Skip to main content

Building security into the customer experience

Companies need to secure their digital channels against malicious attackers—without creating a negative experience for their customers.

Before the coronavirus pandemic, online business interactions were as least as common as in-person interactions. Since the outbreak, they have become the norm. As companies prepare for postpandemic operations, many business leaders are thinking about the shape of the “new normal.” One thing they can agree on is that the quality of the online customer experience will matter more than ever.

To meet demand, companies continue to expand their consumer-facing platforms. But consumers do not always enjoy the time they spend on them. Whether they are paying utility bills, ordering gro­ceries, or keeping telehealth appointments, they have struggled with cumbersome and frustrating digital-authentication requirements. Much of their dissatisfaction stems from levels of complexity that companies have introduced to thwart cyberthreats. Yet those threats have if anything increased.

For these reasons, leading companies are stepping back to think about designing a secure customer journey—that is, a relatively engaging online and mobile experience for legitimate users that is also safe from cyberattacks and fraudsters. This is a worthwhile effort because the constituent programs and controls, including those for consumer-identity and access management (CIAM), have significant business implications.

The importance of consumer identity and access management

The importance of a secure customer journey has grown, along with the rising investments companies are making in digital business and online customer engagement. Most organizations have seen the num­ber of customer accounts and the associated data sets proliferate—including those in industries, such as consumer packaged goods, that have not had large customer-facing digital channels.

The growth of the digital channel has also expanded the domain for cybercrime. Malicious actors have more opportunities to commit fraud or take over accounts, exploiting vulnerabilities associated with consumer-identity and access-management controls. Customers, meanwhile, expect an easier digital experience, including fast authentication and log-in, as well as seamless web and mobile interactivity. Companies able to offer all this while maintaining strong security standards will gain customer loyalty. An experience-driven secure journey can even become a competitive advantage.

Meanwhile, regulators are pressing organizations to secure the customer journey and to give more data privacy and flexibility in terminating accounts. Many organizations collect and use customer data to offer personalized digital experiences, but they have not taken effective measures to prevent the risks that data breaches pose to their customers’ privacy.

Consumers also expect options to manage data-privacy settings and to have the data associated with their identities expunged by companies that hold them. New legislation will impose escalating penal­ties on companies that fail to gain user consent to collect and process data at nearly all stages of digital transactions. Current CIAM architecture may not readily accommodate such data-privacy requirements, so companies will have to make adjustments. Many still struggle with the existing requirements of the General Data Protection Regulation (GDPR). Now they will also have to address the new legislation, which further strengthens consumer protections. Customers, for example, will be able to refuse cookies that track behavior, avoid digital marketing unless they opt in, and file “right to be forgotten” requests.

Companies are essentially being asked to improve and adapt digital channels in several ways—to meet regulatory demands, to fulfill consumer expectations, and to ensure security and resilience against cyberattacks. The enabler will be the secure customer journey.

Five steps to create the secure customer journey

From discussions with leading companies, we have identified five steps that will create a best-in-class secure customer journey.

  1. Compose “personas” and design appropriate customer journeys.
  2. Select and apply CIAM controls for prioritized journeys.
  3. Strike a reasonable balance between security and the customer experience.
  4. Integrate design principles within the broader architecture.
  5. Use strong governance mechanisms to support the secure customer journey.

1. Compose personas and design appropriate customer journeys

To design a best-in-class secure customer journey, organizations must understand consumers’ paths of engagement for receiving products and services. This understanding is expressed as well-defined consumer personas, each with its own assigned characteristics, behavior, attitudes, and pain points (Exhibit 1). The steps those users take are mapped, whether they are logging in to a healthcare portal to book an appointment, submitting an insurance claim, or reviewing a credit-card bill and submitting a payment.

We strive to provide individuals with disabilities equal access to our website. If you would like information about this content we will be happy to work with you. Please email us at: McKinsey_Website_Accessibility@mckinsey.com

The catalog of user personas and journeys should be comprehensive enough to cover nearly all likely actual users and activities. User personas are designed to be representative of the different segments comprising the organization’s customer base. They are sometimes represented as a fictional individual, such as “Maria, a member of a health-insurance plan”; alternatively, they might be labeled by role (“insurance agent”) or entity (“third-party vendor providing detailed data analytics using the organization’s data”). Similarly, a comprehensive set of user actions—selecting a provider, submitting a claim, paying a bill—ensures the degree of nuance needed to reveal pain points and to design controls that avoid them.

Once the user personas and their corresponding transactions have been shaped, they can be mapped to the secure-journey life cycle: the totality of activities associated with the customer account. It underlies all transactions, regardless of industry. The secure-journey life cycle includes user registration; user life-cycle management, including username and password recall and reset; changes to user-account settings, such as multifactor authentication (MFA) preferences; user deprovision­ing and account deactivation; user-account reactivation; and account termination.

The integration of the secure-journey life cycle with user personas and transactions helps organizations identify everything that might require additional controls. It also ensures appropriate trade-offs among convenience, experience, and security for each user segment.

2. Select and apply CIAM controls for prioritized journeys

Strong CIAM controls are used across the secure-journey life cycle to reduce risk from cyberattacks. To combat fraud and prevent accounts from being taken over, identity-proofing (validating the identity of the user) and multifactor authentication have become standard controls during user registration and log-in. Organizations may take different approaches to implementing controls through the secure-journey life cycle, however, depending on their risk appetite, recent incidents, and the desired customer experience.

