SAFE & SIMPLE: CAN UX DESIGN PROTECT US FROM HACKERS?
Digitalization has made some things in life simpler, but not security.
A joint-press release by MasterCard & Microsoft, who have recently launched a collaboration over online payments and identification, said:
“Currently, verifying your identity online… places a huge burden on individuals, who have to successfully remember hundreds of passwords for various identities and are increasingly being subjected to more complexity in proving their identity and managing their data.”
Beyond being inconvenient, this complexity is proving positively dangerous – and yet, neither brands nor consumers seem capable of tackling the problem.
Today’s consumer has little patience for the faff of multi-device, multi-interface, multi-page verification processes, thumbing codes into cumbersome mobile keyboards and endless password resets.
Businesses, meanwhile, are still figuring out how to profit from customer data, and the scale and costs of data hacks are escalating. The Marriot-Starwood breach this year was the second-largest in history, with 500m customers affected The largest-ever attack – on all 3bn Yahoo accounts – ended up costing $47m in litigation expenses.
More worryingly, a trend towards card-not-present transactions, and a general, deepening dependence on our digital identities, leaves consumers ever more exposed to crime.
If simpler security protocols do not become widespread, consumers and merchants alike may sleepwalk into cybercriminals’ hands.
Horses to water
Consumers are cybersecurity-conscious, but disinterested in managing the risks.
PwC’s 2017 Protect.me survey found that “87% of consumers say they will take their business elsewhere if they don’t trust a company is handling their data responsibly”.
“Almost one in five people has faced an account hacking attempt but … only a third create new passwords for different online accounts and a worrying one-in-10 people use the same password for all their online accounts.”
A lack of understanding seems to be an issue.
Two Indiana University academics surveyed 500 American adults to understand why two-factor authentication – theoretically, a fairly effective security protocol – is not more popular.
Most consumers, apparently, simply didn’t see the urgency.
One of the researchers said of the participants, “We got a lot of, ‘My password is great. My password is plenty long enough.’”
Even Adam Cooper, who helped set up Verify, the UK government’s online identity system, confessed of his experience of online security processes that “I am baffled most of the time. I just click OK.”
This shows that if we are to work towards a more cyber-secure world, consumers are unlikely to be much help.