Companies Need to Double Down on Dual-Factor Authentication

Companies Need to Double Down on Dual-Factor Authentication

Unfortunately there will always be bad actors in this world, people who don’t restrain themselves from trying to steal from others or to harm them. Because of this we need to accept the fact that hacking is here to stay and enhanced security measures will be required to protect ourselves from theft in our digital lives that can impact our real lives.

Some of my recent research in the hospitality industry identified that fraud is a large and increasing problem for hotels, resulting in unfilled inventory, credit card chargebacks, and loyalty point thefts from customers.

Personally, my Starbucks card account has been hacked – twice.

According to Chargeback.com:

“The percentage of cyber attacks targeting loyalty and rewards accounts nearly tripled from 2016 to 2017, with 48% of businesses being hit by ATO (Account Takeover) attacks. This has cost companies more than $2.3 billion worldwide.”

The most recent hack was foiled by a 24 hour cooldown period, preventing (or discouraging) thieves from being able to move about $25.00 off my Starbucks card onto theirs. But as I was setting up dual-factor authentication on my account and changing my password to keep the thieves from getting back into my account I noticed that the system was not set up well for a simple nuclear family – let alone a complicated family. Users are only able to enter a single phone number for the dual-factor authentication code to be sent to. I assume this is to make the system simple but it then makes it so that my wife can’t access the account.

Dual-factor authentication is going to become a mandatory requirement for logins to financially-linked accounts (including any site where you store your credit card details) and companies need to design their systems to accommodate spouses and potentially even children.

Companies should consider incorporating biometric methods of identity verification as the primary or secondary method of authentication as well, not just for security reasons but for ease of use/customer experience reasons too.

So, protect your customers folks, but remember how people live their lives as you’re designing your systems to keep them (and their money) safe.

Keep innovating!


Accelerate your change and transformation success

Subscribe to Human-Centered Change & Innovation WeeklySign up here to get Human-Centered Change & Innovation Weekly delivered to your inbox every week.

Leave a Reply

Your email address will not be published. Required fields are marked *