How to Balance Security Needs with Customer Experience
Heightened security should not interfere with the experience of the customer
Did you know PINs were originally going to be much harder to remember?
The inventor of the personal identification number, John Shepherd-Barron, was planning on making each number six digits long. However, his wife Caroline commented that six numbers would be too hard for her to remember, so he decided to make them four digits long instead.
This is the perfect example of the balance that is needed between security and customer experience (sometimes referred to as user experience or UX). You want your payments system to be as secure as possible, but not to the point that the customer cannot use it. On the other hand, you don’t want your system to be easy to use at the risk of compromising customers’ personal data and security.
Many people think the two qualities are mutually exclusive, but you can have an easy-to-use utility payments system that keeps data secure and confidential.
Join us as we look at the things you need to consider when balancing security and UX, and how to factor this fine-tuned balance into your payments system.
What you need to consider for your utility payments system
When you are creating a customer-facing system, whether a web portal or mobile app, there are a wide range of different things you need to consider. These include:
1. Simple payment process
If you offer the ability to pay online, you need to make the process as seamless as possible. If you make it too complicated or confusing, customers may decide to pay using more time-consuming methods, like over the phone or by check.
A difficult to use interface, poorly worded language and limited payment options can result in your customers abandoning payment.
It’s vital to ensure that only the verified owner of an account can log in for security purposes. However, ask too many questions or ask a visitor to jump through too many hoops, and they may decide it’s not worth their time.
Enabling Two-factor authentication for an extra layer of security is now popular on a wide range of sites and is seen as a great blend between security and usability. Most people have a smartphone these days, so it is easy to send them an email, text or ask them to download an authentication app like Google Authenticator and this added protection is especially useful when managing administrator access.
As an additional usability measure, you will need to consider having an alternative method of authentication though just in case your visitor has left their phone at home or their battery is dead!
3. How much data you ask for
As tempting as it is to ask a prospective customer to give you as much data as possible when creating an account or submitting an inquiry, asking for too much information could not only frustrate them but also pose a security risk.
Only ask for the information you need. Unless you must have it, don’t ask for details like the customer’s date of birth or social security number. This is additional personal information you will need to keep safe on your servers and keep secure from cybercriminals.
Did you know removing one form field can boost your conversion rate by a quarter? Keep the data you need at a minimum to help with security and to boost the likelihood of your visitors carrying out tasks too.
You might want to consider using CAPTCHA code to ensure robots cannot spam your site. However, you must also keep in mind that if a CAPTCHA puzzle is too hard to solve, it can infuriate your visitors. Also, given that CAPTCHAs are a wall between users and the actions they want to complete, consider presenting CAPTCHAs only when an algorithm determines a given transaction is risky. (For example, exceeding rate limits, or accessing security-critical functions.)
How to perfectly blend security and usability in the design of your applications
In the early stages of designing an application or new features, there are many things you can do to ensure customer experience and security are at the heart of everything you do. Here are some tips to help you perfectly balance the need for both.
1. Get everyone involved as early as possible
Don’t make security or design an afterthought; get everyone who needs to be involved in the design as early as you can. Arrange a meeting between your UX and security teams ASAP.
That way, everyone can work together to see what needs to be done from both a UX and a security perspective and understand the issues both sides face. If your designers understand more about security issues, they will be able to factor this into their work and vice versa.
2. Plan ahead and mitigate any risks
You need to work out your processes from the start when planning for a new application.
- What information do you need to capture?
- Where will you store this data?
- Will you back up your information on a regular basis?
- What will you do if there is a data breach?
- What workflows will be in place?
Planning ahead will enable you to discover any risks and help the relevant teams to troubleshoot any problems. After all, it is better to identify any issues in the planning stage than for a customer to find them when you’ve launched.
3. Have regular meetings
As well as the initial scoping meeting, make sure your teams meet regularly through the development process so the relevant people can voice any concerns or issues they have.
Even with a thorough risk assessment in place, some problems can still make themselves apparent as development progresses and will need to be resolved.
4. Test, test, and test again!
Before you go live, make sure you thoroughly test your application to make sure it is not only easy to use, but all data is securely stored away. That way, your team can fix problems or flaws before you go live.
Test across all operating systems and mobile phones to ensure the experience is a smooth one regardless of the platform your customer will use.
If you can, test the solution as extensively as you can with your customers. Sometimes when you are close to the development process, you can overlook issues, but testing with your target audience will help you ensure you are aware of what frustrates your customers the most.
5. Tell customers why you have processes in place
Sometimes (no matter how hard you try) you can’t make security processes any more straightforward, and that’s okay. In this situation, you need to tell your customers why this is the case and ensure they know what they need to do.
For example, you may ask customers to create passwords with capital letters, numbers, and special characters in them. This may frustrate customers, but it is something that is vital for account security and to prevent cybercriminals from cracking passwords.
Explain to customers why you require such stringent measures and put clear and friendly validation rules in place, so they know what they need to add if their password isn’t quite secure enough. Sometimes it’s not the creation of the complex password that causes vexation, but not knowing whether they have an adequate password or not.
Never use fear as a tactic to encourage a customer to carry out a process. You want them to have an enjoyable experience using your system, not a stressful one.
6. Don’t forget to adapt with the times
When your site has gone live, you may think that is the end, and you can rest easy. However, you need to continually review your application to ensure it stays both secure and usable.
For example, if security regulations in your state or country change, you will need to consider this and retest your site to make sure any security amends made do not have an impact on UX.
Don’t think of security and user experience as a trade-off. You can have an application that customers love using and is also safe and secure.
It may make you feel better to know some people do appreciate a little friction when they access a system. Experian carried out some research and found two out of three people don’t mind a few security hurdles as it makes them feel their data is better protected. So don’t worry too much if the UX experience is not as seamless as you would like it to be as it is more about striking the right balance between security and the UX.
Remember the best way to combine a secure and user-friendly system is to plan ahead as much as possible. Get everyone who needs to be involved in the project from the start and don’t forget to keep checking to make sure your application provides the best of both worlds.
It just takes a little bit of preparation, cooperation, and testing to ensure both boxes can be checked and your users are happy.