Breaking the Blueprint

How Can Cybersecurity Improve Customer Experience?

Vinay Parmar & Iqbal Javaid Season 1 Episode 4

Share episode

What if cybersecurity could actually improve your customer experience, instead of getting in the way?

In this episode of Breaking the Blueprint, Vinay and Iqbal bring in special guest, Anish Chauhan to dive deep into the often misunderstood relationship between security and customer satisfaction. With data breaches on the rise and customer trust harder to earn than ever, this conversation cuts through the noise and explores how brands can bake security into the experience without adding friction.

You'll discover why outdated login systems are damaging your brand, how frictionless authentication is evolving, and the real reason passwords are on their way out. We also look at powerful real-world examples—from airport biometrics to banking fraud detection—and the tension between convenience and trust that every brand needs to navigate.

This isn’t a technical lecture. It’s a strategy session for CX leaders, brand owners, and contact centre execs looking to future-proof their customer journeys. You'll hear about Zero Trust architecture, the psychology of authentication, and why security needs to be a design feature—not an afterthought.

If you want your customers to feel safe and satisfied, this is the episode you need to watch.

Subscribe now to stay ahead of the curve:
 https://www.youtube.com/BreakingtheBlueprint?sub_confirmation=1

Special thanks to our sponsors, NovelVox for supporting this episode – find out more at https://link.javelincontent.com/btb_youtube

Show Links:
Vinay on LinkedIn: https://www.linkedin.com/in/vinayparmar/
Iqbal on LinkedIn: https://www.linkedin.com/in/iqbal-javaid/
Catch us on your favourite podcast directory: https://www.breakingblueprint.buzzsprout.com/share


zero trust in customer experience
 balancing security with user experience
 frictionless authentication for call centres
 cybersecurity impact on brand trust
 CX strategies for contact centre leaders

Find Breaking the Blueprint on YouTube

Find Breaking the Blueprint on LinkedIn

Vinay on LinkedIn

Iqbal on LinkedIn

Iqbal:

Welcome to this very latest episode of Breaking the Blueprint. We're now at episode four and today we are planning to evolve the conversation on from what we've been discussing in the past. As always joined by Vinay Parmar.

Vinay:

Hello.

Iqbal:

Good to have you join me and yeah, good afternoon. And we've got another guest with us, which we'll introduce very shortly. But Vinay, tell me what's been going on since we've last we did this now, I think it's been four, five weeks. Yeah. Yeah. We were, we, it feels like it's been a while, isn't we? Last in the

Vinay:

studio in March, I think it was, and where we did the airport one, which got some great feedback, some nice comments, and people are always fascinated by airports and travel and stuff that happens behind the scenes. That was quite an interesting podcast. And we got some nice points of view from Matt. and then since then, so I've had a, I've had a big bit of news, so I've as you know, I got a consultant. I had a consultancy that focused around, I. Customer experience as well as my speaking business. And I've acquired a majority stake in another consultancy called Customer Whisperers. And Customer Whisperers is a company that I've worked with in the past. They've been going about 18 years. Worked with some fantastic brands. I've collaborated on projects with them, with people like National Express, Red Row, Boohoo, Ping Identity, and, a few others. And the founder, Nikki Sawford and I have known each other. For a number of years. We first met in a coffee shop in Houston Oh, wow. In 2013. Yeah. Yeah. and, it's been one of these off and on will they, won't they? We've always been talking about doing something together business wise, never really been the right time. And then we did a project together, start the project together before Christmas. And the chemistry was just right. It just felt like a good move. And I'm merging my, company with that as part of the as part of the equity buy. Inter customer whisperers will now operate under the customer whisperers brand. So Dhruva Star will become a, become part of that, but it doesn't change the conversation. It's still all about customer loyalty, advocacy, trust, helping organizations to drive better experiences, to keep customers coming back in. Telling their friends.

Iqbal:

Yeah, that's, the end game, isn't it? Yeah. Well, congratulations, first of all. Thank you. That's, you know, massive news, isn't it? Thank you. I know you've been working on this for a while, so it's good to see that kind of close off. And I've al also noticed, it's been quite a busy time actually since we last did this, hasn't it? Yeah. Like you've been obviously busy with the acquisition of this company. Yeah. Yeah. And everything else. So it's, always you know, good to get some time together like this. And definitely you know, continue that conversation as you've said, you know, the, last conversation around airports was great. Every, you know, everybody resonated with it. And today's. Kind of conversation is, it touches on some aspects of what we did last time around security. I think. Yeah, that's what we want to kind of, you know, talk about and kind of delve into all elements around, you know, the implications of security when it comes to customer experience. And I think we can all, we've all had a story around that. Yeah, definitely. But before we go into that, I've got a, I've got a bit of a tech mishap that I wanna kind of share with you. Oh, no, not you as well. Yeah, not, as bad as what you went through last time. Thanks. So, so, yeah, no, I can, say it wasn't as bad as that, but, so I came across a situation where I, with a prospect over a Zoom call. And we were planning to have a translator with us because his prospect was French. Yeah. Speaking. French speaking. And he ended up just being the two of us on a, in a conversation. He spoke no English. I definitely don't speak any French. So Zoom has this feature called AI feature called Translate. Yeah. So it can translate the conversation, I've always spoken about this, but I've never actually put it into practice. So I thought I said to him like. Let's switch on our translation. Let's give it a go, right? We've got an hour booked in, let's do a full conversation. Let's have a full blown conversation. And we did that. and actually from a, discovery conversation standpoint, it went pretty well. Like I understood what, where he was coming from, he's pain points, and he kind of understood what, where, I was going with it. And then I, kind of made the mistake of attempt attempting a bit of small talk at the end of that conversation. Oh, no. And this is where it kind of fell apart a little bit. Actually, the, translation was, good. But there was this one point where we, started speaking about diets for some reason, I dunno why this happened, I was just talking about the, you know, I like French food and that kind of thing. Yeah. And he kind of understood that well, and I think he asked me a similar question and I said, look, I kind of try and avoid preservatives in the food that I eat. And I don't know if you guys know, but preservatives. Do you know what that, what, that is in French? Yeah. I've

Vinay:

got a feeling you're about to tell us.

