Andrew Shikiar, Executive Director at the FIDO Alliance
The global pandemic has pushed the importance of remote access and authentication right up the agenda for many businesses. All those occasions where people would normally show up in person to open a bank account or pick-up some high street essentials were simply not possible for large parts of the year. Even as restrictions have eased across the country, these kinds of face-to-face transactions remain an unappealing prospect or a last-resort to many.
Not surprisingly, this has led to unprecedented demand for online and remote services. This brings with it a host of challenges and opportunities, and we have seen many examples of companies brilliantly adapting and reacting to this new way of life. But one issue that businesses and individuals have been grappling with for years – that of frictionless transactions and authentication – has now been put under a brighter spotlight as it is increasingly critical to get right.
Friction impacts the bottom line
The core challenge facing businesses is how to strike the right balance between giving customers the best possible experience of online service, and the necessary regulatory and security implications that directly affect – and often contradict – that ideal user experience.
We’ve all likely experienced the very real kinds of friction I’m talking about – it’s the account you gave up on registering for, or the purchase you abandoned because the process was just too frustrating.
Friction like this has direct bottom line impacts through the loss of sales and/or disaffected customers – and it is substantially more pronounced in the current climate. People have less money to spend, they are spending a greater proportion of this reduced pot online, and businesses are competing for their livelihoods to claim their share. Providing a frictionless experience can be the difference between success and failure.
Banking and retail lose out
Nowhere is this problem more keenly felt than in the retail and banking industries. Countless transactions simply don’t happen each year due to issues with passwords or mobile One Time Passwords (OTPs) at the point of signing-up or checking-out.
Data from Statista shows that 69.57% of digital shopping carts and baskets are abandoned and the purchase not completed. And Mastercard’s analysis estimates that up to 20% of mobile e-commerce transactions are abandoned or otherwise fail (e.g., from undelivered SMS OTPs) mid-way.
In addition, independent web usability research institute Baynard found that one out of five consumers abandoned their online shopping carts citing the checkout process as “too long and complicated”. That means 20% of customers taking their custom elsewhere, likely to a competitor, because the process presented too much friction.
Passwords are a major part of the problem
Organisations have struggled to strike that balance between frictionless yet secure online log-ins in large part because of historical dependence on passwords – which simply aren’t fit for purpose in today’s online economy. Passwords were designed to be simple but, as we can all likely attest, they have become incredibly cumbersome and difficult to manage.
The demands placed on consumers to remember and keep track of the array of different passwords they need, and the different requirements of password complexity which varies from provider to provider, is proving to be untenable.
Not only are passwords a major cause of consumers giving up on purchases or preventing them from signing up for new services, but they also fail in delivering on their primary objective: to protect accounts and sensitive data. All too often the password has proven to be a single point of failure, and one that is all too easy for hackers and fraudsters to get hold of – a trend accelerated by the coronavirus pandemic.
There has been a move toward developing and adopting open standards that enable any online service provider to authenticate users in a way that is both highly secure and almost completely frictionless – with all major platform and cloud service providers coalescing around a common approach.
It’s clear from the way consumers have embraced using their fingerprints and FaceID to unlock their devices that simple, natural gestures work – and that they are often preferred over using a password. By adopting the latest authentication standards, organisations can enable their customers to use these same easy gestures on their every-day devices to prove their identity and approve even the most sensitive of transactions.
The standards also improve security by moving away from the traditional model where your password or similar piece of ‘secret’ information is stored on a server, to one where credentials are stored on an individual’s device. This means they cannot be phished or divulged through other means of social engineering, while also inherently stopping the large-scale breaches that impact millions or billions of users in one go.
Due to these developments, the kind of poor user experience that leads to abandoned shopping carts and lost customers during the sign-up process is completely avoidable. There is now nothing stopping banks, retailers, and a range of other businesses from offering a superior, and low-friction user experience while also maintaining the safety and integrity of the networked economy.