Convenience or security: What do your customers value more?
Computerworld - An enormous challenge for organizations is striking an appropriate balance between a need to verify identity and the ability to provide quick and easy access to systems and confidential information. A lack of balance can have serious consequences. A leading Web merchant may lose business because the identity management procedures fail to authenticate a legitimate customer. Or even worse, individuals may become victims of identity theft because an online business fails to use proper identity management safeguards.
To address the convenience and safety conundrum, technology companies are developing biometrics and universal identification systems for purposes such as access to bank accounts, entry into public buildings and security screening at airports.
To find out the types of identity management technology consumers prefer and the expectations they have about how organizations use it, the International Association of Privacy Professionals, Electronic Data Systems Corp. and Ponemon Institute recently conducted a Web-based survey of almost 1,200 adults throughout the U.S.
The survey asked respondents about personal information they are willing to share over the telephone or Internet, both to establish a new business relationship and to validate their identity when making contact with a company they already do business with. People said they are more willing to share personal information with a customer service representative over the telephone than during an online session. The pieces of personal information individuals are most willing to share with organizations to establish their identities are: name (88%), home telephone (88%), address (84%) and customer account numbers (82%).
The pieces of information individuals are least willing to share are: racial or ethnic origin (8%), Social Security numbers (12%), debit card numbers (16%), nationality (18%) and driver's license numbers (18%). How much is too much? According to 65% of the respondents, three or more separate pieces of personal data to identify them is too much.
Consumers want convenience
It is interesting to note that despite the rise in incidents of identity theft, the study suggests consumers want identity management to be a relatively easy and efficient process. The most salient findings are shown in Figure 1 below. In short, respondents don't want organizations to require them to deal with complex passwords or access procedures. For example, if they forget their online password, 44% of respondents said it should be e-mailed to them immediately so that they can access the system with minimal delay, and 44% said that customer service representatives should provide helpful hints or prompts if they forget their password.
As shown in Figure 1, only 26% of respondents believe that they should be locked out of an online transaction for repeatedly failing to enter their password or special access code. And just 13% of subjects are willing to provide three or more pieces of personal data before being granted access permission.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
- Top Solutions and Tools to Prevent Devastating Malware
- Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
- X-Ray of the PCI Process-4 Proactive Steps
- This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into...
- Identity Governance: The Business Imperatives
- This white paper describes the business challenges and opportunities that are driving interest in Identity Governance while discussing considerations your organization should make... All Security White Papers
- Live Webcast
Playing Defense: Staying on Top of Your Disaster Recovery Game - When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...
- Introduction to VMware vCenter Site Recovery Manager 5
- Traditional disaster recovery solutions are often too expensive, complex and unreliable to meet business requirements. As a result, IT departments are hesitant to...
- The Top Ten Secrets to Avoiding SAN Performance Problems
- Maintaining peak performance while simultaneously addressing the root cause of SAN errors is challenging. Learn the most common SAN problems and explore new...
- Deduplication Without Compromise
- Go inside Quantum's scalable, high-performance, multi-protocol new DXi deduplication appliances, designed to make backup much more effective. Discover how the new future-proof DXi6700...
- Director of Disk Products Discusses DXi6700
- Discover how the new DXi 6700 series of deduplication appliances provide investment protection and a future-proof feature set, all while delivering fast, scalable,...
- Playing Defense: Staying on Top of Your Disaster Recovery Game
- When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing... All Security Webcasts