Iqbal:

I am. Yeah. Yeah. Look, without being cross, it's, condoms. Yeah. So nowhere near it. Nowhere near it. And look it. Obviously he laughed his head off when I said that because it didn't translate that word, it translated it as condoms. And he is yeah, no shit. No shit. So, so just to be clear, you know, I, try and avoid condoms in my food. Very,

Vinay:

good. And, it's good for me to hear that I'm not the only one that has these tech.

Iqbal:

Yeah,

Vinay:

mishaps. Well, I managed to stay clear of most of them while I've been in talking about tech and all things tech. So as we know, we set this podcast up to talk all about the art and science of customer experience and customer loyalty and driving trust. And our commitment was to try and to bring together conversations that aren't necessarily obvious, different points of view, different people that come in. And so most people wouldn't put cybersecurity together. With customer experience in the same space. And this kind of episode sparked from a, friend of mine, Vimmel Rye, shout out to Vimmel in Dubai who has a brilliant customer experience company out there. Vinay had shared a post about his experience going through airports recently and so many touch points that were built around biometrics. So he didn't have a lot of human contact. He checked in by himself. He checked his bags in by himself. He went like it was pretty incredible. But it just got me thinking about that type security. We've talked on and off about data collection and those kind of things as well. But when you really think about it, every time a customer interacts with your brand, there is this, they're into that trust conversation, right? So it's not just the trust of what they can see, but it's also behind the scenes. There's a click of a button, the form filled in. They share their data with you in some kind of way. All of that is essentially that. Trust part of the of the conversation. And in digital businesses there's this kind of behind the scenes digital handshake happening that facilitates that. Right. So I, it got me thinking about the subject for this. And then Anish, who's here, Anish Chauhan, who's the founder of Equilibrium Security cybersecurity has been a friend of mine for many, years. We've known each other since we were. Not quite in diapers, maybe a little bit older than that. But from our, younger days has got an excellent business, which he'll tell you about a second. But he also posted on LinkedIn around Zero Trust. So I thought we'd get us in a room together and chat a bit about the world of cybersecurity, the role of that in CX. But before we do that, and. Please introduce yourself to our listeners, our followers, so they get a bit about you, your business, and your background.

Anish:

Yeah. Cheers. Thanks Vinay, I really appreciate that. So, first of all, thanks for having me and congratulations on the acquisition, by the way. So yeah, when we first started talking about this, it was a little bit tenuous and I won't lie, but yeah. So I'm, the owner and CEO of Equilibrium Security. Been going about 12, 13 years now. And in that time, you can imagine we've seen a big change in the landscape of cybersecurity. but Zero Trust I think is something I recently posted about, and I think that's where we picked up this conversation, but it, the, premise of it is very much about there's a landscape that isn't trusted. And so kind of, that's kind of, yeah, what I initially posted about really that sort of sparked this conversation. Yeah.

Vinay:

Yeah. And, I think the, the, link. And the tenuous link. It is a tenuous thing. But what I got was, well actually, if you've got this kind of thing with cybersecurity about two-factor authentication, zero trust, having to re win your trust each time in each interaction. Well, isn't that what we're trying to do with customers through customer experience anyway, through every interaction, we're trying to do that same thing. What if every interaction was that micro test of trust, a form of two-factor authentication or some kind of thing? But it, the trust was not about identity, but in this case it's about belief in customer experience. Right. And then we've also got this world of super hyper visualization. Companies want data through apps, through transaction. Customers have to try and personalize experiences, but of course, that's all predicated, that's all pre predicated on the fact that they can collect that data and customers will actually give that data. In order for them to give that data, there's gotta be a level of trust. Right. Right. And so, yeah. This whole episode is about exploring those blurred lines between digital defenses, emotional loyalty, and thinking about, well, maybe just maybe zero. Trust could be the key to building more trust and not less in that kind of customer experience, more I.

Iqbal:

And look, I've kind of gone down a bit of a rabbit hole with this since we first started this conversation. It's gone, pretty dark actually, in terms of where, I've ended up and, I didn't realize this, but like cyber crime and the impact of kind of, you know, cyber breaches, is it. Isn't industry in itself. So the World Economic Forum stated that cybercrime is the third largest economy. After us and China.

Anish:

Yeah.

Iqbal:

So just the fact, so that just tells you the risk that we are all at when it comes to how it implicates people. And then. Obviously we're looking at it from a CX angle, but you know, we hear about security breaches all the time. I'll give you a re, a ridiculous one recently. I don't know if you've heard of German Donna Kebab. Yeah. Really random. Yeah. So they had a security breach recently and what happened was they've got an app and you, We obviously fulfilled information on there and, all of that data got leaked. And as a consumer, you don't even think for a second when you're providing your personal details on that type of you know, retailer that, your data, you just expect that it'll be secure. Yeah. And now I will never be registering with a retailer either. Right. Yeah. For this reason. So, it's just interesting from the impact it has on us as consumers.

