Customer Identity and Access Management (CIAM)

Understand the differences between CIAM and IAM and why it matters.

modern architecture
Radial circle

Four key considerations for customer identity management


1. Customer experience is the extra factor that distinguishes customer identity management from access management.

2. Customer identity management is driven by the need to prevent fraud and comply with anti-money laundering regulation.

3. Customer identity management must work across the customer lifecycle, and there are different requirements for new customers and those accessing existing accounts.

4. IT system security is a must for cybercrime prevention, but for customers it’s a hidden hygiene factor.

What is CIAM?


Customer identity and access management, also known as CIAM, extends identity and access management (IAM) from the realm of businesses and employees into the relationships that exist between service providers and customers. This is particularly important in financial services organizations, such as banks, where getting it wrong can lead to fraud losses, anti-money laundering enablement, and poor customer experience.

IAM essentially focuses on ensuring that employees cannot access parts of the business IT real estate they should not. When it comes to consumer-facing financial institutions, the need to balance customer experience with security takes customer identity management a step further, and they must: 

  • Be able to prove the identity of new applicants without putting unnecessary barriers in the way of legitimate applicants.
  • Ensure that every time a customer uses their account, they are able to do so without unnecessary friction.
  • Ensure that the information about each customer is kept safe from criminals. 
  • Facilitate access to systems customers need and keep them away from those they should not access.

Effectively implementing both customer identity management and access management and getting both to work in harmony is crucial when you need to control fraud and cybercrime and yet still offer legitimate customers an excellent experience.

How customer identity management and access management must work together


Customer identity management (CIM)

Customer identity management is the process of confirming the identity of the person trying to open an account or access an existing one. CIM aims to meet regulatory requirements — particularly those related to financial crime compliance, fraud prevention, and risk management. 

Simultaneously, it should also make it easier for legitimate, law-abiding customers to carry out digital tasks without any friction. This can often be a difficult balance, but it’s one that organizations must get right to be successful. 

For example, a financial institution must make their login processes to their online banking system safe. They must do this by building adequate security protocols that require customers to use techniques only they will be likely to execute properly in order to log in. 

They must also ensure that the safety protocols don’t compromise the fast, frictionless experience of logging in to an online account, which customers have come to expect. 

Today’s environment makes customer identity management increasingly difficult to implement. This is an area regularly targeted by fraudsters and money launderers and, as a result, is put under serious regulatory scrutiny.


Identity access management (IAM)

Identity access management primarily focuses on controlling the users’ permissions to access and use different areas of systems rather than checking their identity. The name can be slightly misleading, as to some it can refer to the elements of customer identity management. 

IAM relies on the correct utilization of resources and implementation of permissions to ensure each user is correctly allowed into or restricted from entering certain areas of a digital system. 

For example, once a user has cleared the security protocols, the information on their account should determine where in the system they are allowed to be and when. If they have both a personal and business account with the same financial institution, each account is separated within the app. When logged in to their personal account, they won’t be able to access their business’s cash flow report, and when logged in to their business account, they won’t have access to their personal expenses. 

The permissions in place work with the information provided at the login stage to enforce this.


Together CIM and IAM are CIAM

CIAM is the combination of both CIM and IAM, within customer-facing environments. The phrase, as we mentioned before, can be confusing, particularly to IT, cybersecurity, and risk compliance professionals. A good way of separating the two is:

  • Customer identity management is more of an issue for anti-fraud, financial crime compliance, and risk professionals. They must ensure that only the correct people can gain access to or use accounts. The question answered here is, “Is this my customer?” or “Who exactly is this person?” 
  • Identity access management is more of an issue for IT professionals. They must build, maintain, and iterate the internal systems that manage access control. People should only be allowed to access the areas of the system appropriate to them. The main question answered here is, “Should this person be in this section of the system?” 

There is a close overlap between the two. For customer identity management, customers need to have a pleasant experience when signing in. They also need to feel that the level of security required to log in is adequate to protect their information. Organizations must strike a fine balance between customer experience and security to acquire and retain customers.

For access management, the details customers use to log in with must match with the permissions built into the system. This process also is a fine balance between a seamless experience for the customer with enough security to ensure criminal activity is stopped. 


How customer identity management stops fraud

Done correctly, customer identity management helps organizations manage fraud and financial crime across the customer lifecycle.

This approach is crucial in the fight against:  

Application fraud

It is now possible to validate identity documents via data extraction from a machine-readable zone, chip, and text and corroborate the information with third-party data sources. Further checks using holograms make sure the documents provided have not been tampered with. 

Identity verification can also be completed using AI and machine learning technology. This enables customers to take a photo of themselves to match their faces to the documents that they have provided. 

Account takeover fraud

CIM confirms that only legitimate customers are using their accounts and making transactions. It can conduct identity authentication with robust and nuanced decision making about when and how to step up authentication.

It meets the requirements of strong customer authentication using the factors of: 

  • Inherence — including physical and behavioral biometrics
  • Possession — including device intelligence and secure delivery of one-time passcodes
  • Knowledge — including the execution of secret questions

KYC and compliance

The correct implementation of customer identity management also enables organizations to meet KYC requirements for regulatory compliance, which reduces the risk of organizations being fined by regulators and/or having their brand reputation damaged, which can also have a severe financial penalty. 

How FICO can help you with customer identity management

FICO offers customer identity management solutions, including:

  • Identity Proofing — Applicants can use their mobile phone “selfie” technology and their identity documents to prove identity documents are valid and belong to them.

  • Identity Authentication — Confirm the identity of returning customers and meet the requirements of strong customer authentication with layered protection including:
    • Facial biometrics
    • Device recognition
    • Behavioral biometrics such as keystroke analysis
    • Delivery of One Time Passcodes (OTP’s)

  • Application fraud detection — Machine learning algorithms use behavioral analytics in real time to determine the likelihood of an application being fraudulent.

  • Identity resolution — Advanced fuzzy matching technology works in real time to uncover the links between applications and accounts. Variations on the same name, email address, or home address used in multiple apparently unconnected applications is indicative of criminal activity.

FICO’s customer identity management solutions work alongside access controls to provide the best possible protection for accounts and systems. 

Our platform approach is open and extensible, allowing you to integrate data from your own data sources and multiple third-party data sources, including API access to third-party identity solution providers. All identity decisions can be based on the best possible information in each circumstance. 

For more information read our executive brief or click the link below to speak to one of our experts.

Contact Us

Connect with FICO for answers to all your product and solution questions. We look forward to hearing from you.