How can retailers secure online transactions and make the experience easy for customers?

Retail is the third most-breached business sector. Despite the risk, merchants have to balance protection with convenience.

It’s no surprise that online identity fraud and data breaches remain top of the list for retail concerns. According to the recent Symantec Internet Threat Report, Retail is the third most breached sector – with almost 10 percent of the reported cases.

In 2015, 95 percent of web application breach incidents that Verizon investigated involved hackers impersonating users with stolen login credentials.

Who deals with the fraud if a retail account is breached?

Online identity fraud is most commonly associated with credit card fraud. The card holder is either notified by the card issuer that there have been suspect charges on their card, or the card holder finds some unusual charges on their bill. In either case, the fraud is usually resolved between the consumer and the credit card company.

We’ve also seen consumer loyalty programs under attack in the past few years.  But what happens if a hacker breaches a customer’s retail account — the accounts that are set up when prompted in the process of making an online purchase?

As a business, are you storing credit card information so customers can make “one-click” purchases?  Do you allow customers to purchase goods and services and have them delivered to different addresses than the billing address?

How do businesses ensure that the user making these purchases is the actual account holder?  If it’s not the account holder, who then must deal with the fraud claim – the business or the credit card company?  Who is the customer going to blame for the fraud?

Lessons learned from payment card industry

As retailers address the security of their eCommerce and loyalty program sites and apps, they can look to the payment card industry for best practices and lessons learned in combating online identity fraud.

The credit card industry has long been a target for fraud and has deployed an array of technologies to fight it, especially for online purchases. However, they also learned that increased security can also lead to transaction abandonment and lost revenue when too much friction is introduced into the process.

In order to take full advantage of the eCommerce opportunity, retailers must open up their traditional boundaries and connect valuable and sensitive data to the outside world – it’s what today’s consumers expect and what app-based competitors are already doing.

People expect the convenience of being able to buy goods and services, make reservations, book travel, and share experiences with social networks from home, the office or on the road.

While retailers work feverishly to answer the demand, they are acutely aware of the extreme security threat involved in enabling these digital transformation initiatives.

Introducing Consumer Access Management

What’s needed is a more comprehensive strategy—one that not only simplifies the access management experience for consumers and business partners, but also ensures privacy and protection of sensitive data. CA refers to this as Consumer Access Management, which delivers three key capabilities:

  • Social Registration
  • Single Sign-On and Federation
  • Context-Sensitive Security


Today, the user experience (UX) of an app has come to embody the characteristics of a product or service that are important to the individual. It’s the recognized feeling one receives when interacting with your brand and the lasting memory the individual has after connecting with your business.

This influences their loyalty and willingness to recommend your brand to others in their social network.

The ability to engage and transact with minimal clicks has changed the mindset from show me everything I “could” do, to show me only what I “need” to do. Consumers want a frictionless transaction experience, and sometimes the best security intentions get in the way of a great customer experience.

As crazy as it sounds, the very thing protecting consumers can have a negative impact on their adoption and loyalty.

The CA Consumer Access Management solution helps businesses deliver robust security and data privacy without undue burden for the customer. For more information, you can view the replay of the webcast “Enable eCommerce with Security? You Bet!

Monique is a Director of Product Marketing for CA Single Sign-On and CA Directory at…


Modern Software Factory Hub

Your source for the tips, tools and insights to power your digital transformation.
Read more >
How to Stay in the PinkWeWork's VP of Engineering on the Big Difference the Little Things MakeManufacturer's Reimagined Processes Enable a Step Change in Growth