Podcast: Play in new window | Download
The inclusion of individuals of all abilities and ages is an absolutely crucial element to incorporate into security solutions. However, it is often missing.
To learn more about inclusion as a principle of design, PaymentsJournal sat down with Justin Fox, Director of Software Engineering for the NuData Platform at NuData Security, Dave Senci, VP of Product Development, Cyber & Intelligence Solutions at Mastercard, and Tim Sloane, VP of Payments Innovation at Mercator Advisory Group.
“Isms” negatively impact the user experience
Two common problems that are too often present in security solutions and authentication processes are ableism and ageism.
“When I talk about ableism, what I’m actually referring to is when someone’s discriminated against in a technology because of their ability to use a physical device,” said Senci.
Something to keep in mind with these types of exclusions is that they can be temporary or situational, such as an individual not having internet access because they’re in a rural area without connection. They can also be permanent, such as an individual who can’t participate in biometric authentication via a fingerprint because they’re missing a hand.
Both situational and permanent ableism impact a large number of people. Two in three Americans shop online and one in four adults are living with a disability.
Ageism is also pervasive. “Just like ableism focuses on exclusion due to an individual’s physical capabilities, ageism focuses on exclusion surrounding the constantly changing level of technology literacy in populations by age group,” Fox added.
Older individuals are more likely to have been impacted by a security breach or identity theft during their lifetime than their younger counterparts, making them overall more wary and cautious when using their devices.
“This is where a lot of creativity is needed to adapt to these behaviors behaviors while ensuring that you’re not leaving any age group behind,” said Fox. “The bottom line here is that the way somebody is treated online and how we verify them and interact with them shouldn’t discriminate [against] them by their abilities or age group.”
How do “isms” in the principles of design translate to the user experience?
Much of the time, exclusion is an unintentional consequence of a product designed without people’s unique differences taken into consideration. For example, many organizations rely on authentication measures that depend on physical biometrics. While this improves the user and payment experience for a good portion of the population, it leaves others completely excluded.
In fact, nearly one in four (23%) of Americans making less than $30,000 per year don’t own a smartphone. Almost half (44%) don’t have home broadband services or a traditional computer (46%), and most don’t own a tablet. In comparison, these technologies are nearly ubiquitous in households earning at least $100,000.
Adults with physical disabilities are also left behind in many solutions. Each year in the U.S., around 26,000 people suffer from permanent loss of upper limbs. Adding in temporary and situational impairments, like a broken bone, this number jumps to 21 million people.
Also, online services often don’t need a majority of the personal information they’re asking for. Younger adults are more used to handing over their personal information, but older adults are less comfortable doing so. This results in reputational damage and a poor user experience for adults accumulating spam, abuse, or toil.
Exclusion of non-binary genders is also rampant. “I find nothing more frustrating than service providers with a gender form that only supports binary options,” said Fox. “So Mr., Miss, Mrs., or Dr., and I’m not a Dr., but that’s the most gender-neutral form option I have because they don’t include the Mx. option,” they added.
The solution lies in recognizing exclusion—and taking steps to minimize it
The first step in breaking down exclusionary design principles is recognizing that they exist. When recognition occurs, progress is possible.
“Once you’ve recognized [exclusion], you just continuously work at it and make it a priority to address by being mindful of what solutions [you’re] building and the wider solution impact they can have,” said Fox. “As a director of software engineering and as an educator, I can say without reservation that every bit of tackling this problem starts with how you approach designing your solution in the first place.”
Having a diverse set of people represented on the engineering team makes it more likely that design issues will be recognized and corrected early on. “The sooner we can adjust the approach, [the sooner] we’re going to ensure that the diverse human experience is accounted for,” they added.
When teams are less diverse, an alternative approach can be leveraged: games. This can look like having the design team write down examples of physical, social, and time of day constraints, categorizing them, then testing the solution with specifically those restrictions in mind.
“I think we’re going to eventually see that this ability to recognize an individual gets better and broader and [more] capable of taking into account all of these types of problems,” said Sloane.
Security isn’t a one-size-fits-all solution
Beyond gaining awareness, it’s also important to recognize that security and ease of use are not one-size-fits-all solutions. “It’s about moving away from lumping everyone into one massive group, and knowing that we each have our own uniqueness,” said Senci. “It’s about moving toward a multi-layered solution while also giving users options.”
This could look like leveraging passive biometric authentication to validate an individual based on their historical behaviors and uniqueness, while also combining them with device intelligence and behavioral analytics, as opposed to creating a single solution that depends on thumbprint scans or one-time passcodes.
“With each of us having our own human uniqueness, why not explore leveraging that uniqueness as a way to validate our identity?” he concluded.