From books to biometrics: Jeff Bezos’ lasting footprint on security
None
<div class="body gsd-paywall article-body"><p>When Jeff Bezos announced his plan to step down as Amazon’s CEO, tech leaders across the world paused to reflect not only the impact Bezos made on e-commerce, but also on technology and the e-commerce industry at large. Amazon has set the standard for user experiences and redefined consumer expectations, most notably through reimaging delivery and cost savings strategies through price comparison tools and subscription-based services. Perhaps less obvious, but just as important, is the superior customer experience Amazon has built around customer identity by making it nearly invisible to consumers, all without compromising security. </p><h3><strong>How Amazon set the standard in e-commerce for consumers </strong></h3><p>Online and mobile shopping have been transformed by Amazon in myriad ways. First, the user experience is completely intuitive, easy-to-use, and seamless. Amazon rarely asks users to re-enter their passwords before making a purchase, and it even offers a “buy now” button for an express buyer experience. Yet to create this level of buyer ease requires significant behind-the-scenes work. </p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>Companies like Amazon use mature and robust behavioral analysis technology to create an unmatched, frictionless customer experience without sacrificing security that many e-commerce brands strive to replicate. For example, artificial intelligence (AI) and machine learning (ML) are used to monitor consumer behavior to ensure customers are who they say they are, looking at data inputs like previous purchase history, how long users browse before buying, and how users scroll on their phone screens to ensure that it’s <em>them </em>making the purchase. Because every user and every transaction is evaluated independently, Amazon can identify behavioral patterns that indicate probable fraud and then introduce friction in the buying process to further prevent it. Most importantly, this back-end security and customization only enhances the user experience, eliminating the hassle that comes with customers having to remember and update their password. </p><p>Amazon and the tech industry at large have trained people to expect this level of immediacy and access -- it’s no longer a nice-to-have, but a must-have. Users want a never-log-in-again future, and it’s possible today. Seamless digital experiences have already become part of the fabric of the internet, and in a few decades, younger generations will look at usernames and passwords like the current generation looks at floppy disks, a relic of a bygone technology era. </p><h3><strong>The problem with passwords</strong></h3><p>While the same technology that enables a great customer experience and can proactively detect and mitigate things like fraud to save companies millions, there is a weak link -- passwords.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p>Successfully managing dozens or more usernames and passwords to login is an impossibility for even the most tech savvy people. To cope, most people default to easily-guessed passwords or they reuse them, making all systems only as secure as the weakest one. One hacked password is used over and over to attack other systems. As a result, <a href="https://www.businesswire.com/news/home/20200305005188/en/Forty-Two-Percent-of-IT-and-Security-Managers-Say-Their-Organizations-Have-Been-Breached-as-a-Result-of-User-Password-Compromise-According-to-Enterprise-Management-Associates-Research" target="_blank">passwords are the leading attack vector used in data breaches</a>, and moreover they create a poor user experience that drives customers away or causes workforce productivity to drop. In fact, on average, <a href="https://www.forgerock.com/resources/view/116529047/whitepaper/reduce-call-volume-and-support-costs-with-intelligent-self-service.pdf" target="_blank">75% of e-commerce shopping carts are abandoned</a>, causing retailers more than $18 billion a year. </p><h3><strong>The power of behavioral data</strong></h3><p>Today, most mobile devices are full of technologies, including sensors, cameras, and GPS that capture behavioral patterns, which can be used to define normal behavior for a specific user. Specific, often unconscious actions like how a person holds their phone, types on their keyboard, or moves their mouse can help identify individual human activity. Bots often show irregularities by navigating websites in a very distinct way, moving from the homepage to their objective within seconds. Obviously, bots also can’t physically hold a phone, so there is little activity with phone sensors, which is another key identifier of suspicious behavior.</p><p>While all of this behavioral analysis is ambiently occurring in the background, users have little to no visibility into how this works or ultimately how this impacts their experience, making a security system like Amazon’s nearly invisible and therefore deeply valuable. A growing number of companies are leveraging these concepts to democratize the type of behavioral analysis to which a company like Amazon has access. </p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <h3><strong>Making the move toward biometric authentication</strong></h3><p>While behavioral and biometric data is a powerful tool for companies seeking to offer the highest levels of security to users, how companies manage that data is the final puzzle piece in mitigating breaches and creating a more secure future for account authentication. By deploying a distributed authentication process that allows user data to remain on each device, rather than uploading it to a main central server where it provides an attractive target for bad actors, enterprises complicate traditional attack methods that seek to gain entry into a company’s central server to extract desired data. </p><p>Instead, each step of the authentication process requires a specific key that is unique to each device. This key is used instead of a username and password to authenticate to the platform the user is trying to access. This technology almost works like magic, providing a streamlined yet secure experience for the appropriate user while introducing digital speed bumps for bad actors. This distributed security approach also significantly increases barriers for cybercriminals. Without a central trove of passwords to attack, hackers would have to compromise credentials on each individual device, which is much more difficult, time consuming, and ultimately much less successful for hackers. </p><p>Ultimately, behavioral biometrics offer a powerful tool for companies seeking to streamline user experience while increasing security measures using technology and tools that are already accessible through devices. The benefits of this technology, progressed most obviously by Amazon, are significant for both consumers and businesses alike. So, while many of those discussing Jeff Bezos’ impact on the world view his legacy as creating a powerful, unprecedented e-commerce machine, it’s the underpinnings of that machine -- advances in biometrics and authentication -- that have been a quiet enabler of Amazon’s dominance and transformed how companies embrace offering the best user experience without compromising security.</p></div>
