The 21st century’s digital landscape is full of enterprise catch-22s and trade-offs.
But one of the biggest may be threading the needle between delivering a seamless digital customer experience without sacrificing security or compromising revenue.
That’s why PYMNTS sat down with Forter Chief Information Security Officer Gunnar Peterson and Allison Miller, founder and principal at Cartomancy Labs, to get their thoughts on how companies can strike the right balance to ensure both customer satisfaction and security.
“It’s incumbent upon any business to think about delivering a great customer experience and delivering the security that they need as an ‘and,’ not an ‘or,’” Peterson explained. “Neither one of those things is optional anymore, so it’s about figuring out how do you do both at the same time. Companies need to be able to walk and chew gum at the same time.”
“Firms need to go into this with eyes wide open so that they don’t end up in a situation where the chief revenue officer and user acquisition team needs to sign up a billion new users, while you have a security team or a fraud team that is trying to keep synthetic identities out of your signup flow,” Miller added.
The digital landscape has transformed the way consumers interact with businesses, and it is not about choosing between a great customer experience or robust security but about achieving both simultaneously.
Still, striking the right balance between providing an exceptional digital customer journey, ensuring security and optimizing revenue can be a daunting task.
To navigate the challenges of delivering a seamless digital customer experience, organizations must foster collaboration across various departments.
Achieving this requires bringing the right people to the table to work collaboratively, focusing on a shared vision.
“It’s important to align incentives,” Peterson said. “You get a lot of thrashing if you don’t have goals aligned.”
The budget season, happening right now, is a critical time for businesses, and aligning goals across departments becomes essential. When goals and objectives are consistent, it minimizes friction and ensures everyone is working toward the same results, even if each department maintains its specialty.
Account takeovers (ATO), where malicious actors impersonate legitimate users using stolen credentials, have emerged as a threat in recent years, driven by data breaches and new attack tools.
That’s why detection of ATO attacks has become crucial for safeguarding digital customer experiences, and businesses must adapt their strategies to address these evolving threats, Peterson said.
Implementing solutions to detect unusual behavior and mitigate threats is key, Miller added, explaining that successful recovery in case of an ATO incident can even turn into a positive customer experience.
“The concept of a 360-degree view of a customer and their normal behavior across accounts and transactions is crucial,” Miller said. “The advancements in [artificial intelligence (AI)] are really helping security technologies and fraud prevention technologies shine.”
“The network effect of tools like graph databases and AI is very real in this space,” Peterson added. “And it goes back to the ability of a model to do pattern recognition in a very short amount of time … The problem with identity and access management tools is they’re very good at finding good users with good credentials. They’re very good at finding bad users with bad credentials. But they are not set up to find a bad user with a good credential.”
Still, the threat landscape is ever-evolving, and businesses need to stay ahead of potential threats.
Peterson pointed out that as businesses adapt to the changing landscape, it’s vital to invest in defense in depth. It’s not about building an impenetrable wall but creating multiple layers of defense, including protection, detection and recovery mechanisms. This approach ensures that even if one layer fails, others are in place to safeguard the digital customer experience.
“All defenses can, and eventually will, be bypassed, so it is really about what happens next,” he said. “Even a car has both a lock and an alarm, even GPS trackers, to protect against theft. Firms need to have a multilayered, multistep protection process in place too.”
The emphasis should be on understanding how attackers can manipulate the value businesses provide and designing products that discourage these activities, Miller added.
So, what do the two security leaders see the future holding?
Peterson said it is important to understand the complete customer journey and have threat models in place to address security concerns. Organizations should plan for different scenarios, both positive and negative, to ensure a seamless digital customer experience.
“Customers are going to do more business online next year than they did this year, and fraud and abuse are also only going to grow,” he said. “You need to be prepared.”
Miller said businesses must remain agile and proactive in addressing new threats. The focus should be on designing products that discourage malicious activities and have effective detection and recovery mechanisms. The future of digital customer experience hinges on the ability to balance customer satisfaction, security and revenue optimization.
“It’s way more expensive to do this later than to just bake security in from the beginning,” she said.