Where is that fine line between a service that’s easy to use and safe to use, and how do we reach it?
Experts from the B2C industries, such as retail, e-commerce, and tourism, know how important it is to invest in smooth user flow, in an app that is intuitive to use, or an e-commerce website where you can easily place an order.
After all, it is the convenience of your product and service that determines whether you will have one-time customers or repeat customers, frustrated customers or delighted customers.
But, there is more to this equation than just making our products easy to use.
Not only do our services have to be seamless, but they also have to be increasingly secure.
And industries, where customers’ interaction with our services is central, are becoming more prone to data breaches.
Over the last five years, the number of attacks in retail, merchant, and financial industries has gone up. In 2014, a cyberattack at Home Depot led to 56 million stolen credit cards and 53 million pilfered email addresses. An attack on eBay in 2013 exposed data of 145 million active users. Target too has fallen victim to an attack that jeopardized its business operation and user data.
So going forward, it seems that the security industry doesn’t have a lot of time left to figure out where to draw that line of compromise between user-friendliness and military-grade security?
“Alexa, order me a dollhouse.”
Team UX supporters will naturally invest more of their efforts in creating a user-friendly solution, the one that places almost zero burden on the consumer.
Header Enrichment is on the far extreme of that spectrum. It allows for a smooth experience, never ever bothering the user. But, as we know, it is easily accessible and readable by humans, which has led the mainstream public to abandon it due to severe privacy and security concerns.
Speaking more moderately about this issue, I still believe that UX is a prerequisite for a good authentication solution. Its role goes far beyond just pretty design and fancy buttons.
In fact, good UX can help people understand why they should upgrade to the latest version of an app and what steps they can take to stay safe when making online purchases.
However, sometimes friction is important. More so in e-commerce and authentication.
Remember the incident with Echo devices, a couple of years back?
A little girl asked Amazon’s Alexa to play dollhouse with her, prompting the device to order her a dollhouse and a couple of cookies on the side. Then, when the story came up on the local news, the anchorman reporting on the story supposedly said, “I love the little girl, saying ‘Alexa ordered me a dollhouse,” triggering other Alexa devices in the San Diego area to start placing orders on dollhouses.
Although it could pass as a funny story, the anecdote actually better works as a reminder that some friction is important, especially in e-commerce and authentication. An additional step in the checkout process can help prevent the unwanted purchase and information sharing.
And the importance of friction has been recognized as more than an anecdote too. The EU’s PSD2 directive has reshaped the way online purchases are done across Europe. Consumers’ prior consent is mandatory before any purchase is made or a payment account accessed. This does add an extra step in the process but makes it more secure.
The same applies to authentication. While MFA solutions might interrupt the user flow, they serve to prevent security breaches from happening and help users double-check an action before executing it.
And in these cases, the extra step actually works as a good UX principle.
An often made, although wrong reasoning is that UX is about trimming down. Actually, UX is about pleasing user experience, both short- and long-term. And sometimes this means a bit of friction.
Pardon the Interruption
The biggest issue with poor UX is not the user’s frustration and abandoned shopping carts.
It’s the fact that poor UX discourages people from using authentication methods altogether. Once bitten, twice shy.
The poor UX triggers the vicious cycle of avoiding to keep up with the safest and most updated security measures. People want to not be bothered, and they want to make their purchases and log into their social media accounts fast.
And you’d be surprised as to what it is that people perceive as too complicated.
According to Google, more than 10 percent of users who tried SMS 2FA failed to accurately enter the secret code received via a message. Sure, SMS 2FA is not the friendliest method UX-wise, but if entering the code is too complex, imagine just how much frustration additional buttons or a lack of them would create.
UX Matters as Much as Security
The security vs convenience tradeoff is not easy to settle. How to determine where you draw the line depends on knowing your clients. What is it that’s too bothersome for them? What are their usage patterns?
And while there is no cookie-cutter solution here, one thing holds true—UX shouldn’t be separated from security.
In fact, the worse the UX is, the lower the security will be, as users will be too overburdened to care.
And a good UX brings about a handful of benefits. First off, the lack of obstacles increases the registration rate. If planned and executed well, the UX has the potential to raise conversion rates by as much as 400%.
Second, good UX leads to higher user retention and user loyalty. The easier you make it for users to interact with your product, the more likely they are to come back.
Finally, a solid UX results in higher application usage (in particular for actions that require an authorization, ie. in e-commerce and banking). And once all these metrics get in place, the costs will go down. According to some estimates, bad UX authentication forms can cost e-commerce business $300 mln a year due to cart abandonment. That’s a hefty saving to be made.
Better UX Boosts Security in the Long Run
The usability and convenience of your product/service make a huge impact on your consumers. If implemented poorly, you could be losing a large portion of the customer base. All it takes is one misplaced button or one prompt screen too many.
At the same time, good UX helps the overall security industry in the long run.
Seamless UX can help educate people about the need to use MFA. Some companies have started encouraging people to use 2FA or other secure means through a system of rewards. MailChimp, for example, gives 10 to 15% discounts to accounts using 2FA.
The bottom line is that UX matters just as much as security factors.
And whichever solution you go for, you shouldn’t compromise UX for the sake of security.
In fact, I believe you need to have both.