How to Build Privacy Into Customer Authentication
Computerworld - Reports of worsening identity theft are pressuring companies to adopt stronger methods of making sure they know the identity of their customers. Most customers will find this additional layer of security comforting. But the more invasive authentication methodsbiometrics, especiallyhave people worried that they'll lose their privacy in the process. How can businesses authenticate their customers without scaring them away? By putting the consumer in control throughout the authentication process.
Since 9/11, companies have been re-examining how they confirm that their customers are who they say they are before giving them access to systems and accounts. The 9/11 hijackers showed how easy it was for deadly criminals to pass through society making important transactions using unchecked credentials.
The next time you call your Internet service provider, for example, you'll probably have to pass through two or three filters before you can change your service. The ISP will check its caller ID to verify your phone number and then ask you to verify your name and address, and it may ask for one more piece of information.
For this third piece of information, an emerging trend has been to ask you for the answer to a "secret question" you set up when you open an account, such as a PIN, the name of your pet, your birthplace or your mother's maiden name.
For customers like me who are privacy sticklers, this is a welcome improvement. I'm more certain that an imposter would be lacking all the right pieces of information to break into my account.
If you're not comforted by this trend, you should try the experiment I did last month. I accessed my top 25 accounts and noted what information the companies required from me to gain access. I found that in half of the cases, my favorite businesses required three or more pieces of personal information (see Table 1). This was rarely the case a few years ago.
But not everyone is excited about this development. Giving companies more information is dangerous, privacy advocates say, because no business has perfect security. And all customers have a point at which they'll abandon a registration process if too much information is required. Businesses may already be reaching that tipping point with their heightened authentication.
So how do companies strike the right balance? How can they simultaneously provide the levels of privacy and security that customers want?
There are two ways. First, companies need to adopt a tiered authentication policy. By tiered, I mean that the level of authentication should be directly related to the sensitivity of the account being accessed. The higher the sensitivity, the more credentials should be required (see Table 2). Customers will expect more scrutiny for financial accounts but will reject it for retail accounts.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- OpenStack and Red Hat: IDC White paper Most OpenStack deployments are by public cloud providers that are early adopters of technology and use OpenStack in a do-it-yourself deployment and support...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have. All Privacy White Papers | Webcasts