Home Did you know ? Making Authentication Safer and Simpler for Customers

Making Authentication Safer and Simpler for Customers

by Mic Johnson

How to make the user experience better for your e-commerce? The simplest answer is to minimize the moves for the customer, so they authorize and proceed to shop in minimum moves. On your side, there are security measures, including safe payment gateways, device fingerprinting protection, secure data storage, and so on. 

Authorize Quicker

We all want things done faster, that’s human nature. So make registration and authorization quicker by including only the most necessary steps. They usually include creating a login and password, entering contact information (like an email or a phone number), and validating it with a special message or code.

You can also allow third-party authentication. The most popular services to authorize through are Facebook, Twitter, Google, and Apple. The advantage of using these is also about safety: services like this have already done a lot of work to ensure it.

Store User Data Safer

The first rule of safety (too often neglected) is to never store passwords in plaintext form. They should not be exposed, so storing them openly is an unaffordable risk. Instead, you can opt for storing hashes for these passwords; a password cannot be recovered from a hash, but the right hash will respond to the right password. In addition, it’s a good idea to rehash passwords periodically.

It’s good to generate random passwords because (no offense) users too often create too easy ones. Look at any list of the most popular passwords: “123456”, “qwerty” and “password” still top the charts. But avoid creating very similar passwords that differ in one symbol only. 

Fraud Prevention on the Merchant’s Side

It’s your work to make sure transactions work out smoothly. So you need to provide a reliable payment method, or even several, to make transactions easier for a customer. Will they need one more authentication? Yes, they will. Even if the customer logs in with their Bank ID (which allows access to their bank accounts), any payment will require confirmation. And it’s rather a good thing, as it improves security and prevents fraud based on identity theft.

If a user’s password has been compromised, they need a possibility to change it with one click. That’s why the link allowing users to reset the password should be only available through their email, or with a code sent to a mobile device.

When it comes to chargeback fraud, though, you as a merchant are the target (regardless of whether it’s a friendly fraud or the card that’s stolen). Chargeback prevention systems save your profits, as well as your customers’ reputation, in case they claim chargebacks without sufficient reasons.

Know Your Customers

KYC procedures require that you collect certain data from your customers. Names, street addresses, phone numbers – that is only what you want them to enter manually (along with data collected from device fingerprinting). It makes the registration process longer, we agree. But there are ways to simplify that.

For example, more and more countries introduce Bank ID systems that allow customers to authorize with their bank accounts (like they can with Facebook or Google). The advantage of this method is that entering most customer’s details is not necessary: they are transferred and confirmed by the bank automatically. These details are consequently used in device fingerprinting, which makes the system more efficient. At the same time, it makes payments simpler, as your bank ID usually contains your credit card data.

Let Your Customers Know

We’re all talking about KYC, but there are things your customers should know about you as well. Or at least about security measures they have to take to stay safe. You can use the most advanced hashing to protect their passwords, but you cannot prevent leaks if customers themselves give out their passwords – intendedly or by just storing and sharing them in plaintext. Neither are you responsible for identity theft: it’s the customer’s duty.

So, what can you do to raise awareness among your customers?

  •  Write readable security instructions for them to read as they register. Don’t go for sheets of text: a list of simple rules is better.
  •  Explain the benefits of two-factor authentication. Multi-factor authentication reduces risks thousandfold, and two-factor is the simplest sort of it.
  • Remind them to change their passwords periodically (every six months, for example). And do it as soon as you learn your customer data has been compromised somehow.
  •  Let them know that their other credentials (like email, social media, and so on) also need protection. Tell your audience to check whether their passwords have been compromised and remind them to change the passwords periodically as well.

With E-Commerce Comes E-Responsibility

It’s just an overview of what you can do to make it safer for your customers. Still, there are ways to improve the experience for everyone and see them returning to your store for more. Most solutions are already out there: you only need to find whom to turn to in order to implement them.

Found it useful? Then share it on Facebook, Twitter, or whatever social media you use, so your friends can read it too. Or leave a comment if you have some information to add or a question to ask.

You may also like

Latest Hacking News