With much recent attention of OpenID swirling around the social media space, there are opportunities and lessons the ecommerce industry can use from the tremendous momentum and adoption of this open authentication standard. Ecommerce organizations are continually trying to streamline operations, cut down on SG&A, and provide better overall customer experience. In a more difficult economic climate, high dollars spent on call centers, often for basic maintenance activities (lost username & passwords, etc.), are (and should be) a target where companies can improve their processes via open technologies while decreasing customer frustration, lowering SG&A, and returning those savings back to a deserving consumer. There are countless scenarios where open principles can be applied for the benefit of the user and the company. This is a hypothetical project with a simple authentication alternative using OpenID.
The Scenario
XYZCompany.com is initiating an enhanced rewards program with member accounts and physical rewards cards available for use in store or online. To ensure the rewards cards are not being used fraudulently, or for password changes or balance transfers, fraud requirements state that 5 challenge questions need to be created upon sign up to authenticate the user for account administration. If you’ve experienced the joy of online banking or bill pay (or many other services for that matter), you’ve undoubtedly run into a scenario like this setting up an account. Not only is the user spending significant time filling in account details, they’re also being forced to provide answers to a series of security challenge questions. These questions are often “favorites” that, while providing non-searchable/hackable answers, will undoubtedly change over time and be forgotten by the user.
Figure 1. User view of signup form utilizing security challenge questions. User is asked to provide answers to random challenge questions when setting up account.
Figure 2. View of challenge form when user logs in from an unrecognized machine.
Figure 3. Failed challenge questions results in an additional attempt.
There are inherent consequences to this method of authentication. Users who have not logged in recently usually forget the answers to challenge questions, which can result in error messages requiring additional attempts, or being “locked out” of their account for a period time until they are once again allowed to authenticate against another series of questions. In a majority of cases, the user then contacts a customer support line or call center to address the situation. This costs the user time and hassle while the company incurs unnecessary administrative overhead and customer complaints. It can get even worse — users may feel that these methods of authentication are too burdensome and choose not to sign up for the program at all, or some stop shopping the site altogether.
An Alternative Approach Using OpenID
Figure 4. User given option to log in using OpenID.
Figure 5. Simple account login using OpenID
OpenID can provide a simple remedy to the potential user problems in this scenario. Users will still fill in basic account information, but their account authentication will be administered via OpenID, which they could use on other sites with a single user name and password. The OpenID login box is a simple alternative to the 5 security questions — providing a single, more memorable input. When the user comes back to administer their account, they complete one sign in with their OpenID and avoid questions that could cause unnecessary confusion and delay.
Benefits For All Parties
In this pseudo-scenario, both the company and consumer benefits from easier account management through OpenID.
Company:
- Balance between necessary data gathering and fraud protection
- Reduce the number of calls to the help line, which helps reduce operating costs and keeps lines open for people who may be ordering product
- Benefit from increased customer participation and satisfaction
Consumer:
- One stop shop for identity authentication: use on multiple sites and “take it with you”
- Decrease personal time investment
- Easily acquire well-deserved rewards