Cyber Safeguard Faces Big Hurdle

Two-factor authentication would make online transactions more secure, but there are issues on both the consumer and business sides.

learn more about Thorsten Trapp

By Thorsten Trapp Originally published Jun 30, 2014

Opinions expressed by Entrepreneur contributors are their own.

Cybercriminal activity is showing us that online security has the power to make or break a company. Following the massive media attention of Heartbleed, consumers are becoming hyper aware of their residual online trail and are increasingly demanding more secure online solutions such as two-factor authentication (2FA).

Take Target -- a prime example of what can happen when security isn't already implemented or at the very top of the corporate "to-do" pile. The mega retailer simultaneously lost millions in damages, said goodbye to their CEO and severely compromised their reputation and consumer trust. The hack exposed roughly 70 million customer credit cards, and recent reports cite that online sales have slowed and likely won't meet upcoming forecasts.

Target can bounce back, but it will be a long road and require a lot of trust rebuilding for the brand. For new companies with unguarded online presences, vulnerable brand recognition and limited resources, experiencing any sort of security breach would cause irreparable and possibly irreversible damage.

Related: 5 Steps to Keeping Your Private Communications Secure

Gone are the days when entrepreneurs could rely solely on innovation to power their online aspiration. The new rules of a successful launch look like this: "1: Create a million-dollar idea. 2: Launch online security measures to protect priority 1."

Busting the security myth. A common misconception about online security solutions is that they wind up hindering the user-experience by adding additional hoops for the user to jump through. But while an additional step is involved, solutions like two-factor authentication are actually proving to add some swagger to overall customer experience.

When users opt-in for 2FA, following their username and password login, a second, temporary password is required to verify their identity.

The secondary password can be delivered in multiple ways, the most popular being via text message. SMS-based 2FA, as its known, is emerging as the verification method of choice for many security conscious organizations due to its trifecta of benefits: it's user-friendly, cost effective to integrate and use and it provides a high level of security.

A recent Ponemon study said 68 percent of North American organizations agree there's a need for more secure authentication methods over the traditional username and password method. As an alternative, nearly half of IT professionals surveyed (46 percent) plan to extend the usage of SMS-based 2FA in 2014 for identity verification and activation of online services.

The devil is in the details. Security problem solved, right? Not so fast -- while 2FA via SMS is the most recognizable and easiest to use, companies integrating security are at a crossroads with their end-users when it comes to the actual rollout.

Given our exposed online landscape, it's been found that consumers are largely unwilling to share their mobile number with online service providers -- even if it's in exchange for security. Considering their mobile number to be a personal identifier and valuable information, a YouGov survey found that only 11 percent of U.S. consumers would be willing to share their mobile number to add extra security to their social media accounts.

Related: Why Your Credit Card Company Wants to Replace Magnetic Strips With Microchips

Adding to the list of deployment challenges, another issue emerging with SMS-based 2FA is failed delivery of those SMS messages. The same Ponemon survey found that a majority of North American organizations cite that:

  • Eleven to 20 percent of verification passwords sent via SMS message fail to be delivered to the end-user's mobile device.
  • Of those, 48 percent failed because an invalid mobile number was entered by the end-user.

In summary, there are two big problems: first, precious funds get squandered on the cost of sending text messages that never arrive to their intended destination. Secondly, a fledgling reputation is called into question because it appears to the end-user that the company didn't hold up their end of the bargain.

How to break the stalemate. With technical deployment issues on one side and sensitivities from their customer base on the other, how can online startups succeed with security on their services?

Like a good epoxy, it's a two-part plan: companies have to be up-front and transparent with their users on how they're handling online security and why a mobile number is a critical ingredient to securing end-user account and personal information. Second, consumers have to do their part and get educated on the security process, inducing them to opt-in for 2FA offered by favorite apps, sites and social networks they subscribe to.

Business leaders need real-time visibility in the form of verification tools that validate mobile numbers. With the right tools in place, companies can instantly notify users if they've entered an inaccurate mobile number, saving on the cost of text messaging fees and eliminating the possibility of incomplete authentication.

Currently, only 6 percent of Ponemon survey respondent use enhanced verification tools, and all of them reported improved customer satisfaction, reduced customer support costs and higher conversion rates.

As the most active year for cyber-criminal activity, according to Verizon's Data Breach Investigations Report, 2013 has made us all too aware of our susceptibility to security breaches. It's no longer acceptable for online organizations to ignore or push off security measures to protect their customers' information.

In fact, it's not off-base to predict security provisions will soon become a decision-making consideration for consumers when making online purchases. Smart entrepreneurs preparing to launch online services should be making security a high priority when developing their go-to market strategy. Ultimately, their survival and way forward could depend on it.

Related: Better Late Than Never? Target Accelerating Program to Detect Credit-Card Fraud.

Thorsten Trapp

Co-founder and CTO of tyntec

Serial entrepreneur Thorsten Trapp co-founded tyntec in 2002. Trapp developed the company's mobile messaging platform architecture that powers tyntec’s core business and is chiefly responsible for the company’s technical innovations and intellectual property.

Related Topics

Editor's Pick

Have More Responsibilities at Work, But No Pay Bump? Use This Script to Get the Raise You Deserve.
Black and Asian Founders Face Opposition at All Levels — Here's Why That Has to Change
Leadership

Is Giving a TEDx Talk Really Worth It? Answer These 3 Questions First.

Giving a TEDx Talk is more than a passion project; it's a big investment. Here's how to think about returns.

Business News

'Work for a Millennial': Employee's Viral Email Exchange With Boss Emotionally Praises Millennials in Management Positions

In a video that's been viewed more than 1.8 million times, 28-year-old realtor Kristen Mahon shared an email exchange with her boss, who she estimates is 6 to 7 years older than her.

Career

7 Common Obstacles Aspiring Authors Face — and How to Overcome Them

Here are a few tips that will help you start writing that book you always dreamed about.

Employee Experience & Recruiting

Ready to Hire? Here are the Best Recruiting Platforms.

When it's time to hire, finding quality job candidates doesn't need to be complicated. Job search sites can help you recruit and retain talent no matter your budget.

Business News

A 6-Year-Old Ordered Almost $1,000 Worth Of Grubhub — And Tipped 25% on Each Order

Mason Stonehouse of Chesterfield, Michigan, grabbed his dad's phone and treated himself to chicken sandwiches, ice cream, and more.