A Call to Action to Businesses: Adopt a Consumer Protection by Design Mindset

“When businesses and service providers adopt digital technologies, they typically look only at the productivity gain and other benefits from an enterprise perspective. But when customers and associated stakeholders are not the primary considerations for the design of digital applications, this becomes a big problem,” says Ng Hoo Ming, President of the ASEAN Chief Information Officer Association (ACIOA).

Ng was highlighting the complexity of today’s digital landscape and how current practices don’t offer adequate protection to customers.
 

Trust in an evolving digital landscape

He used the example of a bank to drive his point home: “When you put the money in a bank in the past, the only way to withdraw your funds was to visit a bank branch or use an ATM, which is built on a closed, highly secured system. If there's a bank robbery, fraud, or the teller disburses money by mistake, consumers are not expected to pay any damages.”

However, the situation is radically different in the digital sphere now. Ng pointed to the complex landscape of scams where the onus is on the consumer to stay abreast of the latest shenanigans employed by cyber criminals to take over their bank accounts. 

“Trust will be eroded if there's no assurance that my transaction is secure. And when trust is eroded, consumers will increasingly not trust digital systems; they may not want to embark on the digitalisation journey.”

Implicit to such an outcome would be the problem that widespread distrust of digital ecosystems could cause at a societal level. This extends beyond banking and includes digital e-commerce platforms, digital payments, and mobile applications, to name a few.
 

A responsibility to secure transactions

Ng says there is a pressing need for a deeper discussion about enterprise cybersecurity responsibilities and how businesses can do more to protect consumers. After all, enterprises implement robust cybersecurity measures to protect their employees – why not do more for the customers that they say are important to them?

“Consumers have no choice but to embrace digital technology for many day-to-day tasks. In that sense, whoever develops the digital solutions has a responsibility to make sure that transactions stay secure.”

Ng lauded the shared responsibility framework for phishing scams currently proposed in Singapore. The framework stipulates certain responsibilities for financial institutions and telecommunication firms (telcos), making them liable should they breach their duties – the consumer remains liable for the loss in situations where both banks and telcos have fulfilled their duties.

“I think it's a good start. But it’s not enough to address today’s sophisticated, pervasive attacks on consumers. Law enforcement, regulators, and service providers, there's a need to work more collaboratively,” he said.
 

A digital hub for trust

Of course, our highly interconnected world does mean that illicit cyber activities will invariably take place in another country. And tackling cybercrime across borders can only happen when countries work together, says Ng.

“Like-minded countries must come together to prevent or stop cyberattacks. On the other hand, a country that is not serious about cybercrime, or one that allows hackers to hop through their Internet gateways where they attack other people, I think there should be some consequences.”

In his view, nations that do more for cybersecurity and that prioritise consumer protection could be recognised as trusted digital hubs. How would that benefit them? Ng pointed to Singapore’s reputation as a leading air hub and exceptional port, observing that it had brought various tangible benefits such as the expediting of shipments through customs with certain countries.

Another possibility is for governments to establish a secure digital environment. As an example, he pointed to how the Cyber Security Agency of Singapore (CSA) is currently working with Google to identify and block malicious apps.

Moving forward, Ng called for the adoption of more proactive strategies: “Governments could provide a secure applications environment for all its citizens. It’s completely possible from a technology and technical solutioning point of view; it's not rocket science.”
 

The road to customer protection

One way to persuade private enterprises to do more to protect customers would be to develop a set of corporate cybersecurity responsibilities as part of their corporate reporting. This could be similar to ESG reports today, says Ng, and serve to inform consumers of the measures put in place to actively protect their interests.

“This ‘Corporate Cybersecurity’ guideline can serve as a benchmark to measure the cybersecurity of the organisation, including how it protects its customers,” he says. Over time, this could serve as a badge of honour that customers will look for when deciding the brands they want to patronise, starting a virtuous cycle of organisations putting customer protection at the forefront.

Indeed, consumers might well be willing to pay for a more secure experience, Ng suggested. He compared it to purchasing a vehicle, where basic features such as seatbelts, functional brakes, and perhaps two airbags are expected.

A more safety-conscious customer might opt for the advanced brake kit and additional airbags – and be happy to pay for them. Ng puts it this way: “If you have a better and more secure means of authenticating, I think some consumers will be more than happy to pay for it.”

Ultimately, the industry must work towards greater maturity and inclusiveness on the customer protection front. “Businesses must take care of not just their corporate infrastructure, but also adopt a more customer-centric approach to protect consumer transactions, instead of pushing the responsibility back to end-users,” Ng summed up.