Currently less than 5 percent of retail customers use information registered in accounts from sites such as Facebook to access identity management systems. However, over the next three years, more than 50 percent of customer identities are expected to be generated through social networks.
Signing in through a site such as Facebook means quicker registration of personal information, and eliminating or reducing form filling by importing directly from a social network profile.
In addition, customers only have to remember one password, that of their social network. Some companies already allow Facebook log-ins, enabling account access and even purchases.
Ant Allan, research vice president at Gartner, said that the growth in use of social network log-ins is due in part to sites such as Facebook becoming the primary way many users access all types of Internet content.
“For an increasing number of Internet users, social networks are the Internet,” Allan said. “Using ‘login with Facebook’ or other popular social networks reduces friction and therefore improves users’ experience of customer registration and subsequent login.”
For retail companies the use of social network log-ins has benefits, such as reduced demands on password generation, as well as making it easier for customers to browse and make purchases, aiding customer retention.
However, the use of social network identities does present security concerns over the lack of identity proofing and weak authentication demands, which can potentially open businesses up to fraud.
This means that some retailers are likely to put in place additional controls for customers accessing transactional services or sensitive data in future. At the same time Gartner expects that many businesses will accept the increased risk due to the prospect of larger purchase volumes.
This, in effect, will pass over the responsibility for fraud to credit card companies, which already have fraud and identity theft detection tools in place.
Allan also points out that the identification processes used by businesses are often no more secure than social media sites anyway.
“In fact, social network identities could offer better identity proofing than ‘raw’ customer registration,” he said. “This is because social network analysis can potentially identify bogus social identities, and some vendors can exploit the ‘wisdom of crowds’ to verify claimed social network identities.”
He added: “There will be increased demand for specialized vendors that support this use of social network identities, as well as for support for the OAuth and OpenID Connect specifications in traditional IAM vendors’ Web access management and federation products.”
There are likely to be some organizations that will continue to block social network logins, principally where the security risks would outweigh financial benefits.
“Businesses offering consumer-facing services, as well as government agencies offering citizen portals, should assess the benefits of accepting social network identities for customer and citizen registration and login,” Allan said.
“They must also weigh these against the risks posed by the lack of identity proofing and weak authentication for social network identities. Mitigating these additional risks may offset any cost savings.”