Secure by design - solving online fraud through better user experiences

YARMOUTH, Maine — In 2022 a hacker was able to breach the network of Medibank, an Australian-based healthcare provider, and what resulted was the theft of 9.7 million people’s private data for consumption on the internet.

How did this data breach occur? According to reports an IT contractor with access to the passwords and credentials of multiple accounts had malware on their PC, giving bad actors access to Medibank’s systems, an egregious error that could have been prevented if the company had required Multifactor Authentication (MFA), according to the Australian Information Commissioner (AIC).

However, there are some people who challenge that assessment and call for better security through design, like Dan Pinto.

"The traditional mindset around security in many organizations has been focused solely on maximizing protection, often at the expense of user experience,” Pinto said. “The assumption has been that security and convenience are inherently at odds — that you have to sacrifice one to optimize the other. I believe this is an outdated way of thinking.”

Pinto is the CEO and co-founder of Fingerprint, which calls itself the world’s most accurate device identifier. It’s a company that champions helping other companies with their data security and fight the ongoing battle against online fraud. For Pinto, the solution to better security lies in ease of use.

“Users today expect seamless, frictionless experiences,” he said. “Overly burdensome security measures, like frequent two-factor authentication inputs, breed user frustration and disengagement. Poorly implemented security controls like flawed OAuth configurations can directly lead to data breaches, completely undermining the intended security benefits.”

He continues, “Technology leaders need to embrace a ‘secure by design’ mindset, proactively integrating robust security into software design from the beginning in order to enhance user experience, rather than bolting it on as an afterthought. This involves a few key principles:”

1. Prioritize user experience as heavily as you do security. Make them equal design goals, not competing priorities.

2. Leverage modern, intelligent security controls that operate in the background, removing friction for users.

3. Continuously gather user feedback and iterate to strike the optimal balance between protection and convenience.

4. Foster a security-conscious culture internally in both an engaging and empowering way.

5. Some examples include hands-on interactive workshops (instead of passive training videos) and highlighting case studies of security incidents, data breaches, and the human impacts. The key thing is to focus on the lessons learned and preventative measures, not just the scary details.

Pinto concludes that, “With this mindset shift, technology leaders can deliver experiences that delight users while keeping data and systems secure. It's a win-win, not a tradeoff. And it's essential for staying competitive in today's experience-driven landscape."