To prioritize controls, companies should determine their most important sources of risk. A bank concerned with a spike in fraudulent accounts, for example, may focus on controlling user registration by applying strong identity-proofing controls when accounts are created and for certain transactions. Leading organizations have made these decisions by mapping “attacker journeys,” much as they map user journeys: they imagine how a malicious actor might exploit a system’s weaknesses and then solve for needed new controls (Exhibit 2).

We strive to provide individuals with disabilities equal access to our website. If you would like information about this content we will be happy to work with you. Please email us at: McKinsey_Website_Accessibility@mckinsey.com

Collaboration between business and cybersecurity teams can alleviate customer pain points related to the complexity of controls. Customer feedback can help organizations design controls thoughtfully. To reduce friction from rigid multifactor-authorization requirements, for example, customers could be allowed to choose their preferred multifactor method from a list of options. A customer-sensitive, risk-based approach to the selection and application of controls through the secure-journey life cycle will not only improve security but also support a positive customer experience.

3. Strike a reasonable balance between security and experience

When designing the secure journey, organizations will have to make trade-offs between security and the customer experience. If they achieve the right balance, users will be offered a seamless journey—creating greater business opportunity—while the risk from exploitative attackers will fall significantly.

Here are some sample trade-off considerations (a fuller list is given in Exhibit 3):

  • What level of consumer flexibility is appropriate for multifactor authentication? Customers might want fully customizable authentication, and their choices may gravitate toward less secure options, such as email-based links or text-message codes.
  • How often should users have to reauthenticate after logging in? Reauthentication provides stronger security by repeatedly requiring accounts to be verified. When this is required for each transaction (such as log-in, bill payment, and rewards-portal access), customers can become discouraged and leave the site.
  • For how long should user devices be recognized? Long recognition times increase the risk of account takeovers, especially if a device is lost or stolen. Friction could arise, however, if users are asked to complete the full authentication process for each session.
We strive to provide individuals with disabilities equal access to our website. If you would like information about this content we will be happy to work with you. Please email us at: McKinsey_Website_Accessibility@mckinsey.com
We strive to provide individuals with disabilities equal access to our website. If you would like information about this content we will be happy to work with you. Please email us at: McKinsey_Website_Accessibility@mckinsey.com

Every organization will need to balance its risk appetite, known customer pain points, and the desired experience across the secure-journey life cycle. A defined perspective on each of these trade-offs ensures effective decision making.

4. Integrate design principles within the broader architecture

Optimally designed secure customer journeys use architecture that is both flexible (dynamic on the back end) and conducive to new business value. Three design elements aid this process: centralized entity management, seamless cross-platform customer authentication, and speedy authentication.

Centralized entity management. This structure enables companies to use a single ID and set of credentials for each customer, valid across all consumer-facing digital engagement channels. This approach improves security: each customer’s data are correlated with a single account, making it easier for the company to identify anomalous behavior. The customer experience is also enhanced, since customers have to recall relatively few credentials to perform the desired transactions. Companies can also respond more quickly to customer-initiated data-privacy requests, as each customer has their own identifier. This structure also creates business value, as all pertinent data are correlated with the originating ID, irrespective of channel. That increases opportunities to offer tailored customer services or behavior-based recommendations.

Seamless cross-platform customer authentication. A single standardized log-in for all channels reduces friction for the customer. The experience of the brand’s entire digital presence is thus an integral one. From an architectural standpoint, organizations can make any needed modifications (such as sunsetting a legacy system or adding or removing a vendor) easily and quickly.

Speedy authentication. Rapid movement through authentication is desirable for customers and organizations alike. Architecturally, this means offer­ing controls suited to existing customer behavior, potentially including biometrics or pattern-based authentication for mobile applications. To improve the customer experience, the design should also permit the effective layering of controls, such as identity-proofing and multifactor authentication. MFA, for example, might be triggered only after certain thresholds have been reached, rather than for each transaction the user undertakes during a session.

5. Support the secure customer journey with strong governance

Strong governance is an integral part of the best-in-class approach to the secure customer journey. This means that an organization clearly defines the scope and activities of the secure-journey program, aligns on participation and decision-making responsibilities, and develops the means to measure the program’s success. Governance bodies should bring together interested parties from the executive leadership, cybersecurity, and the business to ensure that feedback is accurately reflected in a timely manner.

Getting there

The constituent parts of this approach—the full user journey, as well as authentication, governance, and technology—can be designed rapidly by a team drawn from top management, business leaders, and security specialists. The groundwork for the design includes a technology review and consumer research. The supporting technical requirements need to be determined and decisions made about using in-house or vendor-based technology. On the consumer side, the user population needs to be identified and segmented, with pain points isolated so that the personas and their activities can be mapped. Organizations can then make an inventory of existing and potentially relevant controls, prioritizing them according to decisions to balance the customer experience with security. Finally, the technical details can be specified, including underlying data-flow diagrams, technical-process flows, and customer-experience design elements.

In parallel with the design process, a governance committee should meet regularly to review progress, make necessary decisions, and begin developing performance metrics. Collaboration between business and technical people on each aspect of the secure-journey design and governance process will help ensure that the program creates a strong customer experience, without compromising security.


As the complexity of the digital economy grows and companies expand their digital footprint, the need for an optimal customer experience within the secure customer journey will only grow. The five-part approach we suggest will help companies strike the right balance between the digital experience and digital security across the customer journey—to increase customer satisfaction and business opportunities alike.

About the author(s)

Tucker Bailey and David Ware are partners in McKinsey’s Washington, DC, office; Rich Isenberg is a partner in the Atlanta office; and Charlie Lewis is an associate partner in the Stamford office.

The authors wish to thank McKinsey alumnus Celina Stewart for her contribution to this article.


This article was edited by Richard Bucci, a senior editor in the New York office.

Related Articles