We interact daily with Customer Identity Access Management (CIAM) systems from different providers, but typically, we do not realise how often we log into various applications. Every successful digital service company strives to do its best to keep us constantly logged in to grant a good, safe, and data-rich digital experience. This white paper focuses on how to drive digital engagement with a fine-tuned CIAM strategy that balance between customer experience and the security/compliance aspects, keeping in mind the special needs of the Pharma and MedTech industries.

Verification, it’s all about balance

When we log into a website or music app or check our electronic bank account, the CIAM ensures our user credentials are correct before being authenticated. In other words, the system answers the question, “who is this user”? However, most of the time, the question that is asked is: “is this the same user as last time”? In fact, the service doesn’t need to know who we are in real life. Most sectors value robust authentication mainly to build a strong profile, while strong verification (“is the user really who he says to be in real life?”) is industry-dependent and needs to be tuned to its environment. Users/customers are often unaware of the decisions happening in the background, even though they greatly influence the experience. While we would naturally be annoyed to upload a copy of our ID to buy a new pair of shoes, doing so when opening an electronic bank account seems acceptable as it can provide a sense of security.

Unlike digital service company leaders, Pharma and MedTech have regulatory constraints around commercial messaging that bring special requirements on how, when, and how strongly users of digital platforms are verified. In addition, Pharma builds on an existing customer database and matching those records to a digital user is a critical yet cumbersome process. But Healthcare providers (HCPs) are not different from normal digital users/customers. They appreciate experiences composed of few clicks, little personal information asked, and a high-quality service in return. In addition, unlike with banks, they will not perceive the added value from high-accuracy verification when signing up for a digital service offered by Pharma.

On the contrary, Pharma and MedTech companies need to comply with regulators and want to benefit from connecting “online and offline HCPs”. In other words, the benefit is mainly on the company side. This leads us to the dilemma of ensuring high verification accuracy while reducing friction associated with prolonged and cumbersome sign-up procedures.

Therefore, we address the following recurrent topics when discussing the verification accuracy dilemma with our clients:

Progressive HCP Verification

Allowing the verification accuracy to gradually increase as the user’s digital experience grows comes with several benefits:

Improved conversion: By starting with low levels of verification accuracy for casual interactions and gradually increasing it as the user becomes more familiar with the service, companies can provide a more seamless and enjoyable user experience. This helps reduce friction and increase user engagement/conversion.

Enhanced security/compliance: By starting from lower levels of verification accuracy and gradually building up through well-defined roadmap, companies can ensure that they provide a compliant service without sacrificing user experience.

Better data quality: By gradually increasing the level of verification accuracy over time, data will flow through more checkpoints, enabling easier monitoring and higher quality

Social login with 3rd party identity providers

Also using social login or 3rd party identity providers is a topic our customers often are faced with. There are several key factors to consider when using social login:

• User experience: It typically requires just one click to sign up, but it can also create challenges if users are logged out, as the company won’t be able to provide support. Companies must also work on their customer service capabilities when using these methods. In our experience, using "passwordless" authentication (i.e., biometric data, security keys, or one-time codes sent via email or SMS) can help significantly in these situations.

• Data ownership & privacy: Social login allows users to sign up for a service using their existing social media accounts, but it results in the social media platform owning the customer data. As a result, this can pose a concern to companies that want to ensure ownership and control over their customer data. Data ownership and the impact of data privacy regulations (e.g., GDPR or CPRA) should be clarified in advance.

• Mapping existing customer records: Empirical evidence shows that social logins yield more precise identity information when compared to free-form input fields, thus providing valuable data points for linking digital identities to an organisation's customer relationship management system.

A Pan-industry authentication platform

Some customers have suggested implementing a cross-industry (third-party solution) for HCPs’ identity management. While this likely would reduce the registration barrier for HCPs, currently, there is no solution on the horizon that could be deployed soon enough to deliver what companies need now. Furthermore, such a pan-industry solution could also bring the following challenges:

• Project size: The scope of this kind of project must not be underestimate. Legal considerations, business process integration, stakeholder management, conflicting requirements, and unrealistic expectations are only some of the factors contributing to delays and increased risk of having an outdated product at the time it is launched. Many industries have tried launching a digital identity in the last year, but only few succeeded.

• Operational complexity: The operational complexities of a company-shared pan-industry platform should not be underestimated. CIAM solutions are the gate to a company's digital offerings and require a solid customer operation (i.e., to support with login issues or data privacy- related requests. This would need to be kept in mind when designing a pan-industry solution.

• The potential impact on user experience: A pan-industry solution could also have a negative impact on user experience if not designed and implemented harmoniously with the companies’ digital offerings

• Missed opportunity: Customer data is the most important piece of a successful digital transformation puzzle, and companies must ensure they own it from the beginning.

All the above topics are good starting points; however, they are not solutions to the problem. We, therefore, strongly recommend that Pharma and MedTech companies do the following:

• Act now and do not wait for the ideal solution that will provide authentication to all HCPs for all companies.

• Develop methods to digitalise your customer base as quickly as possible by personalised invitations to value-adding digital offerings.

• Work with a multi-level verification system that allows customers to quickly register and only ask for additional verification when the benefit is clear to the customer.

• Introduce modern authentication methods such as passwordless, which can reduce CX issues introduced by social logins.