This week of Cybersecurity Awareness Month focuses on allowing your users to safely explore the web, have valuable digital experience and share information online. Unfortunately, balancing user experience with web security is easier said than done.
Website owners walk a fine line between securing their site completely and enabling a fast, enjoyable user experience. Many security tools add latency and introduce friction. Users likely don’t understand the tradeoffs for data safety; they’re just frustrated that the site isn’t loading quickly.
If a site is too frustrating to use, consumers won’t return. Because of this, many website owners may choose not to require multifactor authentication (MFA). They may also decide to sacrifice some security controls, such as employing client-side code to improve performance even if it means giving up visibility and thus letting code vulnerabilities fall through the cracks. On the flip side, holes in your web app security could lead to a data breach, which can destroy your consumer trust.
“Companies need to secure their digital channels against malicious attackers without creating a negative experience for their customers,” stated McKinsey & Company. Modern technology allows you to protect against bot attacks and digital skimming, without negatively impacting the customer journey. Read on to learn how.
Strengthen security without adding friction
As a website decision maker, you know that bad bots are constantly launching credential stuffing, carding and account takeover attacks against your site and your users. So, you might decide to add verification challenges, such as CAPTCHAs or MFA, to weed out bots.
The thing is, that’s not how your customers view it. From their perspective, CAPTCHAs and MFA add unnecessary friction to the buying process. Just watch this monologue by comedian John Mulaney if you don’t believe me. These verification checks disrupt the user journey and contribute to a negative experience — and, in the words of Mulaney, make your users want to “walk into the ocean.” Probably not the reaction you were hoping for!
It’d be one thing if CAPTCHAs worked, but nowadays, their effectiveness is often called into question. CAPTCHA-solving bots and farms have become more widespread in recent years, and efforts to make CAPTCHAs stronger have only frustrated human users. In fact, data shows that CAPTCHAs drive cart abandonment and reduce conversion rates.
MFA adds friction to the customer journey. It often requires users to enter one-time passcodes (OTPs) sent to their phone or email. It’s frustrating to identify and input OTPs, especially if the OTP email or text is slow to arrive. Users who fail their MFA verification must contact support, which ends up taxing your support team. Even if MFA does reduce the likelihood of an account breach, it doesn't actually stop the influx of bots on login and authentication pages.
According to Gartner, there is a strong correlation between fraud management and revenue growth. Customers will stop visiting an online shop if it forces them to jump through too many security hoops, which negatively impacts conversions and revenue. It’s important to keep the friction you add commensurate with the value and risk of the transaction.
Make it safe for customers to enter their data
Savvy consumers pay attention to where they enter their data online. They often stick to trusted sites where they feel secure. If you ever give users a reason to question your site — whether because their own data was stolen, they received a notification of a potential breach from your legal team or simply bad press — they may question their data security and choose to shop elsewhere. Once you lose your consumers’ trust, it’s hard to get it back.
Data breaches can be scary, stressful and time-consuming to resolve. Fraudulent purchases mean users have to contact the card issuer to cancel, wait for a new card and share the new information anywhere they have recurring transactions. This may include confirming their identity, explaining the theft, reviewing potentially fraudulent transactions and discussing purchases they’d rather keep to themselves. Even if the customer does not actually lose money, the headaches and hassle may lead them to avoid your site in the future.
Keep products in stock to delight your consumers
Customers that visit your site during a hype sale hope to purchase the limited edition or highly coveted product you’re about to release. So when scalper bots deplete your inventory, your real customers are left frustrated and unsatisfied. Cybercriminals then scalp the high-demand products, such as sneakers or gaming consoles, on third-party sites.
Bad bots can make up 95% of your web traffic during hype sales, keeping your products out of stock, overloading your infrastructure and reducing the conversions of companion products like video games for the console. Sure, you’ll get the sale either way, but the negative experience for your real human shoppers will leave them with a bad taste in their mouths and a motivation to shop elsewhere next time around.
Give your customers a secure digital experience
When it comes to web app security, a positive customer experience is no longer just a nice-to-have. Today’s users expect a seamless experience and value data security, so adopting a security solution that can deliver on both counts is essential for building a loyal and happy consumer base. This means alternative human verification that keeps bots out without frustrating users. It means data protection tools that allow you to use client-side code to improve performance without sacrificing visibility. In order to preserve brand reputation, website owners need security solutions that protect both their consumer data and experience.
Want to learn more?
Read the complete Cybersecurity Awareness month blog series: