Recently, we have seen ISACA highlight the Digital Trust approach in parallel with increasing regulations in data governance in Europe. I am starting a series of articles where we will discuss the Digital Trust approach and explain its benefits for cryptocurrency exchanges based on my own experiences. Digital trust can be defined as a success criterion that needs to be achieved and maintained throughout interactions between service providers and stakeholders in a digital ecosystem. Service providers generally prefer to focus on customer-centricity. However, it is essential to establish a trusted environment that encompasses not only the customer side but also all internal and external stakeholders. For example, actions that undermine trust from external stakeholders such as regulatory bodies can undermine your claims of being customer-centric.
The millions of online commercial transactions that take place every day cannot happen without a high level of trust among relevant stakeholders and organizations. It is necessary for all organizations to establish and maintain a robust digital trust environment. In fact, thanks to data protection regulations such as the GDPR, we have gained some understanding of the importance of this and how it can be achieved.
Article 1 - A digitally trustworthy organization must use and protect customer data in accordance with their expectations and consent.
What comes next? There is confusion about what follows, and ISACA provides a comprehensive approach to answering this question. According to ISACA's publication "Digital Trust: A Modern-Day Imperative," a digitally trustworthy organization:
Has a clear and accurate understanding of what can violate stakeholder trust.
Understands the consequences of violating this trust.
Protects and respects stakeholder data privacy.
Acts ethically.
These four points highlight the key elements of building digital trust within an organization. By understanding the potential factors that can undermine stakeholder trust, organizations can take proactive measures to mitigate risks and ensure the protection of customer data. Additionally, recognizing the importance of data privacy and adhering to ethical standards further reinforces the organization's commitment to digital trust. Customers can now perform actions such as opening a bank account online without having to visit a physical branch, and it is even expected that they should be able to do so. According to Chris Skinner, people continue to prefer channels they believe to be digitally trustworthy in every situation. For example, certain age groups still show a higher interest in bank branches. Although this may not be practical, it is a preference based on their perception of trust. Research shows that 73% of people believe trust supports customer loyalty. Based on this data, we can consider that organizations need to renew their digital ecosystems entirely based on this element of trust.
If any aspect of a digital transaction fails, customers will start questioning all their interactions, such as the services they use or the products they purchase. The trust that is built in a customer's mind over time through numerous experiences and reviews can be shattered by a single mistake. When we encounter issues with a mobile application we use as customers, it is inevitable that we will have doubts about the organization and the other services we benefit from. In other words, one wrong move can outweigh dozens of correct ones.
Key Elements of the ISACA Digital Trust Approach
“Digital trust is not what we put into it, but what consumers get more out of it. Customers assume a level of digital trust and quality in everything they buy. But trust is earned and it can never be a coincidence. Gaining and maintaining trust is the result of high intent, sincere effort, intelligent direction, and skillful application. Confidence is remembered long after pitch and compensation are forgotten.” This determination belongs to Ron Lear, ISACA Vice President of Standards and Models. He crammed pages of explanation into one paragraph.
Let us now examine the Digital Trust approach offered by ISACA, based on the criteria on which this approach is based.
1. Quality
Quality affects stakeholder trust concretely as a criterion that touches all processes, products, and services managed by an organization. Quality extends from finding the product a customer wants, comparing it with alternatives, making purchases quickly and safely, and delivering the products to the right consumers in the best condition and within the promised time, even to the end of the product life cycle (EOL). We should also consider responding to customer problems and complaints when things don't go as planned. I think customer complaint management is one of the most important tests that organizations will face in terms of trust. We all have positive or negative examples of this in the past. Within the framework of my experience, I have made it a principle not to work with companies where I had problems with returning the product I bought.
2. Availability
Nowadays, a service provider should ensure 24/7 accessibility to the services they offer to their stakeholders, both within the framework of legal and contractual requirements. Inability to conduct transactions within the service conditions can erode mutual trust. In crypto exchanges, customers expect fast transaction execution. A few seconds of delay can mean missing out on significant opportunities. When you look at Twitter, you can clearly see the impact of seconds-long delays in crypto exchange transactions on customer trust perception.
