Cyber Safeguard Faces Big Hurdle
Two-factor authentication would make online transactions more secure, but there are issues on both the consumer and business sides.
Opinions expressed by Entrepreneur contributors are their own.
Cybercriminal activity is showing us that online security has the power to make or break a company. Following the massive media attention of Heartbleed, consumers are becoming hyper aware of their residual online trail and are increasingly demanding more secure online solutions such as two-factor authentication (2FA).
Take Target -- a prime example of what can happen when security isn't already implemented or at the very top of the corporate "to-do" pile. The mega retailer simultaneously lost millions in damages, said goodbye to their CEO and severely compromised their reputation and consumer trust. The hack exposed roughly 70 million customer credit cards, and recent reports cite that online sales have slowed and likely won't meet upcoming forecasts.
Target can bounce back, but it will be a long road and require a lot of trust rebuilding for the brand. For new companies with unguarded online presences, vulnerable brand recognition and limited resources, experiencing any sort of security breach would cause irreparable and possibly irreversible damage.
Gone are the days when entrepreneurs could rely solely on innovation to power their online aspiration. The new rules of a successful launch look like this: "1: Create a million-dollar idea. 2: Launch online security measures to protect priority 1."
Busting the security myth. A common misconception about online security solutions is that they wind up hindering the user-experience by adding additional hoops for the user to jump through. But while an additional step is involved, solutions like two-factor authentication are actually proving to add some swagger to overall customer experience.
When users opt-in for 2FA, following their username and password login, a second, temporary password is required to verify their identity.
The secondary password can be delivered in multiple ways, the most popular being via text message. SMS-based 2FA, as its known, is emerging as the verification method of choice for many security conscious organizations due to its trifecta of benefits: it's user-friendly, cost effective to integrate and use and it provides a high level of security.
A recent Ponemon study said 68 percent of North American organizations agree there's a need for more secure authentication methods over the traditional username and password method. As an alternative, nearly half of IT professionals surveyed (46 percent) plan to extend the usage of SMS-based 2FA in 2014 for identity verification and activation of online services.
The devil is in the details. Security problem solved, right? Not so fast -- while 2FA via SMS is the most recognizable and easiest to use, companies integrating security are at a crossroads with their end-users when it comes to the actual rollout.
Given our exposed online landscape, it's been found that consumers are largely unwilling to share their mobile number with online service providers -- even if it's in exchange for security. Considering their mobile number to be a personal identifier and valuable information, a YouGov survey found that only 11 percent of U.S. consumers would be willing to share their mobile number to add extra security to their social media accounts.
Adding to the list of deployment challenges, another issue emerging with SMS-based 2FA is failed delivery of those SMS messages. The same Ponemon survey found that a majority of North American organizations cite that:
- Eleven to 20 percent of verification passwords sent via SMS message fail to be delivered to the end-user's mobile device.
- Of those, 48 percent failed because an invalid mobile number was entered by the end-user.
In summary, there are two big problems: first, precious funds get squandered on the cost of sending text messages that never arrive to their intended destination. Secondly, a fledgling reputation is called into question because it appears to the end-user that the company didn't hold up their end of the bargain.
How to break the stalemate. With technical deployment issues on one side and sensitivities from their customer base on the other, how can online startups succeed with security on their services?
Like a good epoxy, it's a two-part plan: companies have to be up-front and transparent with their users on how they're handling online security and why a mobile number is a critical ingredient to securing end-user account and personal information. Second, consumers have to do their part and get educated on the security process, inducing them to opt-in for 2FA offered by favorite apps, sites and social networks they subscribe to.
Business leaders need real-time visibility in the form of verification tools that validate mobile numbers. With the right tools in place, companies can instantly notify users if they've entered an inaccurate mobile number, saving on the cost of text messaging fees and eliminating the possibility of incomplete authentication.
Currently, only 6 percent of Ponemon survey respondent use enhanced verification tools, and all of them reported improved customer satisfaction, reduced customer support costs and higher conversion rates.
As the most active year for cyber-criminal activity, according to Verizon's Data Breach Investigations Report, 2013 has made us all too aware of our susceptibility to security breaches. It's no longer acceptable for online organizations to ignore or push off security measures to protect their customers' information.
In fact, it's not off-base to predict security provisions will soon become a decision-making consideration for consumers when making online purchases. Smart entrepreneurs preparing to launch online services should be making security a high priority when developing their go-to market strategy. Ultimately, their survival and way forward could depend on it.