Blog - swIDch

How does CIAM protect your customer's account information?

Written by Admin | Aug 19 2021

Social media hacking occurs day by day. The hackers who obtain social media account information deliberately forge posts, claim money by impersonating account owners, and threaten to expose privacy by stealing cloud storage information.

The responsibility for incidents shouldn't be only down to account owners. Social media service providers are also responsible for managing customer account information and personal information in safety. Even if any user is connected with a normal ID and password, in the case that multiple account login attempts occur from the same IP, it should be judged as an illegal login and action taken.

After logging in, if a user moves through multiple pages abnormally and quickly, or moves services in a different order from the normal procedure, social media service providers should suspect it as abnormal access. In addition, they must double check when a user shows a pattern different from the usual customer activity or when it is determined that the login and behaviour conditions are not normal.

It is necessary to establish various technical countermeasures and delicate processes so that their customers can safely protect their social media account information. Applying safe means to replace passwords, such as biometric authentication, and strengthening the account access with multi-factor authentication are certainly notable changes.

The emergence of CIAM is inevitable

People are using more and more applications and want to use them without the cumbersome authentication process. Customers refuse to use long, complex alphanumeric passwords. Instead, they request simple access not only to their email account and social media, but also various services such as finance, e-commerce, online games, over the top (OTT), and even business applications. Therefore, an alternative access method should authenticate easily with biometrics or PIN, and allow use of other services without additional authentication once you log in.

You cannot prevent customers from turning their heads away from your products or services, if you demand a safe but inconvenient log-in process. This is why customer identity and access management (CIAM) emerged. CIAM can safely protect customer account information while ensuring authentication convenience.

CIAM is different from integrated account access management (IAM) used by enterprise. Forrester defines CIAM as:

CIAM is a collection of tools and processes that provide: 1) security (registration, authentication, authorization, and self-service) core functionality identity and access management and 2) integration and workflows with marketing management, portals, CRM, master data management (MDM), business intelligence (BI), security analytics (SA), and other nonsecurity solutions for managing customers across all channels, including web, mobile app, phone, kiosk, mail, and in person.

In other words, CIAM manages customer accounts and blocks abnormal access attempts, while providing compliance by region and country, analysis on service effectiveness, and various customised services.

Pay attention to user experience improvements

The core function of CIAM is user authentication and access management. It allows a user access only after confirming that a user accesses the service within the given authority at his own will, under normal circumstances. It monitors whether abnormal behavior occurs even after accessing the service and strengthens identity verification by requesting additional authentication when accessing sensitive information or performing important tasks such as financial transactions. Additional authentications include OTP, SMS/SNS authentication, ARS authentication, and biometric authentication.

Compliance should never be overlooked when deploying CIAM. Customer information must be collected, stored, and managed in accordance with regulatory requirements according to region, country, and industry. In addition, the history of customer information usage must be saved. To meet the compliance, organisations should encrypt their customer information and account information, and protect each key suing HSM. Strong access controls for encrypted data and key management systems should be applied as well.

One of the important requirements for CIAM is customer experience (CX). It provides access through various channels such as web and mobile, and suggests a method that users can use conveniently rather than requiring cumbersome registration forms when registering and logging in. In particular, providing passwordless login is a core requirement for CX improvement.

Developer-friendly CIAM makes it easy to apply to services and allows small businesses and startups to use it at no cost. It is also considered as one of the key functions of CIAM, to be able to work with multiple applications through various API support.

Protect your account with a one-time authentication code

swIDch uses 'one-time authentication code (OTAC) to support secure authentication without separately managing user account information. OTAC generates a dynamic authentication code that is does not duplicate, without cellular networks, and prevents the reuse of the authentication code, thereby eliminating the source of damage through account information leakage. It can be used in a variety of authentication of vertical markets such as disposable payment cards, drone, connected car, internet of things (IoT), machine to machine (M2M), defense, and enterprise IAM.

CIAM with the concept of ‘customer account and access management’ has been a solution provided for a long time, but it has only recently been extended to a wide range of areas such as customer experience, marketing, and sales. As we enter the application-centric era, the usage of CIAM has increased significantly. As CIAM provides convenience and safety of access to services, it is expected to grow as a core competitiveness of organisations.