Jersey Mike's secures 15 million of their most loyal users

At fast-casual sub sandwich franchise Jersey Mike’s, they care about what’s in your sub, not just how many inches it is. Their focus on quality ingredients has led to nationwide success, with over 3,000 locations open and under development across the United States. 

Jersey Mike’s has a simple rewards program — earn points for every purchase. Amass enough and get a free sandwich. The points are managed via the customer’s MyMike’s account, either online or via app. With 15 million members, that leads to a lot of users, a lot of passwords, and a glaring need for better security. “From a technology perspective,” says Scott Scherer, Jersey Mike’s CIO, “we are continuing to upgrade our technology both in-store and customer-facing. And now we're headed towards a fully digital loyalty program.” 

This movement to consolidate customers’ personal information into online accounts made security more important than ever for Jersey Mike’s. To protect their most loyal customers, they needed a solid and secure sign-on authentication process.

Managing Identity was a time-consuming burden 

Trying to manage their security infrastructure in-house was a resource-intensive strain for Jersey Mike’s engineers who found themselves continuously battling bad actors. “Once there's a new exploit,” says Scherer, “we have to write code to mediate it, and it's just an ongoing circular challenge.”

The stakes were high as internal engineers worked to protect customer information. To free up time and provide more consistent security, Scherer selected Okta Customer Identity Cloud, powered by Auth0, to provide login support for their digital customers. “Once we moved to a new app and our new website, it was an opportune time to take the authentication piece away from us. We wanted to take that off our plate and give it to somebody whose focus was on login authentication infrastructure.”

Better customer protection with Breached Password Detection 

After working with Customer Identity Cloud for six months with positive results, Scherer began to look for new ways to further beef up security. “Our initial use case was just login support for our 15-million-plus digital customers, and then as we built and as we started to use it, we've added more features that Customer Identity Cloud provides.” In particular, the Breached Password Detection feature was a great fit to address a common security threat. “If you read the news, you hear about more of these account takeover attacks and more usernames and passwords showing up from breaches from other companies,” says Scherer, “more and more breaches from other companies exposing more and more data.”

Once a breach has been detected, the customer receives an automatically generated email to reset their password. In Jersey Mike’s case, a password history function ensures that users can’t recycle the same breached password over and over. The feature has been well-received by customers. Scherer says, “The big thing we didn't want was our customer service phones to get lit up with people saying, 'Oh my god, what happened? Is my credit card safe? Are my points safe?' We just reset [the passwords] and customers change them and move on.”

Outsourcing authentication frees up time for faster growth 

By entrusting their Identity needs to Customer Identity Cloud, Jersey Mike’s frees up their internal staff for other tasks. “Our engineers don't have to build the interfaces,” says Scherer, “they don't have to build all the security around it, they don't have to deal with managing it from our database people's perspective, they don't have to deal with managing any usernames or passwords. It's all taken out of our hands.” With their Identity security taken care of, the engineers can spend more time on creating user benefits. The savings for Jersey Mike’s are “not headcount reduction as much as headcount reallocation. So some developers who were spending a lot of time working on authentication and all the services around it are now working on features... Now they're able to start working on stuff that benefits our customers in a visible way.”

Okta has been an important and useful partner in Jersey Mike’s growing sub empire. “Working with Customer Identity Cloud has been a great experience, great technical support. It's a company that we can trust, so we trust the software they're building as well.”

About Customer

Jersey Mike’s, Jersey Mike’s Subs, with more than 3,000 locations nationwide, serves authentic fresh sliced/fresh grilled subs on in-store freshly baked bread — the same recipe it started with in 1956. Passion for giving in Jersey Mike’s local communities is reflected in its mission statement “Giving…making a difference in someone’s life.”