Why Jersey Mike's Trusts Auth0 With Their Most Loyal Customers’ Data
After securing 6 million users, the sandwich franchise increases protection with Breached Password Detection
About Jersey Mike's
Jersey Mike’s, a fast-casual sub sandwich franchise with more than 2,000 locations open and under development nationwide, believes that making a sub sandwich and making a difference can be one and the same. Jersey Mike’s offers A Sub Above®, serving authentic fresh sliced subs on freshly baked bread – the same recipe it started with in 1956 – and is passionate about giving back to its local communities.
At fast-casual sub sandwich franchise Jersey Mike’s, they care about what’s in your sub, not just how many inches it is. Their focus on quality ingredients has led to nationwide success, with more than 2,000 locations open and under development across the United States.
Jersey Mike’s has a simple rewards program — earn points for every purchase. Amass enough and get a free sandwich. The points are managed via the customer’s MyMike’s account, either online or via app. With six million members, that leads to a lot of users, a lot of passwords, and a glaring need for better security. “From a technology perspective,” says Scott Scherer, Jersey Mike’s CIO, “we are continuing to upgrade our technology both in-store and customer-facing. And now we're headed towards a fully digital loyalty program.”
This movement to consolidate customers’ personal information into online accounts made security more important than ever for Jersey Mike’s. To protect their most loyal customers, they needed a solid and secure sign-on authentication process.
Managing Identity Was a Time-Consuming Burden
Trying to manage their security infrastructure in-house was a resource-intensive strain for Jersey Mike’s engineers who found themselves continuously battling bad actors. “Once there's a new exploit,” says Scherer, “we have to write code to mediate it, and it's just an ongoing circular challenge.”
The stakes were high as internal engineers worked to protect customer information. To free up time and provide more consistent security, Scherer selected Auth0 to provide login support for their digital customers. “Once we moved to a new app and our new website, it was an opportune time to take the authentication piece away from us. We wanted to take that off our plate and give it to somebody whose focus was on login authentication infrastructure.”
Better Customer Protection With Breached Password Detection
After working with Auth0 for six months with positive results, Scherer began to look for new ways to further beef up security. “Our initial use case was just login support for our six-million-plus digital customers, and then as we built and as we started to use it, we've added more features that Auth0 provides.”
In particular, Auth0’s Breached Password Detection feature was a great fit to address a common security threat. “If you read the news, you hear about more of these account takeover attacks and more usernames and passwords showing up from breaches from other companies,” says Scherer, “more and more breaches from other companies exposing more and more data.”
Once a breach has been detected, the customer receives an automatically generated email to reset their password. In Jersey Mike’s case, a password history function ensures that users can’t recycle the same breached password over and over.
The feature has been well-received by customers. Scherer says, “the big thing we didn't want was our customer service phones to get lit up with people saying, 'Oh my god, what happened? Is my credit card safe? Are my points safe?' We just reset [the passwords] and customers change them and move on.”
Outsourcing Authentication Frees Up Time for Faster Growth
By outsourcing their identity needs to Auth0, Jersey Mike’s frees up their internal staff for other tasks. “Our engineers don't have to build the interfaces,” says Scherer, “they don't have to build all the security around it, they don't have to deal with managing it from our database people's perspective, they don't have to deal with managing any usernames or passwords. It's all taken out of our hands.”
With their identity security taken care of, the engineers can spend more time on creating user benefits. The savings for Jersey Mike’s are “not headcount reduction as much as headcount reallocation. So some of the developers that were spending a lot of time working on authentication and all the services around it are now working on features... Now they're able to start working on stuff that benefits our customers in a visible way.”
Auth0 has been an important and useful partner in Jersey Mike’s growing sub empire. “Working with Auth0 has been a great experience, great technical support. It's a company that we can trust, so we trust the software they're building as well.”
Auth0 provides a platform to authenticate, authorize, and secure access for applications, devices, and users. Security and application teams rely on Auth0's simplicity, extensibility, and expertise to make identity work for everyone. Safeguarding billions of login transactions each month, Auth0 secures identities so innovators can innovate, and empowers global enterprises to deliver trusted, superior digital experiences to their customers around the world.For more information, visit https://auth0.com or follow @auth0 on Twitter.