Vinay:

Yeah.

Iqbal:

Going back to that trust point is so difficult to maintain.

Vinay:

It is, and if you think about it, pretty much everything we wanna do with a company involves in some kind of exchange of data, like logging onto the wifi in a coffee shop. I mean, it's one of, it's one of my pet hates that, okay, I've registered with it once, but every time when I go in I've gotta reenter and gonna keep giving you my email address. And it just, you kind of get to the point where you go, why do I have to keep doing this? Why? I'd have to keep giving that. But in order to do it in the first place, you've gotta kind of trust that wifi network. Is gonna hold your data queue. And I'm sure we'll, dive into a bit of that in the conversation too, but Yeah. so let's start with zero trust. Okay. Ish. You know, it sounds like some technical security model. But how can it actually enhance experience rather than get in the way of it? And you know, a lot of our listeners won't be tech techies. Sure, yeah, You know, tech techies or people from it. But yeah, just talk to us a bit about it and build on what you said earlier.

Anish:

Sure. So basically just as a brief explanation, so Zero Trust is the premise that everything is untrusted. So when you just said that earlier on, that actually no one would think their data's gonna be, it's not, I actually think completely opposite. I always think my data's, you know, jeopardy of being stolen. And I think that's the premise of it really is Zero Trust, is that building a model, and this is a technical model, so these are organizations building a, an architecture or a framework, if you wanna call it that. That essentially assumes that. The person trying to connect to your environment as in the, you know, is untrusted, so that's users and employees primarily. So, right. If you think back a little bit, there was a, you know, maybe you may or may not be aware, but organizations were structured in a way such that they had a building, they had a, firewall on the edge of that building. And that prevented unauthorized access to their systems. But everything was inside their building, inside their server rooms, inside wherever. That landscape has completely changed. So there's things in the cloud, there's things on mobile devices. Things connect to the Com company device that aren't company issued. And so that Model zero trust, as we're talking about, is built from there. It's built from the fact that everything is untrusted until it can verify otherwise. So that's the basis of it really. But to your question, I guess there, you know, there isn't really a, in the, an, the media obvious point at which you can go, okay, how do we make it more? How do we make it enhance the customer experience? I guess the point is almost making a little bit of a parallel between those two. Not immediately, obviously, but there are parallels. Yeah.

Iqbal:

Yeah. And, I think the key thing here is you know, just go, just gonna take us onto our next point in a second, but it's Yes, zero to trust. We get it. We get the importance of it. And, actually that's the the kind of the bar in terms of. Right. You know, there isn't a trust there, so we've gotta have the processes and the technology to help prevent us from any breaches. But that can't come at the, cost of the experience for the end consumer and the users. So we've gotta figure out our way to make it as frictionless as possible. Right. And that's the thing is how do we, guarantee that? How do we ensure that the user experience, the customer experience, isn't impacted? Because even. Today. I know the technology's there to be able to build, give me, offer me a frictionless experience. But, you know, I was speaking to my broadband company just last week, and they're asking me ridiculous questions. you know, I've got five questions that I've answered 10 years ago. I've got no idea what holiday I went to in 2016. it's just, it's things like that, that, that. Just, leaves of poor experience when actually I know for a fact, you know, you've got enough data on me To be able to authenticate me so that I get, there's no trust there. I get it even as a consumer, but yeah. Come on, like this. This is lazy. Now, like you, we've gotta be offering a much. Better frictionless experience.

Anish:

Yeah. Almost, Assume that the customer is assuming that you are lying, that you're not who you say you are. Yeah, exactly.

Iqbal:

And not to mention it's remembering stuff, right? I think that, you know, being able to kind of, you know, authenticate yourself in that way. Yeah. we shouldn't need to think about it now. And and that's what, I guess that's what I'm would like to kind of explore in more detail is actually what. What can we do to, now improve, you know, that, that, whole experience of not being able to get people to do multifactor authentication. Yeah. And I get it in banking, it makes sense. Yeah. Because actually that's your money. But, you know, when it comes to me going to get a kebab, I don't really want, wanna be, you know, authenticate myself just to access an app.

Vinay:

Yeah, Definitely. So tricky. You

Anish:

definitely don't wanna be doing that.

Vinay:

Yeah.

Anish:

So. But just on the experience you had there, I'll just briefly just share something.'cause when my wife had a new we had a new, card, a new debit card, a credit card, I think it was. And we've not used it before. So she went to go and pay for her daughter's dental treatment, which is not cheap if everyone's done that. And of course she's the first time she's using the card. So I'm at home and she's going, I can't use it. So I, call up the bank, I go through a few things. They, yeah, it's all automated and they're immediately saying, well. What's your security number and immediately thinking the one of these online, the one use on my phone, the one, I dunno. And they said, okay. They immediately said well don't worry, this is automated still. Don't worry. We'll authenticate you another way. Send something to my app and I click. And I clicked it was me. so there's almost a bit more of a Yeah. Assumed trust at that point.

