Banks and ecommerce merchants face a balancing act when it comes to online security, according to new research from Experian.
On one hand, nearly two-thirds of 5,550 consumers surveyed in 11 markets worldwide appreciate having security protocols in place because they crave feeling protected when they handle financial transactions online. When they are asked to confirm that they are a human, and not a bot, by filling out a CAPTCHA test, they typically feel that the higher friction in getting into their account means better protection.
Overall, 66% of consumers agreed with the statement, “I like all the security protocols because it makes me feel protected.” This agreement varied among countries from a high of 76% in India to a low of 56% in Turkey. U.S. consumers came out slightly higher than average, at 69%, in Experian’s 2018 Global Fraud and Identity Report.
Finding the middle path
A lack of visible security was the top reason cited in the survey for consumers’ abandonment of online transactions—53% of consumers surveyed say they have dropped off a site rather than complete a registration process they didn’t feel was strong enough.
On the other hand, some consumers abandon onboarding processes because they are being asked for too much information or because they object to mandatory creation of accounts for what they suspect will be a one-time transaction with that source.
“They don’t want to have to go through a lot of friction,” explains Keir Breitenfeld, senior business consultant at Experian. Breitenfeld works with banks and other companies on security solutions.
The consultant explains that while tolerance for friction varies by nation, it also varies by age group.
“Millennials are less tolerant of friction than preceding generations,” says Breitenfeld. The survey found that 42% of millennials would conduct more online transactions if there were fewer security hurdles to get over, while only 30% of respondents over 35 cited security as an influence on their online patterns.
At first this may seem counterintuitive, given that millennials have been transacting online for most or all of their lives, while older consumers made a transition at some point.
But Breitenfeld suggests that older consumers are accustomed to having to physically show identification, such as a drivers license, for face-to-face transactions. Proving who they are online isn’t a foreign idea. Millennials, by contrast, feel their online providers should have some way of recognizing them so they don’t have to spend much if any time on self-identification.
“They feel that, ‘I shouldn’t have to answer questions or even have to use more than a password’,” says Breitenfeld.
Speaking of passwords…
In a separate sampling from the 5,500 consumers, the survey also queried 500 business executives in the 11 markets covered. Among this demographic, passwords remain the leading security measure for establishing new accounts, logging into existing ones, or performing transactions
On several grounds, this makes for a leaky kind of protection.
The execs indicated they continue to rely on passwords for their businesses in spite of the exposure through database hacks. This is because customers favor familiar methodologies.
However, even consumers have an issue with passwords: They forget them constantly. One out of four surveyed said they have forgotten a user name or password in the last six months.
This isn’t just an inconvenience for them, but an expense for their providers. Noted one anecdotal comment in the survey report: “Our service desks are getting tons of calls, most to do with password changes or help because users forgot their password. If we can do more on the self-service end, it would be tremendous, a reduction in the call volume.”
The survey also found that more than one in three consumers don’t even change their passwords annually. Only one in five change their passwords at recommended intervals.
Digital trust is heart of change
Breitenfeld says that behind these findings is a feeling among consumers that online providers should have better methods of passively establishing and confirming who they are. It’s not unlike the feeling of being asked for ID at a store one shops at weekly.
“A good portion of consumers will abandon a session if they feel security is becoming disproportional to the transaction,” says Breitenfeld. He said consumers feel that friction in online dealings should be reserved for risky transactions.
However, consumers aren’t the only ones who can bail out on a transaction. The survey found that six out of every ten businesses surveyed saw fraud losses exceeding or equal to levels seen in 2016. Based on this experience, many will deny transactions where they cannot be certain that the other party truly is their bona fide customer.
The challenge here is that customers believe their providers should recognize them with a minimum of friction. “It’s a very consumer-centric marketplace today,” says Breitenfeld, so providers will in the end opt for pleasing customers where they can. The problem is that executives surveyed aren’t confident in their ability to detect fraud or to verify identities passively.
“Not surprisingly,” the report states, “pragmatic business executives focus on what they can control. In a climate where businesses aren’t very confident in their ability to address the ever-moving target of fraud detection, they choose instead to focus on happy customers as simply a cost of doing business. In other words, many businesses prioritize convenience over security and have come to terms with acceptable levels of losses.”
The survey found 67% of businesses surveyed believe the cost of enabling a fraudulent transaction is higher than business lost because a legitimate transaction was declined..
Yet the latter is a concern. “69% are also concerned with the number of incorrectly declined customer transactions from overzealous fraud detection,” the report says. “That concern likely stems from the possibility of lost revenue, lost potential new customers, and a compromised experience for existing customers.”
Seeking for alternatives
The survey found that just over half of businesses surveyed felt only “somewhat confident” in their ability to detect fraudulent activity. Fraud is seen as a moving target that is difficult to keep up with. Criminals can adopt new techniques while providers work to keep up.
Overall, 75% of businesses say they would be interested in more advanced security measures and authentication techniques. However, there is a weighing of costs against benefits, even as the anti-fraud advantages of artificial intelligence and other less-intrusive means of authentication become increasingly available.
“The ability to more precisely identify the customer (versus detecting the fraud) will drive revenue,” the report states. However, it continues, there is concern that “the costs associated with more modern fraud detection would offset any gains from the incremental transactions.”