Published on October 25th, 2017 | by Guest
0Balancing Mobile UX and Personal Data Privacy
Customers are engaging with brands across more than one device for a single transaction. The demand for mobile functionality includes responsive websites and apps, as well as ways to make payment on mobile devices.
Mobile marketing isn’t just about apps anymore. Searches on mobile have outpaced searches on desktop which means that companies need to be aware of the different advantages of apps and mobile sites.
But innovation in mobile convenience comes with its dangers. Businesses should be careful when implementing greater usability options to ensure that they’re appropriately protecting private data — especially when taking direct payments through mobile devices and when dealing with sensitive personal information such as health data.
Risks of Mobile Convenience
Mobile devices are at an increased risk of security breaches, and much of the technology that takes advantage of mobile vulnerabilities is yet in its infancy. Mobile devices generally don’t have the same level of antivirus and antispyware security that people would think to have on computers.
Worse, devices with IoT functionality are often released with basic firewall protection and very little else. Phones and tablets are also often subject to loss and theft; in these cases convenience features like username and password autofills quickly open people up to fraud. They’re a vulnerable point of access to people’s information.
This is an especially critical consideration for industries that regularly track private information, such as the healthcare industry. More and more, we use personal devices to collect health information and provide it to healthcare providers. This opens up a whole new set of ethical dilemmas in healthcare about how data is collected, transmitted, and used.
Part of the problem is that we’re discovering new ways to track new types of information more quickly than legislation and security measures can keep up with. We’re not sure yet what the potential fraud and social engineering opportunities arise with different types of data. For example, the introduction of breathalyzer phone apps puts a new type of very personal data — blood alcohol level — onto vulnerable devices. As people gain access to more convenient functions to track their daily routines, are they aware of the security risks that come with increased usability?
One major problem with tracking data using a mobile device is the fact that other unrelated apps often request, and are granted, access to wide swathes of data on the device. Sometimes they turn around and sell that data to advertisers. It can be very difficult to know what data they track is actually included in those permissions, or they might not even think about it when they hit “allow.”
Potential Answers:
- Multi-step verification
Requiring additional verification from additional accounts and/or devices is one security measure that a number of companies are adopting. This is often a voluntary feature, as it cuts into the convenience factor of the customer experience. But the added security is likely worth the tradeoff.
- Server-side context checks
This solution works on the philosophy that authentication should not happen entirely on the client’s device. A login attempt should be run by your servers first, and they should be analyzed by contextual clues (like device location) to determine high-risk login attempts.
- Limit the permissions of your apps
If you are building custom apps, think carefully about what permissions they need. Try not to add in superfluous permissions for the sake of unnecessary convenience. Think about where your app tracks and stores data, and its potential to be accessed by other apps that the user installs.
- Think very carefully about browser functionalities that remember information
If someone can log in without actually entering information, that can be a big security risk. Oddly enough, in some cases this ease of login can increase security if, for example, a malicious keystroke logger has been installed on the device. But for mobile devices, physical access by people who stumble upon or steal the device itself can be a bigger concern. In that case, features that allow easy login, one-click purchasing, and other convenience applications can be become very high risk.
It’s important to think about just how convenient we make things. In our drive to make things more convenient to the user, we should make sure we’re not also making it easier to steal information and commit credit card fraud.