Innovation is the lifeblood of entrepreneurship, good business, and consumer satisfaction. Innovating is always good, right? Well, like most things in life the answer is most often ‘maybe’ or ‘it depends’, and that applies here to innovation as well. While good in itself as a process for continuous improvement, one has to always look at the ‘why’ of innovation before anything else. Innovation for the purpose of solving a specific, known problem is a good thing. The only thing you have to watch out for is ensuring that it meets the needs of the end-user while not going against any of the core unchangeable facets of the user's life.
Innovation just for the sake of innovation often never ends well. At best, you’ll roll out a new update or product that’s just annoying and leaves your end-users asking why you bothered at all. At worst, you’ll find yourself in a serious conflict where the new rollout actually makes things worse for everyone involved. Granted there will always be teething problems with a new product or update, but these issues are solvable and are not the same as a conflict at the fundamental level negating all its benefits. Let's take a minute to examine two stories of how ‘unchecked’ innovation can sometimes set you back rather than take you forward.
Cybersecurity vs HR Policy: Are they aligned?
Imagine yourself in a situation where your cybersecurity team has implemented a new process to enhance your workstations with a two-factor authentication login system. This would require that you both use a password (as you always have) and a token ID number which will be randomly generated for each login. Sounds great for security right?
Now on the first day of its rollout, there is a prompt to inform everyone that they need to download an app that gives them the token code which will be generated after they pass a fingerprint scan. But, there’s a problem, well several actually:
You find out that not everyone has a smartphone with a fingerprint scanner (hard to believe, we know. But it happens).
Not everyone has a smartphone of the correct generation OS to support the app. Some staff have older phones either by choice or because of financial constraints.
You didn’t realize that some of your staff are on phones that don’t support the iOS AppStore or the Google Play store. Take the Huawei AppGallery for example, where certain apps aren’t allowed onto (no fault of the manufacturer, but just due to global sanctions policy).
The token app’s security prohibits the usage of any phone that has been jailbroken or rooted by the user - or worse yet, is perceived to be rooted due to some factory configuration by the phone manufacturer.
Your own HR policies prohibit the use of personal devices on the company’s production floor environment - and HR is now hopping mad because everyone’s no longer leaving their phones in their lockers ‘as per policy’. You then find out that a major change to HR policy like this requires a board-level resolution which takes months to get. Oh no!
So while absolutely fabulous for increased cybersecurity, we can see that the rollout of the two-factor authentication login system was an absolute flop. Can it be fixed? Yes, but this will take time, effort, and likely a temporary rollback to the old system in the meantime which diminishes confidence in the new system at the employee level.
A Look Back at Payment Security
Payment technology has had a steady evolution over the past few decades, from the humble knuckle buster card imprinters to, where we find ourselves today, with the integration of biometric security. The thing is, each innovation brought us a new convenience, and then when fraud finds a way to defeat your innovation, a secondary innovation would be introduced to counter the risks brought on by said innovation. Examples would be PINs for EMV chip cards, and 3DS for eCommerce transactions.
One of the more recent (and welcome) innovations would be payment tokenization, removing the hassle of having to key in your card number for each transaction online, but also removing the risk of the card numbers being exposed by only exchanging a token (representing the card during the transaction, but completely useless on its own). The reason this was so useful is that should the tokens ever be compromised, they could be changed and re-issued at speed and at scale.
However, with the introduction of biometric payments, like Amazon’s new plan to roll out biometric scans linked to payment wallets, what happens in the event of an all-too-common data breach? Are people supposed to somehow change which biometric scan they use as the old one has now been compromised? If you had to switch to using your thumb, then to your index finger, then to your pinkie, then to a palm scan, you would eventually run out of appendages to use.
While nobody can deny the transaction security benefits of adding biometrics to payments, there has been little in the way of assurance of what happens next if those biometric profiles are compromised. Unlike a card number, a token, or a PIN code, they cannot just be replaced or reset. This is one of the main reasons that the biometric security we are comfortable using today on our mobile devices (i.e. FaceID/TouchID, and its contemporaries) is device-based and not stored in the cloud.
As a caveat, without any direct knowledge of the Palm Scan technology being introduced by Amazon, we won’t be able to tell how much thought has gone into its security implementation. There’s a chance it's iron-clad and there’s nothing to worry about. However this is not about this specific launch, but more about the situation where such technology becomes so mainstream that it is wielded without the care and thought it deserves by a first-to-market type app builder - The situation could quickly get out of hand, like a 5-year-old finding a hammer in the toolbox under the stairs. We also can’t help but wonder if in a rush to roll out new and innovative payment security measures, do we sometimes accidentally 'go backward', erasing the gains of the technology that preceded it? Food for thought.
Oh great, might as well maintain the status quo then?
Well, it might be safer and less painful in the short term to maintain the status quo in your business. But always remember that stagnation in an ever-changing competitive environment is akin to moving backward and allowing rival businesses to chisel away at your market share and supplant you in the minds of your best users. You do need to keep innovation at the top of your mind, but its rollout and implementation must be handled in an organized and inclusive manner across the business.
Need help with sanity-checking your innovative process? Want to align your workstreams but need to ensure that it doesn't conflict with other core areas of the business? Or just want to have a chat about the rollout of your latest innovation? Contact us today and we’ll be happy to schedule a session with you to talk about it and find the best way for you to move forward.
Comments