3. Security and Privacy
To access the gym I recently joined, I need to download and use an application. Let's take a look at the data requested for registration in the application: name, surname, date of birth, national ID number, height, weight, health issues, etc. I have significant concerns in my mind about who else can access my data through this application and how its security and privacy will be ensured. I believe there is a high risk involved in sharing my data just to sweat on a treadmill. I have similar concerns about applications belonging to companies with which I conduct financial transactions. If these companies do not have appropriate controls to protect personal data throughout its lifecycle, consumers may face harmful, painful, and costly issues, including identity theft, disclosure of sensitive information, and financial fraud. Therefore, all stakeholders, including customers, want to ensure that sufficient care is taken in the processing, storage, and disposal of their data. Furthermore, research shows that if a company providing a product that customers are happy to use makes a mistake in protecting their personal data, customers will stop using the product.
4. Ethics and Integrity
In addition to the aforementioned factors, all stakeholders expect to be treated ethically and with integrity throughout the product or service lifecycle. If doubts arise regarding this criterion on which purchase decisions are based, and if it becomes evident that the company engages in unethical behavior in other processes, purchase transactions can be canceled, and the relationship can be terminated. For example, if a product or service is marketed with high standards of security and privacy for customer information, but the company shares consumer data with unauthorized third parties, digital trust is likely to be irreparably damaged. Recently, we have witnessed some companies having negative experiences regarding the rights of motorcycle couriers, which has caused a significant public backlash. It is likely that this issue has also had an impact on people's purchasing habits.
5. Transparency and Honesty
Open communication is a fundamental aspect contributing to digital trust. Organizations should provide provisions, terms, notifications, and other updates in a language that is simplified and easily understood by their stakeholders, explaining technical and legal concepts. In the event of a data breach, transparency is crucial for preserving digital trust. Timely and appropriate information sharing through channels that adhere to principles of transparency, honesty, and accountability regarding the nature of the incident, how it was addressed, and measures taken to prevent similar incidents is important. Particularly in situations where communication is not properly managed, simple issues can escalate and deviate from the context, undermining the concept of trust. Conflicting understandings and harm to the parties involved can occur when the parties' perspectives clash.
6. Resiliency
We have reached the final criterion. In order to maintain a healthy "digital trust" relationship with stakeholders, organizations need to ensure stability in their value creation processes and have the flexibility to overcome encountered crises. We experience an abundance of crises in our country. Even in moments of disaster, people expect the continuity of the services provided. Business continuity plans are important tools in this regard. However, organizations need to prepare and implement these plans with due care. There are significant question marks regarding how a company with a Business Continuity Policy consisting of only three paragraphs will respond in times of crisis. The term "flexibility" in the title refers to the concept of business resiliency. Stability and flexibility are essential characteristics of a well-managed organization that earns the trust of customers, employees, partners, lenders, investors, and all other stakeholders, contributing to business success. Such capacity can create new opportunities for the organization to grow and become more digitally resilient.
Finally... When we look at the 6 principles on which the ISACA Digital Trust approach is based, we can say that these are actually the expected principles for every organization, with one missing or one extra. ISACA now aims to provide guidance on how to implement these principles in terms of people, processes, and technology. As ISACA starts supporting the Digital Trust approach with implementation recommendations, approaches, and standards, we will have a clearer understanding of how this should be done.
In the coming weeks, we will organize an event where experts from ISACA Global will discuss application recommendations for ensuring digital trust in cryptocurrency exchanges. I have also been invited as a speaker to the Digital Trust World Conference - Ireland in October. I plan to deliver a speech evaluating fatal mistakes in cryptocurrency exchanges from a GRC perspective. I will be giving the speech together with a globally recognized figure in the field, but that will be a surprise. In the coming days, I will continue to provide you with new content on these topics.
Comments