We’ve all been there. You’re browsing a website, decide to make a purchase, and you’re halted every few seconds by security features asking you to prove you’re not a bot or a criminal.

Sometimes, security best practices actually annoy visitors more than they offer reassurance.

We know it’s for the protection of our business – and that of the companies we do business with – but it detracts from what should be a simple, straightforward buyer’s journey.

If you’ve conducted any business online, you know the frustration of trying to get things done and meeting a wall of authentications, time-outs, pop-ups, and other barriers that make purchasing a pain.

The fact is, consumers want an easy online shopping experience. They want a range of payment options, quick, hassle-free checkouts, and responsive customer service. But, they also want to make sure that their personal and financial information is safe.

How do developers and site owners reconcile these two major consumer concerns without sacrificing safety for convenience or vice-versa?

A Tale of Two Companies

With eCommerce becoming a major economic force that takes in multiple billions of dollars, keeping online shoppers happy is essential. One example of a growth industry for online commerce is software-as-a-service (SaaS), companies, which rely on renewals for 59 percent of their growth. When it comes to customer retention, there’s a right and a wrong way to ensure data integrity and provide a satisfactory experience for audiences.

Let’s consider these two companies: Amazon and United Airlines.

Both are leaders in their respective industries, but they take very different paths toward data protection. The point is not to call out or endorse either company, but to demonstrate a difference in how they’ve designed and implemented UI/UX.

If you’re one of the 10 people left who’ve never ordered something from Amazon, here’s how it works:

When you log onto Amazon’s website, you remain logged-on until you log out. Most of the time, ordering a product is a one-step process and you’re done. The only time you run into another authentication feature or need to log in again is if you’re buying a gift card or having something shipped to a different address to the one on file.

That may make it seem like the system is wide open for abuse or exploitation, but the security features are designed to trigger only when necessary for that particular action. So far, it seems to work for their millions of repeat customers, and there have been no major security breaches.

On the other hand, UA customers must log in to the website every time they visit, and their system will automatically log you out every 20 minutes. You’ll also lose any in-process searches or transactions, and you’ll run into other authentication issues if you log in from a different location, even on the same device.

They also require answers to security questions, some of which may be from years previous if you do a lot of travel arrangements on their website, but some will return an error message even if you answered correctly. You may also run into these same authentication issues when speaking with customer service over the phone.

These are common security best practices, but they can become inconvenient or downright annoying. There has to be a better way to combine customer service and security that doesn’t drive customers away.

How to Ensure a Great UX Without Watering-Down Site Security

Businesses spend a huge chunk of their marketing budgets generating leads and persuading customers to take a chance on them once they get them on their website. You only have a few seconds to make a good impression, and lags in the process will do you no favors. Unlike brick and mortar businesses, online customers can leave your website and frequent another merchant with a mouse click.

Some companies rely on their hosting company to handle data protection. Hosting providers are experienced and knowledgeable in various aspects of security, especially considering how many sites rely on their host. Take for example WordPress, as the most popular CMS by market share, powers 34% of the internet today.

So it makes sense for companies to rely on the expertise of hosting services built specifically for WordPress websites, tailored to the nuances of WordPress and WordPress security. Commonly referred to as “managed” hosts, these companies put security measures in the background to guard access and endpoints, providing an extra layer of cybersecurity.

That’s largely on you and your design team, regardless of whether you have a full-fledged eCommerce site or an app. There are three keys to usability in design:

1. It should be easy for the customer to complete their transaction on their first visit to your website. A well-designed website should move the customer through the browsing and checkout process quickly.
2. The visitor should be able to complete their transaction from your website. The design should lead the visitor through to the checkout process efficiently.
3. The UI should be designed simply enough that subsequent visits are just as easy to navigate. The design should be easy to remember and navigate on each successive visit without the need for an explanation or assistance.

It should also be error-free and devoid of bad links or redirects. Part of the security issue is due to customer perception. Visitors will leave a website if they feel that their information isn’t safe or they don’t trust the merchant. This leads to overkill and a clunky, inelegant experience that turns customers off.

One solution is to take a more layered approach that requires actions on the part of the consumer without being intrusive or time-consuming. You can still have tight security features, but implement them in a way that’s subtle. It also helps to use encryption, SSL certificates, and badges from trusted authorities that let your visitors know they can trust you.

Final Thoughts

Marketing professionals and business owners spend a lot of time and money getting to know consumers through outreach, engagement, and by studying their behavior and habits. Security specialists probably spend an equal, if not greater, amount of effort getting to know cybercriminals and using that information to protect data integrity.

For anyone interested, we made a comprehensive guide on E-Safety.

Online safety and producing a smooth, satisfying UX are not mutually exclusive. The answer is not to get rid of security features in an effort to make customers happy. What’s needed is a more nuanced approach to troublesome cybersecurity risks that keeps the policing machinery running in the background without diminishing the quality of the overall UI/UX.

We have the tech to get it done. What we need is consensus among the developer and CyberSec community regarding the “How?” that includes feedback from marketers, site owners, and the users they hope to woo and retain.