Iqbal:

Yeah. and I, think this is where mobile phones and apps can really play a role because you are using face ID to authenticate, right? So there is now I'm seeing a lot of organizations start to use different ways of being able to kind of authenticate you in that sense. and, I guess look. You know, the organizations that I tend to kind of work with, you've got the CX people focused on delivering great experience, and they, got our log heads with the security teams all the time, right? Yeah. We, yeah,

Vinay:

yeah. we were just chatting about in, in, in the kind of thing. So I, you know, I personally have a view that I think we've gone too far. Or I think that it's not the pursuit of friction less. It's about less friction. Less friction. Not all friction is negative or a bad experience. Sometimes you can build friction into the experience to drive confidence and to drive trust with customers. Think of it like a click of a seatbelt. The third of a well-built car, you know, like Volvo, have that sound when you shut the door, you know that you're safe in that car, right? So if you think about it in those. In those kind of things. And, what we were talking about, this was the, whole designing of experience. And, you know, you know, and jump in when you, feel like it. Yeah. But we were just talking about that, whole bit that. I guess from a technical standpoint, how much thought is actually given to the experience versus the goal of I'm just gonna protect this organization cost. Oh, yes. At all costs. Yeah.

Anish:

Well, the difference isn't it, is if if you design a system that ensures that people connect securely, so whether it's your users and or, you know, third party or users of your application or whatever it might be, a user of a company, if they're working from home or working remotely, and they're using a device that the system doesn't recognize, and they've gotta authenticate another way. If it doesn't work, they're gonna phone their IT and they're going to, you know, say, this isn't working. That is what I can't connect and I need to join, or I need to document your text. They're gonna be quite frustrated about it. If a customer can't complete the transaction, a customer has bad experience, they're not gonna self call and support it. They're just gonna get frustrated already at that point because they don't expect it. And I think, you know, sometimes. I can't remember who it was now, but we ordered something or I ordered some tickets for something and the little click of a seatbelt thing that you mentioned, like I'd ordered something. I didn't get a confirmation email. I didn't get a little ping. I didn't get a tick, I didn't get one complete. I, was like, what? Well, what's happened? You know? and they've almost gone, they're in that scenario, they've made it so frictionless that I, dunno what happened in the end of it.

Vinay:

yeah, exactly. And I think that what you're describing there is that, tension, so. You've got people that are trying to enhance the experience, trying to make it as frictionless as possible. With one set of objectives. You've got cybersecurity who are trying to protect the organization, rightly so, from attack, but the two have different viewpoints of how do you bring those two together? You know, I had experiences. When we were, when I was running innovation at National Express and we were trying to bring on proof of concepts and what would happen, we had this great idea of having an innovation lab. We did all the proof of concept tech providers would work with us, and then you get to the point of handover to BAU into back into the business. And then cybersecurity team would go, oh no, you can't do that. We've gotta check this. They don't have cyber essentials. They've not, got the right they've not got the right password criteria or whatever, it is. And you know, I, got into the conversation with this as part of a tech group that I was with a few months ago. I think it was last year sometime when we were talking about, you know, often we talk about proof of concepts, which is proving that the technology does what you want it to do, and then that's often driven by. The business outcome, the CX team, the digital team, but you've also gotta have a proof of viability. Which should be more about, you know, is it, is, what you're about to do and bring in secure? Does it have the right security protocols? Does it have the right password? Protocols? Is the coding that, that is, part of the thought process, but often that's an afterthought.

Iqbal:

look, the numbers are quite clear, right? In terms of, you know, the expected kind of estimated impact of. Cyber breaches, security breaches. it's about 10.5 trillion for 2025. That's what's predicted for this year. Yeah, for sure. So already you can see the impact this has on the, on all industries as a whole. So it's gotta be at, the top of it, not, I mean, I don't think we're able to even quantify the impact it has on the, brand and the experience that. Unclassifiable, aren't they? Yeah, sure.

Anish:

Yeah. And I think, although I can't, I sort of agree with the sentiment, I can't fully, support your the point at which, you know, the cybersecurity teams, you know, wearing that hat, you know, it is, they're there to kind of ensure the organization is in breach. But it's a balance, isn't it?

Vinay:

Yeah, it is. It is. And absolutely they're doing the. You know, it's not criticism of them, they're doing the job. I just, I wouldn't be able to be on this podcast.

Iqbal:

Allow you to, somebody has to. Yeah.

Vinay:

no. We're all friends in the end. But it just, at that point where you kind of go, come on. You know, surely I can get it through, but they're just, they're doing the job, right? And we've gotta get better at. Thinking about as CX practitioners and people that design the experience, thinking about it from their perspective, as well as expecting them to think about it from our perspective. And, you know, in the middle you'll come to a way of working that, that should help you. but it do, it, it is a fundamental part of every experience now, you know, whether it's checkout, whether it's logging into an account after you've signed up. All those things are important touch points in that customer journey. it's not just arrive at the website, buy, use my product, deliver it, and I'm happy ever after. They're gonna be those reoccurring moments when a customer wants to come back. And that's where that, trust piece comes in. Do I log into my account? Hey, can I get in and if I, you know, reset my password or if I do, all of that stuff comes as part of the experience.

