As cybersecurity becomes a more pressing concern, it’s time to make robust security a central part of product and service design. This is especially so in the ‘new normal’ that will emerge after the coronavirus pandemic, where exceptional customer experience will need to be fused with security and reliability.
As lockdown measures have sent many of us online, companies have struggled to adapt, with many attempts to provide a more secure and scalable solution failing both in providing such security and also to provide an enjoyable customer experience. It’s prompting an overdue rethink of the customer journey so that experience and security aren’t unholy bedfellows.
Here are a few things you should keep in mind when doing so.
1. Think of customer personas and journeys
It seems obvious, but the first thing to do is try and have a detailed understanding of your customer/s, and especially how they engage with your products and/or services. This understanding typically manifests itself in customer personas, which commonly have a variety of key characteristics and behaviors. These personas allow you to map the steps each customer takes in engaging with your services.
User personas should provide a comprehensive enough catalog of customers to cover most users and their activities.
To bring them to life, they are often given a persona of a fictional individual, and should strive to cover off a comprehensive set of user actions.
From this start point, you can then begin to map these personas onto the activities associated with each customer account to create a “secure-journey life cycle,” which should include things like customer registration, account management, account reactivation, and termination. This step is designed to help you identify any processes that might require additional controls, while also allowing you to investigate any trade-offs that may be required between security and user experience at each stage.
2. Develop appropriate customer access management controls for key processes
To reduce cyber risk across the customer journey, it’s important to use robust Customer Identity and Access Management (CIAM) controls. For instance, to tackle fraud, identity-proofing, and multi-factor authentication.
As the appetite towards risk varies, however, companies may take a different approach towards the implementation of these controls at various points in the life cycle. This appetite can often be driven by the recent history, with tolerance reduced when cyberattacks have occurred in the recent past.
An assessment of the key sources of risk can be invaluable at this stage. Many organizations are using attacker journeys to help them understand how cybercriminals may look to compromise their systems. These maps are similar in many ways to customer journey maps, but are applied to hackers instead.
3. Strike the balance between experience and security
The design of a secure customer journey will inevitably require trade-offs between customer experience and security. It will require a balance to be struck between the two that aims to provide a seamless customer journey whilst at the same time reducing the risk of exploitation by hackers.
For instance, you might ponder quite how flexible the customer journey can be when also engaging in multi-factor authentication.
Customers may demand customizable authentication from you, or they may naturally gravitate towards less secure methods, such as text-message codes.
Other common questions might include the length of time users devices remain recognized by the system, or the frequency with which customers have to reauthenticate after they’ve originally logged in. The trade-offs between user experience and security in such straightforward examples are clear, and companies will need to decide where on this spectrum they want to sit depending upon its appetite for risk and its known customer pain points.
4. Integrate clear design principles
The best secure customer journeys usually deploy architectures that are equal parts capturing key business values whilst being flexible enough to adapt to changing needs. This is usually captured via a seamless customer authentication process across multiple platforms, rapid authentication, and centralized entity management.
5. Strong governance that supports the secure customer journey
Last, but not least, strong governance has to be at the heart of your effort to build a secure customer journey. This will involve a clearly defined scope of work, together with participation and decision-making responsibilities. A governance board should then ensure that all interested parties are involved, from the executive leadership down to the respective business units, with cybersecurity teams active throughout.
The digital economy is getting ever more complex, with brands expanding across an ever growing array of platforms and devices.
The need for consistent and secure customer experience has never been greater, but it’s a need that is only going to grow as the complexity of the landscape grows.
The five steps outlined above aren’t a cast-iron recipe for success, but will hopefully help you get started on the right foot as you strive to strike the ideal balance between slick customer experience and robust customer security.