Customer IAM: Driving the digital ‘high street’ forward

digital high streetThe UK high street has been struggling for some time now. Maplin, Toys R Us and New Look went into administration in 2018, and 2019 told a similar story with other big-name brands suffering the same fate. COVID-19 has only accelerated this decline.

However, recent years have also witnessed the rise of online retail, and through the pandemic, many have come to appreciate the convenience and cost savings afforded by e-stores. These shifting consumer shopping habits are likely to remain long after the pandemic is over. As a result, many traditional high street retailers have now moved into the digital world.

But what does the more digital ‘high street’ mean for shoppers, for the retailer and for cybersecurity?

A customer-centric approach

For the past 25 years, most companies have focused the bulk of their identity and access management (IAM) investments on authentication and access within their organisations. Now, businesses need to broaden the scope of IAM to include customers, too.

The business problem is that, traditionally, retailers could hook the customer through interaction and customer service — physically engaging them in the store to sell their product. This hook may still be possible, allowing retailers to get the customer through the virtual front door.

But how does the retailer directly engage the customer, especially in a world where it is even easier to leave if the customer did not immediately find what they are looking for? If the user experience is poor, they will leave. If the site is not fast and dynamic, they are likely to look elsewhere. On top of that, the retailer needs to worry about protecting the customer with a wide range of attacks taking place, including credential stuffing, spear-phishing, diversion, transaction and identity fraud.

Customer identity and access management (CIAM) solutions enable organisations to capture and manage customer identity and profile data securely and control customer access to services and applications. These days, most large enterprises are utilising CIAM in some way — but given the ascendance of online retail, many smaller businesses will soon follow suit.

When interacting with companies online, customers want two simple things: a great user experience and to know that their data is safe. CIAM helps organisations meet both these demands — acting as the first ‘touch point’ and providing businesses with a public gateway to secure external engagement.

Robust CIAM solutions use a combination of features to minimise friction and entice engagement. Key features include social logins, integrated and targeted personalisation to aid direct marketing and context-based authentication to improve security and the customer experience by offering ‘frictionless’ shopping. An effective CIAM solution will also provide better self-service administration — changing information and rights management within GDPR — and an omnichannel experience that allows users to start in one channel, such as the web, and conclude in another (a call centre, perhaps) without beginning again.

If the CIAM services such as registration and login are not deemed to provide a responsive, intuitive and positive experience, customers and prospects may be lost forever. A properly executed CIAM program, on the other hand, can help establish trust and build lifetime digital customer relationships, which are crucial to online business success.

Supporting the customer lifecycle

When implementing a CIAM program, companies should start by focusing on the customer experience and the evolution of this experience throughout the customer lifecycle. This lifecycle starts with onboarding and registration, which must be a frictionless experience supported by an attractive and fully optimised user interface. The easier and faster this process is for your customer, the better.

Throughout the digital relationship, customer profile information will naturally evolve as more and more data is amassed (also known as progressive profiling). The idea is to start small with minimal user information initially, not scare off prospective customers and then continue to update customer profiles with more contextually relevant data through the lifecycle. The degree of required proof of identity (identity vetting) will also progress over time, depending on where the user is in the lifecycle and the relevant security and risk management policies.

Due to increasingly strict data and privacy regulations, robust security and privacy controls should also be prerequisites for any CIAM program. Customers expect some control over their data, so trust must be established with customer profile management options and the proper data security, consent and privacy protection.

Given the growing popularity of cloud-first strategies in engaging external users, modern CIAM-centric services should also seamlessly integrate customer identity across multi-cloud and hybrid environments.

Prepared for scalability and performance

As the high street continues to move online, more and more retailers will need to use CIAM programs to support their sales and marketing objectives and establish, maintain and enhance digital relationships. Through CIAM, companies can deliver personalised customer offerings and make better business decisions based on a steady flow of contextual information generated by progressive profiling.

Scalability and performance will be vital here. To ensure a positive customer engagement process, the CIAM must handle millions of users across multiple channels with no perceived performance degradation. Get this right, and organisations will be able to build a strong digital presence and drive business results; get it wrong, and they will sacrifice their competitive advantage and lose on the digital high street.


By Richard Menear, CEO, Burning Tree