Iqbal:

That's the thing that I'll kind of wanna explore is that this whole concept around passwords and things. you know, we've gotta be, surely we're way past this now. yeah. There shouldn't be a need for us to remember, I. As a family, we always debate like, what's the password for this? What's the password for that? it's a constant battle. Yeah. we shouldn't be living in a world like this. there's gotta be, we know the text there. So Yeah. The question is why is it taking so long for, yeah. For, organizations to

Anish:

adopt. Yeah. I, think part of it is the fact that you know, a lot of organizations, it's very much an IT thing, you know, but actually it, it should be, it, touches everybody. Right. But but I think part of the technology and things like this take an enormous amount of time and money to integrate. And if you have a new, let's just say, you know. Something as simple as a password vault that organizations will adopt so that everyone can generate a password. They're not remembering one, it keeps on there. That might have taken two years to implement something as simple as that. Yeah. And then although the technology's there now to avoid passwords altogether, you know, with pass keys and things you might see when logging onto various devices. Do you wanna use a pass key? And what that's actually using is biometric data like you touched on before, fingerprint face id. It's using that to make it. Smooth, a smoother experience because we've all done it. We go to a website where you only go to it once a year, like car insurance or something. I don't remember the password. So each time you just go through a password reset. Whereas actually that takes that away and makes it a little bit more of an'cause. It's immediately frustrating. It's like you, guys create a new account, you've already got an account. It's have I. Okay. Maybe I have then, yeah. What's your password? I don't know. Your first interaction is quite negative. Yeah, it's quite, yeah, it's true.

Iqbal:

It's pretty negative, isn't it? Yeah. I'm working with an organization right now who's trialing this concept around silent authentication. And there's been a lot of debate in the organization as to how this will be perceived by the customer. Yeah.'cause the, as you've said, right, that friction's important because that helps you as a consumer think, actually, do you know what, these guys are doing the due diligence to ensure that I'm the right person. But the idea behind silent authentication is that that you, the, you use the mobile providers data network to verify their device that they're calling from, the number that they're calling from, et cetera, et cetera. And that's hooked into an API within that contact center. And then the second that person calls into the IVR. They're fully authenticated and there's no need to go through anything. And so there, there was a worry and a concern that actually this is. This is too quick. And actually we've gotta ask something. We've gotta show the consumer that we are doing a dude.'cause you can't speak to the customer and say, by the way, we've got this technology and it, the customer doesn't care. No. They just wanna know that you, it's almost too

Anish:

frictionless. It is. Yeah. So, I

Iqbal:

dunno what, you guys think. You think that there, there is, legs in this. I mean,

Anish:

That technology you described there is not new, okay? Maybe using the mobile provider might be a little bit more recent, but actually organizations for probably the best part of a decade, maybe if not even more, had certificate based authentication. And what that means is you've got a company issue device that's a laptop, it's got a certificate because it's enrolled into their Microsoft infrastructure. I'm getting a bit tech in now, so I, the technical, they go. It. It rolls in, it rolls into that, and therefore the immediate you connect to go, to, go to work, your server, your application, whatever you need to go to, you're immediately authenticated. Yeah. And the first time people, exactly what you described, first time users were using that, they were like, I'm like, have I. Is that supposed to, what's happened here, to be true. Exactly. Yeah. I didn't start

Vinay:

a v vpn, I didn't

Anish:

do this. I didn't put any credentials in, so, yeah,

Vinay:

yeah. And it's funny that,'cause that psychological thing about we, that's what I've done. My point is that we keep going about frictionless, but there are points in the journey where you need that into, to psychologically for the customer, let them know that something's happened and that, you know, they've, passed a gateway that gives them the confidence that something's been checked.

Iqbal:

That's right. Yeah.

Vinay:

it's, kinda you know. If, you're flying and you wear a seatbelt, the chances of that seatbelt really protecting you from anything is tiny. But you wear it because there's a psychological thing if I wear the seatbelt and if something happens and I'm gonna be saved, it's not comfortable. Well, it's not. No. And if you've watch lost it doesn't work anyway. So, see, so you've kind of got that. So I think that's, part of it. But coming back to the you know, part of the. Understanding what's happening as well. I guess there's also the, data points that gives you, so we were talking about you know, where people abandon a cart because they can't get through to the payment, and often the e-commerce team will look at it, they'll look at the data, but they'll look at it from a, there's just a cart abandonment. Something's happening. Yeah. But that could be linked to a really poor checkout experience because. Maybe they're having to authenticate or again, re-put in a password or do something. Well, it might be

Anish:

a technical issue whereby, you know, I think I came across a retailer actually that reported this exact issue and they're saying, well, they had application and software to map aur a user journey. And they're like, hang on, everything's happening at this point here. And it's because if someone had something in the basket. And they wanted to continue shopping. That didn't work. It just got rid of everything in the basket.

Iqbal:

it's interesting, I think one of the things that's really become widely adopted is single sign on. So you've got your, you use your Gmail, for example. And a lot of people ask me like, is that really secure? is this safe for me to put my Google credentials into again German Donna kebab so I can authenticate myself like, so then. That way, I don't need to remember a password. Yeah, I mean, that, that seems to be the, a very kind of I'm seeing that everywhere now, which makes life easy for us as consumers, right?

Anish:

Yeah. Yeah. I mean, it, it's secure in the sense that it's, you're using one set of credentials, which is probably quite well tied to something. And therefore if you log in using your Gmail account to something you didn't expect to, you get a notification, you know, normally you just logged into something was that you. So things like that make it secure. But the flip side of that, with the cybersecurity hat on. If your g, if your Gmail account, if your Google my account is compromised and you're using it for not just to buy Cobas, but to, check out a, you know, a an online retailer, then that's then the. The barrier to entry for compromise is higher, but the, poss, the world of possibility is much greater in terms of what can be done. Yeah. I

Iqbal:

also, I, promise this podcast not being sponsored by German Donna Kebab, I promise not to mention it again,

Vinay:

but I mean, I had a recent experience with Relu. So got Revolut at camp. My daughter's got a Revolut card attached to it. She's got an under 18 card, so she gets physical card button, a digital card, and then randomly the other day, it just popped up on my notifications. An Uber charge for 4 99, but they picked it up and went, this doesn't look like you normally do this. So we've declined the transaction.

