Main

June 06, 2008

Market Segmentation of your consumers needs to include security

As a marketer and a security professional, I think I am well placed to make a comment on an area I think this blog will repeatedly come back to.

Segmentation.

Now in marketing terms segmentation refers to finding similarities between members of your existing or targeted market and tailoring the offering to them to ensure you attract and retain the highest number of profitable customers possible.

It seems that the fraudsters have been doing the same:

http://www.theregister.co.uk/2008/05/28/id_fraud_trends/

Now no-one will be surprised to see this of course, especially if you are a security professional.

In fact you probably do "Segmentation" in a way when you assess the risk of fraud for particular systems or customer groups, tailoring the security to where the need is.

So I would suggest if you are a security professional reading this to think about two things.

1) Who within my customer base NEEDS the most security when they are accessing their account?

2) Who within my customer base WANTS more security when they are accessing their account?

As the recent survey from Abbey (Part of Santander banking group) in the UK that said 67% of their customers don't want added security, what about the other 33% that do WANT it? They will be more loyal customers if you are giving them additional benefit.

What percentage of those 100% are high net worth individuals who NEED additional security?

Posted by Mike Davies at 10:35 AM | | Comments (0) | TrackBacks (0)

May 30, 2008

Faster Payments in the UK

Lots of newsfeeds this week talking about the move to faster payments in the UK and the welcome news that consumers (and business) will not have to wait up to 3 days for money to transfer between accounts.


The Issue this raises is that the consumers accounts that have been compromised and are in fact being used for fraudulent transactions have to be detected faster (i.e. before they had 3 days foe the transaction to complete).

This gives the banks in the UK a big challenge to make extra sure that the consumer logging into the account is actually who they say they are.

My take is that risk based authentication can help in this area, looking at the nature of the consumers log in (i.e. have they logged in from this machine before, from this geolocation, is this there usual log in behaviour?) along with two factor authentication.

The bottom line is the UK banks have put a lot of work into making sure fraud does not shoot up with faster payments, I just hope that they are successful!


Posted by Mike Davies at 10:36 AM | | Comments (0) | TrackBacks (0)

March 25, 2008

Consumer authentication - An online organisation's view vs their customer's view

So this post is aimed at pointing out something that affects every online organisation who has account based relationships. I believe there is a disconnect between what the sites think their consumers want and what they actually want...anyway, here goes...


When looking at consumer authentication for online accounts there are three things an organisation usually considers:


Security: How much security should I apply to protect that account?

Cost: How much can I afford to spend to prevent accounts being taken over?

Usability: How can I minimise the impact on the consumer?


This diagram summarises the debate form an online organisations point of view:
Diagram 1.jpg
As you can see the online bank might take security as the primary consideration. I am not saying they would not be concerned about cost or usability, just that they would likely put security first.


An online social networking site might look at it differently. The account is unlikely to be targeted by a fraudster so security is not the biggest concern, instead because their business model means they are effectively giving the service away for free the social networking site will probably be more worried about cost.


Similarly, the online retailer would probably worry most about usability for the consumer, reasoning that the more "clicks" that a consumer has to make the more unlikely they are to make it to the checkout basket.


These are generalisations and as such are generally true but not every consumer thinks the way an online organisation does.

Some consumers who go to online social networking sites are worried about security.


Some online banking customers are more worried about the usability than the security


Some online retailing customers are happy to sacrifice an element of usability for more security...you get the picture.


So how do consumers actually think? Well this diagram summarises the debate from a consumer's point of view:
Diagram 2.jpg
If online organisations approach their consumer relationships from their own viewpoint they are not servicing all their customer needs. By offering security to those that want it, and not mandating it for everyone, they will be making their online relationships stronger and more profitable.


Posted by Mike Davies at 01:32 PM | | Comments (0) | TrackBacks (0)