Why online services need to prioritise cybersecurity and customer experience
As more and more of our everyday services and activities move online, cybersecurity becomes an increasingly important consideration. It’s quite daunting to think about the amount of sensitive data we enter into online forms and systems.
As we bank, shop and fill out the Census online, we regularly input everything from birthdates, credit card information and valuable passwords.
This isn’t just the way of the future; it’s the way of the present. The Australian Taxation Office (ATO) is rolling out its “Digital by Default” approach, making online services the first stop for all their dealings with the public. Service NSW has done the same. So have the banks.
As we use these online services, it’s important they’re not only safe but also convenient. Banking online should be no more complicated than walking into a branch and carrying out a transaction. Buying clothes from a brand’s website should be just as user-friendly as entering a store and dealing with a sales assistant, if not more so.
At the European Information Security Summit 2016, leaders from the BT Group, Nationwide Building Society and others came together to discuss the delicate but crucial balance between cybersecurity and customer experience.
Nationwide Building Society group risk director Michele Faul discussed the expectations customers have of their banking experience.
“People expect their bank to be safe and secure, and we have not yet really seen the effect of a cyber attack successfully on a bank and we’re all working very hard to keep it that way,” Ms Faull said.
“What not everybody does yet is make the link between the hoops they feel they have to jump through to use the product and how they make that product safe.”
I recently experienced what can happen when cybersecurity is prioritised over usability when attempting to login to my PayPal account. At some point several years ago, I took over my mum’s PayPal account. For whatever reason, PayPal allows email addresses to be changed but not names or phone numbers, so the account is a strange mix of my details and my mum’s. Mum supplied her phone number when originally signing up and I added my mobile number as an added layer of security, and to ensure I could be contacted if I needed to be.
For whatever reason, when I tried to login recently, PayPal said my account had experience “unusual activity” recently, and asked me to confirm my identity. Generally, this isn’t an issue – in fact, it’s kind of great. I’m glad to know PayPal is this thorough about protecting my information and funds.
The issue arose in how PayPal chose to confirm my identity. They decided to phone me and provide a unique security code. The problem? They wanted to use mum’s home number, provided way back at the start and never removed. Even though I had provided my mobile as a backup, there was no option to request a call to my mobile instead. It’s not exactly the end of the world but it’s annoying to coordinate with Mum to be at home, ready to take a call from PayPal and provide me with a security code.
First world problems, I know, but this is an example of cybersecurity being prioritised over customer experience. I finished that experience extremely frustrated with PayPal, wondering why they hadn’t ironed out this particular bump.
Undeniably, attacks from hackers are a serious risk to be considered when dealing with online services. However, reputational risk and the customer’s experience also needs to be factored in.
About the author:
Christian Berechree joined Akolade’s production team in May 2016. He has a Bachelor of Media and Music and a Masters in Journalism.
Christian is a musical theatre geek and a new dad, and he’ll happily spend hours telling you about either or both of those things.