Anish:

Yeah.

Vinay:

And picked it up immediately. Right. And I was thought, oh wow, that's pretty cool. And then we saw that there'd been three or four attempts at using her card to do that. Now she's 14, she's not been, and it's from London. So she's not been in London, she's not used an Uber. She doesn't have an Uber account. This is really unusual. But what was even better is I was able to cancel the card immediately right there and then just with one click. Order a new card, they would then set the expectation that this card is coming between these dates. You can track it here. Like I just liked the way that they did and there are probably other banks that do something similar. I, dunno that many cards across the thing. So I dunno what everybody works the same way. But I just, I liked that. So from a customer perspective, dunno, we're veering a bit off cybersecurity. Essentially, but from a secure, from, that confidence again, yeah. Conveying to me that this is what's happening. Yeah. that, one of the worst things is when you do have your data leak and you go back to the organization.

Anish:

Yeah.

Vinay:

The lack of reassurance that you get about what's happening, what's happened to your data, where it's gone, who could have used it. It's just, it's on the, it's in the dark web somewhere. You know, being, sold for, cash or something, you know, that. That can, there,

Iqbal:

there, there's a website I came across again as part of this whole process called have I been Pawned? I dunno if you've come across this. And Yeah, so, well, it's,

Anish:

it was actually, it was supposed to be, have I been owned? it was maybe a deliberate or accidental typo. So it's PW but it's, yeah, it's meant to be Have I been owned? Okay. Oh, is that what it was? Just thought maybe my details have been sold on or something. no. They. Stuck with the typo in the end. Okay. Well, I guess

Iqbal:

it's a good PR there, but yeah, I, found that quite interesting because again, I've, you know, put my email address in to see if, my data's been leaked on it.

Vinay:

But it has, I think everybody has, my, iPhone tells me that, you know, my, your password from passwords, I from websites haven't used clean websites I haven't used for years. Let's just make it very clear. But yeah, but you get that, but it, is like when your data is compromised, I mean, I, worked in fraud detection. Back in banking way back in the day. And I remember having conversations with people go in I'd get a report on a card. I'd call them up and say, Hey, have you just been on holiday? Yes. Where have you been to Turkey? Yes. Okay. Did you buy this? Yes. Did you buy this? Yes. Did you buy this? No. Did you buy this? No. Where's your credit card? It's still in my wallet and back in the day it was just people cloning cards using magnetic stripes, but now it's so much more sophisticated, obviously, you know, the, world moved on and so you're battling with that and so you know, again, that cyber of security building into the experience. To know that if you're going abroad, you don't want to have the, thing about all your transactions get stopped because the bank goes, well, you're not in the right country, so we're gonna stop everything. But there's enough assurance there that you know, that. Yeah, those kind of things get picked up or that if somebody tries to log into your account Yeah. That it is picked up.

Iqbal:

It's kind of offering options as well, isn't it? I find that I went to France once and my data roaming hadn't kicked in for whatever reason, and I had no way of going online to be able to authenticate myself to be able to enable data roaming.

Speaker 4:

Yeah. And I

Iqbal:

just couldn't figure out a way to get over that hurdle because data was the only way I had to go and find a wifi signal somewhere, you know, that type of thing. So it's, Trying to figure out all eventualities so that if your consumer is stuck there, there's gotta be a way around it, right?

Vinay:

yeah. Yeah. so I mean, we, are kind of coming towards the end of this episode and I just kinda wanna wrap up with a, with I guess, a few key points and pointers for our teams. If you are from, your perspective, if you are talking to people that are designing experiences that are thinking about. What to do, what would be your I guess guidance, I wouldn't say advice, but necessarily your tips for getting them to think about it in the context of security. What, should CX designers be thinking about?

Anish:

Yeah. Well, before I fully answer that one, it's almost because the same issue happens, so we do a lot of security testing and even the developers, so these are technical people developing. They won't have thought about security. They're talking about, they're designing functionality. Oh, right, okay. But we as a business come in and test it. They're like, actually, you know, you haven't really thought about this and you haven't thought about that. In some cases it's like a, redesign almost, you know, because they then, it's just not secure. So they have to, so I guess to bring it back to the question, it's more about ensuring. That security isn't just an afterthought. Yeah, I suppose. Yeah. And that, you know, you

Vinay:

can apply that to everywhere, really. Yeah. Yeah. The irony being that most CXS would say, well, CX isn't an afterthought. And actually as you, were sharing that, I suddenly went, oh God. Developers don't think about security in the same way as. We think sales should think about CX or operations should think about six. it's not a natural thing necessarily for them to think about. And part of the job is, having that conversation, bringing that, that awareness of whether it, you know, security, the same thing about how it can affect their world.

