Skip to main content

Build mutual trust: Beyond compliance

In this Step 4 of our 4-part series called Beyond Compliance, we look at building trust between businesses and their customers.

Building mutual trust

On the topic of building trust between businesses and their customers, we couldn’t think of anyone better than John Erik Setsaas to address the subject. John Erik, VP of Identity and Innovation at Signicat, has spoken and written about this topic many times and is a strong believer that the way that authentication and identity technology is applied can help to build mutual trust—or destroy it.

Encap Security was acquired by Signicat in June 2021, but our relationship goes back a decade. We share the same values and outlook on the importance of the best customer experience across the full customer journey—right from the very beginning.

The interactions that customers make with their apps, the cycle of engagement through transaction, has the potential to be a virtuous circle: The more customers engage with and use a mobile app, the more likely they are to trust it. And the greater the trust, the more in turn they are likely to transact and take action.

But building this trust and creating this virtuous circle is far from easy, especially overcoming the very first hurdle. Sensible consumers are cautious of online and mobile channels—-government awareness campaigns on the risk of phishing, stories shared in the media and word of mouth all mean that the public is more guarded than ever. The shift to online and mobile, accelerated by the pandemic, has only increased the number of attempted attacks, and the regularity of scam calls and texts is making everyone wary of online transactions.

Official advice is to always be cautious. And this makes it hard to engage in the first place.

The trust paradox

One of the biggest problems that businesses face is that driving engagement and driving trust can be in opposition. Service providers face a paradox:

  • Friction helps to build trust. If a customer is required to provide additional security details – e.g. use biometrics, a PIN, liveness checks or a one-time-password – they will have a little more faith that what they are doing is secure.
  • However, every additional piece of friction means that consumers are less likely to complete their transaction, especially if it involves some form of context switching.

Context is everything. A small payment or a regular interaction should require minimal friction. No consumer wants to be challenged about something they do every week at the same place, such as filling up on gas or buying weekly groceries.

But if a customer was to encounter the same amount of friction when, for example, making a big transfer from their savings account or moving mortgage providers, there is a good chance that a lack of trust will lead them to abandon the transaction—or in some cases move to another provider.

Friction can be positive—that is, just enough friction to increase trust without losing engagement.

The key is finding exactly the right level of friction that will mean customers will trust everything is working as it should, without adversely affecting engagement. There is no simple universal solution—it will depend on the customer and the use case. For example, eSignatures are used to make a commitment, often a big one. As such, a customer would expect and very likely prefer there to be some friction before they sign on the digital line.

The grit that makes the pearl

Oysters are known for producing valuable pearls, but they only do so to defend against irritants that get inside the shell. Pearl farming is only possible thanks to introducing a little bit of grit to produce the pearl.

Interactions with customers can work in a similar way. Introduce a little bit of grit (friction), and it’s possible to produce a pearl of trust. This friction may not be 100% necessary but can be incredibly valuable in building trust with the customer.

As an example, a customer may have already provided authentication credentials for a mobile session involving a big transaction. The business already knows who they are to a good level of certainty. A simple “yes to proceed” confirmation screen has the potential to erode trust, while demanding a fingerprint for confirmation may increase trust. There is a sense of security, that your data is being protected.

Ultimately, the aim is for a customer to trust that when they are within a certain domain, whether that’s an app or a website, they can trust what’s happening completely. A little bit of friction, where appropriate, can increase trust without negatively affecting engagement–people will expect it with high-value transactions.

"The risk of a transaction is not something that exists in the consumer’s mind alone. It’s very real. Fraudsters do not, in general, waste their time with small transactions. They want to empty accounts as soon as they can."

John Erik Setsaas

Risk and trust

Of course, the risk of a transaction is not something that exists in the consumer’s mind alone. It’s very real. Fraudsters do not, in general, waste their time with small transactions. They want to empty accounts as soon as they can.

The future of authentication is risk-based. That is, the authentication methods used to approve any transaction should reflect the transaction taking place. Information is available through smart devices, from the obvious (e.g. location) to the more exotic (e.g. behaviour analysis) that can confirm that the person making a transaction is who they say they are. Changes to regular patterns, such as time of day, amount being paid, or the type of device used, can also raise some flags and lead to a little more friction.

If a transaction does require a higher level of authentication such as biometrics or a PIN, because the transaction carries a greater level of risk or there is doubt over the user identity, this can be requested. There will still be a little friction and, if this is done correctly, the consumer will be reassured by the extra steps taken. That little pearl of trust will increase in size just a little.

Overall the goal remains making transactions as easy as possible, and only requiring friction when absolutely necessary. It’s important to remember what authentication should be moving away from—the username and password model is high friction but engenders very little trust.