For part two of our digital identity trust podcast series, we’re joined by Shaked Vax, worldwide technical sales leader at IBM Trusteer. This episode’s focus: How can enterprises deliver the frictionless experience customers demand without compromising security?
Establish a Baseline of User Behavior to Validate Digital Identity Trust
For Vax, creating buckets enables security teams to validate users appropriately. Existing user buckets leverage passwords, one-time codes or tokens to gain account access with the assumption that users are telling the truth. Enterprises need to verify this identity using what they know about specific consumers: Were they potentially exposed to malware? Is their behavior consistent with previous interactions? Is there any evidence of device spoofing?
New users are more difficult because organizations lack a baseline. Vax recommends leveraging vendors with a wider point of view who can aggregate user data and determine whether their behavior follows typical access patterns.
Why Measurement Should Be Mandatory
Vax puts it simply: If you can’t measure it, you can’t prove it. To ensure that identity controls are working properly, he suggests collecting data that shows where and how users fail on authentication challenges.
In addition, organizations that use multiple authentication methods should identify which methods are most popular and which are underutilized.
Seamless Security: Too Little?
Could the digital identity experience potentially become so seamless that it undermines user trust? Vax relates the experience of a bank that implemented a fully transparent, seamless financial application and generated extremely low adoption numbers. Users didn’t believe it was secure because no visible security measures existed. The addition of a YouTube-style authenticating graphic helped boost user confidence. The takeaway is that digital security is not only about what companies do, but how they make users feel.
Strict Security: Too Much?
On the opposite end of the spectrum, enterprises can implement such strict security measures that it drives increased customer churn. It can also lead to repeated failure at authentication points, in turn sending customers to more costly authentication channels such as call centers.
For Vax, the key to digital identity trust is finding a vendor that both provides a security platform and services that platform with actionable threat analysis. This gives organizations the foundation they need to create effective threat prevention logic without under- or overburdening users along their digital experience journeys.
Subscribe to the podcast today to ensure you don’t miss the next episode of the “Digital Identity Trust” series. Please also consider rating the podcast and leaving feedback on iTunes or wherever you consume your favorite media.