Iqbal:

I think it is an awareness thing and it is so complicated, right? So I think for most people it's like it's somebody else's problem. that's for the security team to figure out and work out. I'm carrying doing what I'm doing, but I think. The awareness and education is important because you build that into the design from the outset. Yeah. And, so I think that's really important. The only other point I kind of, I just want to finish off on is we, talk about consumers engaging brands and how brands are you know, have got zero trust. The same applies to us as consumers when we are being contacted. And this was a challenge that I came across recently where organizations looking to, ensure that their consumer knows that they're being contacted by them. you know, banks do it. They call you and they say, look, get onto your app. And you know, this is how you will verify each other. Yeah. but there, there is a new concept that I've, kind of discovered is is being able to publish your brand on, people's mobile phones. So through the mobile networks, the we're helping organizations. Present their, name, their logo, and their number. Because actually 92% of consumers think unidentified calls are fraudulent. But there was a, thing done, a survey done recently where we get it right. If you see a random number, there's no trust there whatsoever. So it's like, how can we. Improve the process of outreaching people rather than just The whole concept of just call, you know, being called by your bank or who, whoever, right? And not having that trust is is. Are there other ways of being able to improve that capability? is also important, isn't it?

Vinay:

Yeah, yeah. Yeah. I like, I think there's things like biometrics and things like that. I mean, you know, certain banks have also now moved on from their old ID and v give us random, letters from your password to just say something and it picks up your biometrics. They can identify you are so technology moving. But I think it still comes down to, and I think the point that you were making earlier on was it's about deliberate design. Yeah. And thinking about it from that perspective, from the upset. Yeah. And actually you know, you, it still comes down to giving the customer the trust, like the winning trust with the customer that something's happened, that something's been authenticated, right? yeah.

Anish:

Absolutely. Definitely. Yeah.

Vinay:

Yeah. And, so again, just kind of on that. Hundred point when we're thinking about that for people that aren't technical. How can, if they were, if you were now representing, I'm not saying you're representing all people in cybersecurity, but if you were, what would you want people that aren't from that world to be thinking about when they're thinking of solutions, ideas, bringing technology on board? What would be your kind of top three or four? Things for them to look out for and tips in terms of helping them get design through.

Anish:

Yeah, I think the first thing is just the, you know, in early engagement, that's definitely really important. Thinking about the user journey, of course, you know, get getting that because yeah, you think about it like from a organization point of view, if you made loads of security barriers for someone to jump through. It's just gonna be an awful experience. So getting that balance, everything is a balance, right? Balance between security and functionality, but also breaking down those siloed communications within creating that customer experience. And I think the sort of, the other thing really is, I, would maybe just say this, I can't even say this, but it's you don't overcomplicate don't over secure things because you know you can. That, you know, the 80 20 rule, you know, you can achieve 80% of the results with 20% of the effort. Yeah. and bear that in mind sometimes, you know, because that's really key because you're not gonna cater for every single cybersecurity event and every cybersecurity incident. So actually the Pareto rule law, your 2080 rule is actually probably a good rule of thumb. Yeah. You know, I'm not saying only put 20% of the effort in, but don't worry about trying to get the a hundred. Yeah. Yeah. Because, because I guess if somebody's gonna get

Vinay:

in, they're gonna gain. Yeah. It's. But it reducing the likelihood it's, yeah, it reduce the likelihood you're never gonna be a hundred percent.

Iqbal:

So I find it interesting that the numbers are going up in terms of the impact. Right. And the technology's improving. We can see it for ourselves. So what's actually going on here? Because you'd think that there'll be less breaches. Yeah. There's more breaches. We're seeing data leaks more than ever before.

Anish:

Yeah.

Iqbal:

what's your thinking behind that? I mean, what, why are we regressing here? Yeah. When it comes to this type of thing. And as a consumer, that going back to the trust thing, it doesn't, gimme any confidence.

Anish:

Well, there's two things going on. One is the attack surface as we call it. So that is, your information is now everywhere, right? Compared to a few years ago. Your information is easily accessible and it is everywhere. And the other thing is. Consumers want everything everywhere. And so because, you know, that makes the attack surface for the cyber criminals so much more vast. So before having to hack into a computer or having to get past perimeters and firewalls and buildings, whatever, that, those days are gone really by and large. But people also want instantaneous access to their information. Alright. So when you open your mobile device and you go to email, you go to wherever you want to, you know, I was looking for a, looking for an email and you are looking for a ticket or whatever you're looking for. You want it, there. And then, you know, we've got used to that immediate accessibility, so convenience. Those are the two things that play really, and it's kind of like a, it's a, it's an ever increasing, balance.

Vinay:

Balance. Yeah. Yeah. it's that constant tension and balance between the two things. It is. Yeah. And I mean, before we, started the podcast, you were delivering a, session to one of your clients and you were just running through people's training. And I was just, I over heard, you heard you say things like we, you obviously talked about phishing emails, which everyone talks about. But there's also vishing and there's also di like the, what's phishing? That's when they use

Anish:

voice. Voice, yeah. Yeah. So someone's calling you up saying, oh, we've noticed an issue on your computer. You know, they're obviously targeting, the least tech savvy and you know, we need you to go to this website, enter these details, and we are gonna secure your bank account or secure your something, you know, under the pretense of it being. Yeah. In your interest. Yeah,

Iqbal:

I've, seen a ton of these scam videos on YouTube actually, where they were Indian call centers, none of my relatives by the,

Anish:

and then, and just another point is the you, you said kinda, yeah. what's, in, what's causing this to, to increase? And it is the, vastness of data.'cause there's a, there's, you know, I, don't remember the exact stat so I won't try and quote it, but the amount of. Data we generate now in a day or an hour 20 years ago, took us. 10 years or five years to generate, I don't know exact sta I Exactly. But it sounds about right. You're generating massive,

Vinay:

everything we're doing is creating a digital, footprint of something, a transaction record, a logging into an email or logging into an account or everything that, you know, just a simple act of ordering an Uber cab or a Don German Donna. they're all creating data points.

