS: BAMNB]
How is France and Uk's new Cookie Guidelines affecting Businesses?

How is France and Uk's new Cookie Guidelines affecting Businesses?

Barry Cook, Group Data Protection Officer, VFS Global