Secure: what consumers really want
When it comes to the Internet, mobile or not, you hear the word "secure" frequently these days. There are many concepts that are presented as directly related to security - verified, authenticated, trusted, protected, encrypted and so on. Yet, none of them
address the true expectations of a consumer in that respect.
At TEDIPAY, we considered several angles of security. Eventually, we resisted the temptation to use industry cliches (although full description still includes the words which both our business partners and our target audience expect to hear) and defined our
value proposition, with regard to security, in one simple phrase - peace of mind.
To understand why we chose that definition, one needs to look at the etymology of "secure" - it comes from Latin securus which means "without care or concern" (interestingly, the word cura - "trouble, concern" - predates "secure"
by 200 years). And that's exactly what a consumer expects a "secure" solution to be - carefree, simple, convenient, ubiquitous. The rest should remain behind the scenes: if you need an effort to achieve security, you don't have it.
Consider the following example: we all protect our homes mainly with the mechanical locks (alarms, cameras etc are secondary measures). Is that the most reliable way to prevent someone from breaking into a property? Not at all - an intruder can easily enter
through a window. Can the keys be lost, stolen or copied? Easily. Yet, we all feel secure when we lock our front door, whether we stay inside or go away.
The main barriers to achieving security - from the perspective of "peace of mind" - are complexity and uncertainty. That is especially true with the Internet: whether we access online banking or make a payment, from a computer
or a mobile phone, we have no control over what happens after we click that "Go" button. Most importantly, we are not aware if someone gains unauthorized access to our online "assets". On average, people realise they lost a mobile phone within
15 minute (some research even suggests it is 5 minutes for a mobile phone and 40 minutes for a wallet). Yet, when our online banking accounts are hacked or
our credit cards are fraudulently used, we are not aware of the fact for days or even weeks.
The solution to that problem is simple: give consumers a "key" to their online "front door", and place it on the keyring. Then pair that "key" with a mobile phone to give consumers full flexible control over access to their online assets. If the phone is lost
or stolen, it won't open the "front door" without the "key". If the "key" is lost or stolen, it is useless without the paired phone. If one was unfortunate (or careless) to lose both, the "front door" still cannot be unlocked without the PIN. Every opening
of the "front door" (i.e. every access and every transaction) is fully controlled by the consumer. Piece of cake. Peace of mind.
The technical term for such a solution is "two-factor out-of-band authentication using a trusted element", and the closest analogy is "chip-n-PIN" card which most of us are familiar with (but which doesn't provide the convenience of a mobile phone interface).
Why leave your front door wide open?