Anish:

Yeah,

Vinay:

and I think. that, that trust piece is also really important that companies want to try and give personalized experiences to their customers. They want to personalize marketing. They want to personalize. When you turn up to a kiosk and you order something that all needs data about the customer, but at, as we said at the beginning of the conversation, the whole point of this is that. Given the confidence to the customer that they can pass on that information or that their information they're handling is being handled in a way and it's being cared for, that it doesn't end up in a data leak, that it's not gonna end up on some dark website that somebody's gonna do. Yeah, because. You know, we want, we, we say we want these things as customers, but if we can't, if we don't trust the organizations we're giving information to, then how is that ever gonna come to pass? We're then gonna still get su we, we are still gonna be suffering from, you know, substandard experiences or moaning about, well why can't this organization pass my data to this organization? Surely you're this, sometimes in the same company, in the same department, they won't pass information to each other. Yeah. But it's understanding that, there's a reason, there's a gateway there because it's designed from a security perspective. But if we're trying to improve those experiences. As people that designing CX as people that are thinking about CX and improving that, we have to adopt that mindset and look at it from the perspective of the cybersecurity world and go, what is it that we need to be able to think and consider here? Yeah. In order to drive that and build confidence and trust in our customers.

Iqbal:

Yeah. I think the, kind of moral of today's conversation, it, is that balancing act. And, we're constantly trying to keep up. With everybody's expectations and not, you know, not at the compromise of people's experiences and all of those things. and, I think in general, excuse me, in general, we're seeing improvements across the board. I think, as I said, as a consumer, I'm definitely seeing that from a trust perspective. I think that's still. Question questionable. Because of, you know, some of the things that I see and may, maybe that's just because I'm, yeah. I'm looking into it a lot more than the, general public. But most people, as you say, are quite, they, they may accept that there could be a security issue here, but the convenience is far more important to them. And I find that sometimes I'll just do stuff and think, do you know what, this could get leaked, but it just makes my life easier. Right.

Vinay:

Yeah. Yeah. yeah. Look, I think, we've covered some really interesting ground here. I know cybersecurity is not the sexiest subject, but it's an important one I'd think, to differ.

Anish:

Yeah.

Vinay:

It is. When you look at it through a certain lens, and it is, when you think about it as it is a conduit, it is a pathway to get in, customers data, improving your interactions, improving the customer journeys.'cause the more that customers. Trust you to do it. They're more likely they are to do the things you ask them to do and that kind of thing. Some of the insight and some of the shit, I'm still thinking here going, A developer doesn't think about security, but they're writing the code. Why are they not thinking about security? But you suddenly then you go, well, well actually, yeah, that kind of makes sense to me. Yeah. Yeah. As you were talking about that, and I was thinking about some of the brands and things you interact with, it's also dangerous to assume that just'cause something's a tech startup and you know, a nice shiny app or a website, that it's necessarily secure. Right. So, you know that it does, comes to me as well.

Iqbal:

Yeah, it does. It makes you nervous, doesn't it? When it's too easy. And I think that's why, just going back point, I think that's the

Vinay:

thing, isn't it? When it's too easy.

Iqbal:

Yeah.

Vinay:

like I don't think I'm ready to trust, fingerprint access into my front door just yet. I think I'll stick with my key. Yeah. You know, whether peoples might trust it. But again, you know, they're the. They're the kind of, they're the kind of things, right?

Iqbal:

Yeah, exactly. Look, I think it's a good, place to, to conclude this session today. Thank you Anish for joining us. Thanks. Having for this session, Vinay. Thanks as always. Yeah.

Vinay:

Just, I'm sorry, before we sign off, Anish, if people wanna find out more about equilibrium. Yeah. Where can we, where do, where they need to go? What, can you help them with? Just here's your 30 seconds to give'em a plug.

Anish:

Oh, brilliant. Thank you. So yeah, so we're in conventional sources. So, social media, LinkedIn, and, website. So, equilibrium security.co uk is a resource, you know, a list of all our services. We provide security testing, as we mentioned, certifications penetration testing, and we also carry out cyber awareness programs. But a most interesting one, actually, I'll just use this moment is our brand monitoring service. So we don't look at anything technical in terms of an organization. We are looking at all the stuff that a cyber criminal would do before they initiate their attack. So that's things like registering similar sounding domains, misuse of a logo, confidential documents, phishing, you know, starting the phishing email. So it's all the stuff that cyber criminals do before they start an attack. Okay? So that's our most interesting and that is rapidly evolving service. That is interesting.

Iqbal:

It's preventative, isn't it? Yeah, I like that. So yeah, look, we've

Vinay:

preventative, we've gone back full circle

Iqbal:

to French

Vinay:

preservatives. Yeah.

Iqbal:

Hopefully nobody's translating this conversation. But yeah, look, it's been a pleasure. Really, good to have you. And just for our listeners and those that are watching, we really appreciate you guys taking the time to listen to us. We'd love to get feedback, obviously subscribe and like the, conversations. And you know, keep the comments going. we look forward to catching you on the next episode. Thank you.

Anish:

Thanks again. Cheers.