In the past, ease of use and security may have sometimes been viewed as a trade-off, but recent trends make it more important than ever to change this thinking. Niklas Bergvall, head of mobile identity solutions at HGC Global Communications, talks about this transition and how the tools of today mean product managers don’t have to compromise on one or the other.
In today’s world, product managers are measured on a lot of things, and are being tasked to balance conflicting requirements. One of the balances that needs to be struck is the one between ease of use and security. At HGC Global Communications, when discussing this with our clients, they often quote this as a particularly difficult balance to strike, so let’s look a bit closer at this issue.
Ease of use is intuitively important, given that we all have experience as users of various services. We can immediately tell when an application or service is following a logical, simple and reasonable set-up journey, as well as subsequent log-in journeys.
From a product manager’s perspective, we are looking to convert all genuine users interested in a service. At the same time, we are trying to make sure we know enough about those users to deliver the service while complying with applicable regulation such as Know Your Customer and data privacy rules like the General Data Protection Regulation (GDPR).
Security is also intuitively important to users, as no one wants others to access their email account and healthcare records, make a bank transfer or transact on their credit card. Services that suffer breaches and subsequent loss of reputation will struggle to retain users, as well as attract new ones.
Product managers need to balance the hassle factor of all checks and the time it takes for a user to set up an account or carry out a transaction with the delivery of a secure service.
Trade-off?
Although the need to balance ease of use with security may seem like a trade-off, a couple of recent trends mean that nowadays this both needs to be and can be looked at in a fresh way.
First, it may be that users in the past have prioritised ease of use at the expense of almost everything else, including security, but this is no longer the case. As identity theft and online fraud have reached new heights during the pandemic, users have learnt the hard way that security is a critical feature, and it is now part of their selection criteria. This implies that there is no longer a choice for service providers between security and ease of use, but instead both are crucial.
Second, in today’s ecosystems, security no longer needs to make the user journey more difficult. That is because so much information is available through APIs, and can be collected or verified without inconveniencing the user or extending the processing time.
As an example, many service providers are cross-checking user information with credit-referencing agencies in real time to process loan applications. This means that the checks can be done without the user being asked to do more things or experience delays. It is therefore possible to deliver additional security without impacting ease of use.
HGC’s approach
HGC has been providing the transport layer via SMS for one-time-passwords (OTPs) for many years across the globe. Through our extensive network of mobile network operators (MNOs), we are now exposing mobile subscriber data for service providers via our API. We call these services Mobile Intelligence, all of which are provided with privacy by design and in compliance with privacy regulations such as GDPR.
We are investing in this space because we expect service providers to continue to iterate on ease of use and security for the foreseeable future. One way for service providers to add security is to use multiple data sources to corroborate information and reduce risk.
A few examples of the kind of Mobile Intelligence data from MNOs that we are delivering include:
Time of last SIM change: service providers use this data to assess, for instance, whether a recent change increases the risk of account takeover or other fraudulent use.
Assessing whether a device is roaming abroad: service providers use this to assess if a credit card transaction is likely to be genuine, such as whether the user’s mobile is abroad at the same time a credit card is used abroad.
Subscriber name and address match: service providers use this to improve data capture, as well as to prevent fraudulent accounts being created.
Verify MSISDN: service providers use this to enable two-factor authentication without inconveniencing mobile users with an OTP process.
Via HGC, service providers can interrogate MNOs around the world through one API. We are excited to be operating in this space and helping service providers to build even better services, while aiding them in raising the bar on security without adding user complexity. We look forward to working with our clients as we explore the many areas in which Mobile Intelligence data can aid greater conversion and loyalty whilst reducing business risk.