Login to the real world with your Facebook account

It seems like every other website we visit today presents us with a “login with a social network” button. We are sometimes presented with a choice, usually between Facebook, Twitter or LinkedIn. But the most common social network encountered is Facebook and the most common scenario where we are offered this option is when we attempt to use a technology-focused service online. This is starting to change and we will start to notice it in a matter of months.

Retailers, financial institutions, and government departments are taking notice. Many are exploring the weaving of social identities into their websites and digital services. Some have already started on the journey while countless others have at least had internal discussions in attempting to understand the implications and risks.


One of analyst firm IDC’s key predictions for 2013 focused on omni-channel retailing. From a technology standpoint, the message was that retailers need to evolve to weave social, location and mobile into the customer buying process. Doing so would enable our retail experience to exist over disparate points in time rather than being forced into the stop-start nature we are accustomed to today.

Gartner, another leading analyst firm stated that “by the end of 2015, 50 per cent of new retail customer identities will be based on social network identities, up from less than 5 per cent today”. Combine this with IDC’s prediction and we arrive at the conclusion that when we shop, whether it be online or in-person, our mobile devices and our social identities will be the key pieces of information retailers use to personalise our shopping experience. Done properly, it will actually improve our experience. Retailers hope this will result in more sales in an industry that is struggling to justify the existence of their bricks-and-mortar presence.

Of all the groups mentioned, retail is the sector that is showing the most interest and moving ahead with projects to integrate social identities into the shopping experience.

Financial institutions and social unlikely 2B BFF

All financial institutions that offer products and services for individuals are in fact retailers. When you browse information on a website or speak to a customer service representative, you are in fact simply a customer prospect. To use sales-speak, you are a potential lead. There is no valid reason for them to know beyond an acceptable level of doubt that you are in fact who you represent yourself to be; if you say your name is John Smith and you are 40 years old, then your experience is tailored based on that information. At least it is, if you are speaking to an actual person. When you browse a website, you are treated as a generic person: customer x.

In a world where most people perform preliminary investigations online, this does not mimic the real-world scenario business processes were built for. It is in these first few minutes that our minds are generally made. Even if we don’t, we are just as quick to dismiss the product or service, which is more damaging. Hence, financial institutions are looking for ways to reduce the drop-off rates. In this case, the omni-channel goals of the retailer apply as well. It is also not the most effective way to determine the people that belong in the addressable market and hence will be more likely to transact with the organisation.

Financial institutions, however, are not as enthusiastic about embedding the use of social identities into their websites. Much of this is due to the mental-barrier caused by the fact that by association, we think of money exchanging hands in the context of all financial institutions and hence all parties involved suddenly become paranoid and security-conscious. This perception will start to shift as soon as financial institutions understand the difference between interactions and transactions when it comes to the use of social identities.

Governments like social as a friend

The UK Government announced in 2012 that they would press ahead with plans to allow third-party identities not managed by them, such as Facebook, to be used as valid credentials for access to government websites. This raised many questions and concerns, the most common being the proliferation of fake identities on social networks and the lack of acceptable vetting processes in place to curb and deactivate them.

The state of Washington in the United States allows residents to register to vote using their Facebook account. Unsurprisingly, there were concerns raised. But the key here is that to complete the process, users need to produce their real driver’s license or state issued ID card number.

There is an agency taking this one step further. New York City’s Department of Information Technology & Telecommunications is implementing a project that will allow residents to access their online services using their Facebook, Twitter, Google or LinkedIn accounts. They are, however, forcing the use of registered NYC.ID identities for selected services. In other words, they are enforcing that certain services require more than one social identity.

Government departments are taking a cautious approach to social identities. It may be surprising or outrageous to some that government departments are exploring the social identity option for controlling access to online services. This is understandable given the sensitive nature of the information government departments hold. Security is important, but so is usability. But as security and usability are natural enemies, the balance is the most challenging part of any social identity integration initiative.

Socially acceptable

The common thread linking the industries mentioned is that the use of social identities on websites and digital services is driven by the need to improve usability, negating the need to register and achieving a higher level of personalisation. But there needs to be a balance between the benefits to both parties in the relationship. The general population must benefit from the experience as much as the retailer, financial institution or government department. Without the right balance, one side of the relationship loses.

Ultimately, context is the key to understanding the appropriate use of social identities. While we may be happy browsing a retailer’s website logged in with our Facebook account for a personalised experience, we are not going to be making the payment with it. Organisations that get the balance right while understanding appropriate use and context can begin their social-enablement journey with their eyes open. As more start to see the benefits that can be gained, we will see our social network accounts as more than just a place to post pictures of our kids and pets.

Ian Yip is the product and business manager for Identity and Security Management across the Asia Pacific region at NetIQ Australia. NetIQ, a business unit of the Attachmate Group, provides identity, access, security and compliance management solutions.

Join the CSO newsletter!

Error: Please check your email address.

Tags online securityIan Yipsocial networking securitysocial mediaFacebook

More about AttachmateDepartment of Information TechnologyFacebookGartnerGoogleIDC AustraliaNetIQNetIQTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Yip

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts