As they compete for attention and conversions in a crowded global marketplace, online retailers and eCommerce companies face a number of challenges. For example:
- Customers expect personalized omnichannel experiences at every stage of the buying journey
- Users want to engage with their apps or services at any time, from any device, in a secure and safe manner — and they don’t want to spend time with cumbersome account creation
- The loss of the third-party cookie and tighter app restrictions are threatening marketing strategies that rely upon cookies and app-based tracking and are forcing a larger dependence on first-party data
The brands that will not only survive but thrive in this dynamic environment will be those that are best able to implement fundamental identity capabilities and extend beyond the identity basics.
But with a developer team that’s busy enough already, it’s important for the business (and for developer sanity) to satisfy identity requirements as quickly — and with as little custom code to write or maintain — as possible.
Identity Enables Online Retail and eCommerce
Identity may not be top of mind for retailers, but the identity function is essential to helping eCommerce companies:
- Maximize conversions and revenue by minimizing friction in any and every customer interaction
- Meet user expectations by powering personalized experiences
- Manage risk by addressing regulatory requirements and privacy laws and by addressing identity-specific security threats
A customer identity and access management (CIAM) solution with the right set of out-of-the-box features can help engineering teams to avoid a whole lot of pain and expense.
For example, CIAM has been a core enabler of cosmetic giant Lush’s consumer-oriented initiatives, powering a range of features including single sign-on (SSO) and guest checkout, as well as the centralization of the point-of-sale (POS) system for the entire business. In particular, extensive out-of-the-box functionality allowed Lush to implement these features with a limited developer team while ensuring the pace of transformation didn’t compromise customer privacy or system security.
While out-of-the-box functionality is important, the real world is a complex and dynamic beast (as anyone who’s ever done a year-over-year roadmap comparison understands). Being able to accommodate change and tailor identity to your unique needs — and doing both without drawing too heavily upon developers — is the difference between CIAM as a necessary component of your application stack and CIAM as an operational and competitive advantage.
Actions Integrations and the Auth0 Marketplace
A modern CIAM solution can tackle the identity basics (e.g., signups, logins, account updates, password retrievals, etc.), but satisfying advanced use cases often requires transacting with other business systems and third parties to execute complex conditional flows.
Building such advanced logic from scratch is a major undertaking requiring specific skill sets, tools, and knowledge; worse still, it’s inefficient because each use case is a custom coding exercise with little that can be reused.
Alternatively, having a simple but effective (read: powerful, flexible, efficient, etc.) way to make identity work with your other business systems allows developers to quickly implement customized identity solutions without the time, expense, and headaches associated with custom coding projects… and that’s where extensibility comes into play.
Since launching in late 2020, the Auth0 Marketplace has helped developers quickly find and install third-party identity solutions for their applications and APIs.
Actions Integrations makes it even easier to extend Auth0 with partner-built innovations, often with no-code, drag-and-drop ease; in fact, you can even ‘stack’ these integrations like building blocks to keep up with new needs and address advanced use cases.
To illustrate, let’s look at some examples…
Prevent Fraudulent Registrations
One of the major objectives for consumer-facing companies is to convert prospects into first-time customers, and this makes fraudulent registrations (or signup fraud) especially problematic because:
- Leveraging a customer data platform (CDP), customer flows are often optimized based upon data that shows how users interact with a user interface and ultimately ‘convert’ — but fraudulent registrations pollute this data, significantly complicating business analytics activities.
- To maximize conversions, consumer businesses especially must minimize friction during the registration process — but lowering barriers for legitimate users also lowers the barriers for abusers.
While authentication (e.g., logging in with a username and password) shows that a user has the credentials that correspond to a particular account, it doesn’t prove that the user is who they say they are — that’s where identity proofing comes in, by using additional verifications to create a high degree of confidence that your users are who they claim to be.
Here’s how a sign-up flow works when identity proofing is integrated:
- A new user clicks “sign up” on your website
- The sign-up flow calls upon the identity-proofing solution
- The identity proofing solution verifies the user’s identity using phone carrier verification
- Customer identity data is captured and collected by the CDP
By making signup fraud much more challenging to commit, identity proofing meaningfully alters the economics for bad actors and, in doing so, protects your customers, your reputation, and the integrity of the data stored in your CDP.
Protect and Enrich Existing User Accounts
In addition to protecting against signup fraud, incorporating identity proofing into user workflows can also protect against account takeovers (ATO) and enrich user profiles with ‘golden data’ like age and demographic information.
- A returning user performs some action, like logging in or attempting to update account details
- Due to the perceived risk associated with the action (and perhaps incorporating other risk signals), the identity stack calls upon the identity-proofing solution as a safeguard
- The identity proofing solution validates the user’s identity, ensuring that the activity is not from a bad actor attempting to take over the account; or, if the user is accessing the service via a mobile app, a mobile verification integration validates the device ID to confirm the user’s identity
- With the user’s identity validated, the action is permitted, and the data associated with the user’s activity is sent to the CDP to build out the profile
Depending upon the risk signals or significance of the action, the identity-proofing solution may employ document scanning (e.g., passport, driver’s license) and cross-validation as the verification mechanism. When this is the case, the CDP can be enriched with information that may not yet be a part of the user’s profile.
Stop Fraudulent Checkouts
The previous examples involve sending data to the CDP, but the CDP data can also be leveraged within the identity flows. For instance, here’s how data from a CDP can combine with an identity-proofing solution to stop a fraudulent checkout:
- A threat actor masquerading as a user logs in, browses products and adds items to the cart
- The CDP collects and stores behavioral data from this session. The data can then be used to help determine that the risk threshold is exceeded — e.g., the total purchase amount exceeds the real customer’s typical habits, or the IP geo-location is outside the real customer’s region, etc.
- The threat actor fails the identity proofing verification, and the purchase is stopped, protecting the customer and the retail brand from the effects of fraudulent purchases
Reward Your Loyal Customers
Retail brands can suffer reputational harm when resellers buy premium products (e.g., sneaker drops, limited edition collaborations, small batch cosmetics, etc.) only to mark up the price on a third-party marketplace.
By restricting who is able to purchase these products, retailers can reward loyal customers and protect their brand:
- A user logs in
- The CDP provides customer data that can then be used to indicate whether or not the user exceeds a certain ‘loyalty’ threshold (e.g., based on purchase history)
- If a user exceeds the threshold, then the site/service shows them premium offers
- The user adds a premium product to their cart and initiates the checkout
- Identity proofing validates the user’s identity to guard against an account takeover and ensure that the purchaser is a loyal customer
Additionally, the same building blocks can be used to encourage preferred channel adoption. For example, many retailers reserve limited edition products only for users of their mobile app. Web users could be presented with a message saying, “To see promotional offers, please switch to the app.” If the user’s device has already been verified in a past interaction, then the purchase can proceed; otherwise, the identity stack calls a short verification flow.
Customer lifetime value is rooted in personalized offers, promotions, and pricing, which depend on rich customer profiles stored in CDPs. To build these profiles, brands collect customer data across various channels and systems, with the mobile app being perhaps the most valuable channel.
A World of Extensions and Opportunities
Extensibility is a core Auth0 principle. Our identity platform is designed to be easy to deploy and even easier to tailor to your unique business needs, so you never have to choose between customizability and ease of deployment.
We’re excited about the potential unlocked by the rich ecosystem of third-party integrations, as they allow our customers to continually add new capabilities as needed.
Whether you prefer the pro-code approach of Actions or the no-code convenience of Actions Integrations found within the Auth0 Marketplace, we encourage you to explore the options to see which of your identity and identity-related use cases already have a ready-built solution just waiting to be integrated!