Consumers Don’t Loathe Security, They Loathe Mystery

Consumers Don’t Loathe Security, They Loathe Mystery

The customer isn’t leaving the security process; they’re leaving the experience. When the security aspect of the experience is visible, understandable, and relatable, it’s not a barrier; it builds trust.

But the notion that security impacts conversion has become the established truth in digital strategy, especially in high-friction industries such as financial services, healthcare, and retail. The logic behind this is reasonable: the more steps in the process, the more likely the customer is to drop out.

The reality, however, tells a much different story.

The Misdiagnosis of Conversion Friction

For a long time, organizations have seen authentication as a delicate balancing act. Making it more secure has traditionally meant that it is also more inconvenient, and so a lot of thought has gone into hiding security wherever possible.

However, this has been found to be counterintuitive. According to data from the Thales 2026 Digital Trust Index, more than two-thirds (69%) of consumers trust companies more when multi-factor authentication is implemented. A similar number (68%) of consumers trust companies more when they use passkeys.

The numbers speak for themselves: security doesn’t hurt conversions; it strengthens them.

Visibility Drives Trust, Not Just Protection

Trust is not only based on technical measures, but perception also matters. When users see authentication mechanisms they are familiar with, they perceive it as a measure of competence.

No longer are MFA and passkeys considered niche technologies; they are considered part of the mainstream digital experience. This is important because it helps users feel secure in their accounts, especially amid rising threats such as phishing and account takeover.

On the other hand, invisible or poorly explained security measures may cause uncertainty. Users may be unsure of what is going on behind the scenes. In short, security has to be seen to be effective.

The Real Conversion Killer: Unjustified Data Requests

If it is not security, what is it? The answer lies in how organizations handle data. Consumers tend to be sensitive to requests for personal information, particularly when they feel disproportionate. Only 7% of consumers report being comfortable sharing their national ID by default. This is one of the clearest signs of distrust in digital interactions.

Yet this is not an absolute position. When the reason for gathering information is made clear to consumers, their willingness to cooperate is greatly enhanced.

Again, the figures back this up. Consumers’ comfort with sharing sensitive information rises considerably when the reason is explicit. The Thales report revealed that when customers know why companies want their data, comfort levels for sharing national IDs rise from 7% to 24%, phone numbers from 19% to 48%, and emails from 33% to 54%.

Here is where we find the critical difference. Consumers are not loath to share information; they just don’t want to do so without context.

Unjustified information requests create friction by sowing doubt. This causes consumers to pause and ultimately not cooperate. In terms of conversion rates, this is far more devastating than requiring an additional step.

Transparency As a Growth Strategy

If mystery destroys trust, then transparency is a competitive differentiator. The Thales 2026 Digital Trust Index reveals that 66% of consumers trust companies more when privacy settings are easy to see and change. This is a business opportunity.

Transparency in privacy reflects the respect given to users’ autonomy and the confidence the business has in its own actions and the controls it puts in place. This has major implications for the growth of the business:

  • Users are more likely to convert in the onboarding process
  • Customers are more likely to engage with the business
  • Trust eliminates hesitation in decision-making

Transparency, in this sense, is not a defensive mechanism. It is an enabling one.

Reframing Security in the User Experience

To meet such demands, the way security is presented in the digital experience needs to be rethought. The aim is not to minimize the number of security steps but rather to make them understandable. This includes:

  • Explaining authentication moments: Clearly convey the purpose of MFA or passkey usage and the risks it prevents
  • Contextualizing data requests: Provide a brief, relevant description of the purpose of the requested data at the point of entry
  • Making controls visible: Ensure that privacy controls are easy to access and change
  • Using familiar mechanisms: Take advantage of well-known authentication mechanisms to minimize confusion

When security is integrated in this manner, it boosts rather than disrupts the user experience.

The Role of Passkeys in Building Trust

Among the modern authentication types, passkeys hold a special place in facilitating the transition. Passkeys solve the two sides of the trust equation:

  • Security: Passkeys eliminate the need for passwords, which are popular targets for phishing and credential reuse
  • Usability: Authentication is simplified with faster and more intuitive processes, often requiring only a single gesture

However, most importantly, passkeys are also very visible. Users understand the concept of unlocking a device or authenticating their identities using biometrics. This helps to further build trust in the right context.

For consumer-facing apps, this means phishing-resistant logins that users expect and trust, with no mystery at all.

Trust Is Built in Moments, Not Policies

Organizations often approach trust as a matter of policy: privacy statements, terms of service, and compliance frameworks. While these are essential, they are not where trust is won or lost. Trust is built in moments:

  • When a user needs to log in
  • When they are prompted to verify their identity
  • When they are asked to share their personal information

Each of these interactions has weight. Each can either confirm trust or create uncertainty. MFA and passkeys enhance these interactions when they are clear and expected. Data requests undermine them when they are confusing or excessive. This is why the belief in “security hurts conversion” has persisted. It is confusing cause and effect.

From Compliance to Competitive Advantage

Regulation has long driven advancements in authentication and data protection. However, compliance alone is no longer enough. Consumers are making their own rules for digital trust, and the rules are getting higher.

The businesses that will stand out in a crowded marketplace are those that make transparency central to their design, but this requires a different mindset. They must shift from minimizing security to optimizing its presentation, from defaulting to data collection to justifying every request, and from hiding complexity to explaining it. In this way, security is no longer a blocker; it is a demonstration of trustworthiness.

Clarity Builds Conversion

At a time when security threats and customer expectations are growing, the obstacle to conversion isn’t the presence of security measures; it’s the absence of transparency. The facts are plain: visible security measures like MFA and passkeys build trust, and unknown data requests destroy trust.

Businesses designing digital experiences today must grasp that transparency is never optional; it is a growth strategy. When authentication is visible, data collection is contextualized, users maintain control over their information, friction is reduced, trust is built, and conversion rates improve.

 

Digital Transformation Leader at Thales