Abandoned shopping trolleys are ugly. They’re a blight in the online world as well as offline. Every year the average consumer abandons 16 digital trolleys because they have forgotten their password.
For an e-commerce provider, this is not just a lost sale (over 50% of transactions are impulse purchases) but potentially a lost customer.
Research shows that most Gen Z customers (born from 1997 to 2012) won’t bother resetting a forgotten password. They just forget it and move on. And they’re not the only ones: 1.2M rejected transactions worth more than £100M in February 2021 alone clearly show the large body of poorly optimised solutions.
So in lost sales and lost customers, passwords are directly costing online operators millions of dollars every year.
The rise of data breaches
The average American has 28 online accounts and over 100 passwords. 66% use the same password for most of these accounts. That makes it easy for hackers to access data and commit fraud. Since the lockdown, more customers are swapping brick-and-mortar stores for the online shopping experience. As a result, online fraud has increased: In 2020, £376 million were lost to online fraud. The U.K has now introduced the so-called Strong Customer Authentication (SCA) to combat the rise in account takeovers and online fraud and protect retailers as well as customers.
Since online fraud is increasing, many governments now require stricter online checks and two-factor authentication (2FA) to keep customers and businesses safe. These extra security checks are necessary, but they increase customer friction and cart abandonment as a result.
How can two-factor authentication help?
Most customers still only log in to a retailer website via a username and password. 2FA requires an additional log in credential beyond that to access your account. Getting that second credential requires access to a device that belongs to you. Typically, that is your smartphone or laptop. 2FA then uses so-called “adaptive authentication”. It creates a user profile that includes their geographical location, registered devices and IP address. The system then assigns a risk score to the login attempt and decides if additional authentication factors are needed.
Even if a hacker gains access to a password, it is not enough to access that account. Two-factor authentication adds another layer of security - but at a price.
Why is 2FA so unpopular with customers?
Today’s customers expect a high-quality, seamless user experience, and additional security measures like 2FA are standing in the way. These systems tend to be tuned relatively high to increase effectiveness. They often add other authentication steps in relatively mild cases. That irks customers and often leads to cart abandonment.
Rates of 2FA adoption are extremely low across the board. In a 2021 report, Microsoft disclosed that, when asked to verify themselves using Strong Customer Authentication, 14% of European customers abandoned the transaction if using a browser. 25% left it if using an app.
Microsoft also disclosed that only 𝟐𝟐% of their Azure’ Active Directory’ enterprise clients had adopted 2FA. A whopping 𝟕𝟖% still rely solely on usernames and passwords.
Other companies face the same problem: Social media platform Facebook reports that only 4% of its users rely on it. On Twitter, it’s 2.5%.
Even developers frequently don’t bother with MFA. Node Package Manager is the Internet’s largest repository of computing packages, and just 𝟗% of its users log in via 2FA.
This data is typical for all industries and a symptom of the users’ dismal customer experience.
Fingerprints for 2FA
Biometric authentication is appealing from a customer experience standpoint. Simply press your finger on a specific button, and you can access your device.
However, these systems typically ask for a password if the biometric authentication fails or is unavailable. As a result, they do little to reduce the threat of bad passwords.
Biometric data also raises a security question: since it can’t be changed, what happens if it falls into the wrong hands? We leave samples of our fingerprints everywhere. Touching a drinking glass or laptop screen is all it takes for someone to take your fingerprint. Copying them requires only tape, a laser printer and PVA glue. And like all biometrics, you can’t delete them. Changing a face is much more complicated than a password.
The recent Biostar 2 breach exposed the biometric data of more than a million users. That highlights the security issues if data is not properly encrypted.
For these reasons, reliance on a device-based fingerprint biometric alone isn’t a good idea. Services should only use it as part of multi-factor authentication, such as MIRACL.
2FA needs to be more user friendly
What’s the solution? Steve Jobs once said, “you’ve got to start with the customer experience and work back toward the technology- not the other way around.”
With this in mind, here are some easy observations:
The system shouldn’t rely on a password
Most customers will choose a password that’s easy to guess or one they use for multiple accounts. That increases the risk of fraud and financial loss. Suppose a customer doesn’t visit your retailer website regularly. In that case, they are likely to forget their password and abandon the sale as a result.
It shouldn’t depart the user from the original screen
The average person has between 10-20 open browser windows at any given time. Forcing them to switch between them to close a sale creates unnecessary friction in the sales process.
Authentication should take seconds
The longer security checks take, the more likely it is that customers will leave the website and go elsewhere.
There is no need to require the use of a second device
The last point is vital for retailers. In retail, staff often uses more than one device to handle transactions, and the loss of one gadget can seriously affect the overall sales process. Retailers need a reliable system that can function even when devices don’t.
How can MIRACL help?
With MIRACL, we designed an MFA that is easier to use than passwords while also being more secure than multi-step multi-factor authentication.
The drive to improve user experience does not mean a compromise in security. MIRACL enables a single-step MFA in 2 seconds. This easy and fast security feature stops more customers from abandoning their cart and improves sales conversion. MFA security can also prevent an account takeover.
The result is that on average, across all our customers, 𝟗𝟗.𝟗% 𝐨𝐟 𝐥𝐨𝐠𝐢𝐧 𝐚𝐭𝐭𝐞𝐦𝐩𝐭𝐬 𝐚𝐫𝐞 𝐬𝐮𝐜𝐜𝐞𝐬𝐬𝐟𝐮𝐥.
MIRACL is the best way to ensure your customers aren’t one of the 37% headed to another retailer to complete their purchase.
To receive more information about MIRACL solutions, case studies and single-step MFA,subscribe to our newsletter.
To see how MIRACL can improve your company’s security while creating a painless login process for your customers or employees, schedule a demohere.