Balancing Convenience and Security in mCommerce

June 16, 2013 Jeremy Black

Finding the right balance between convenience and security is an issue we frequently encounter with our mCommerce clients. As Adobe noted in a whitepaper, every additional input field acts as another reason to abandon the shopping cart. A simple task such as inputting an entire credit card number would spike abandonment rates, and the removal of such a barrier could help minimize cart abandonment . This behavior is mirrored in device security: Equifax highlights that 40% of smartphones don’t have passwords – and yet over 70 million mobile phones are lost or stolen annually, according to Codeproof.

It’s quite possible to find a good balance that utilizes the best of both worlds. Here is the advice we generally give our customers, and the features we implement when building their mobile products.

Use Pre-Populated Data

Credit card information is much too valuable to leave unprotected, yet requiring users to repeatedly input it can greatly hurt successfully closing a sale. The solution is to use the information that users willingly enter. Users already understand the benefits of entering personal information into a mobile application. Not only does the experience become more personalized and tailored to the user’s liking – which means more relevant content (e.g., Beso) and services (e.g., PC Financial Mobile) – it also makes the app much easier to use.

In order to ensure that customers follow through with completing transactions, the best mCommerce apps have optimized checkout processes that minimize friction and ease the ability to make payments. In order to save the user time, credit card information and billing/shipping addresses are often saved in the user’s profile. This means that the user often only has one button to push in order to complete the transaction.

Implement Easy Security Checkpoints

Naturally, the tradeoff has always existed between convenience and privacy. More specifically, with such convenience on mobile devices, many users fear that a common occurrence, such as losing their phone, could lead to having a finder gain access to their personal information. As noted above, the 40% of smartphone users who don’t use the passcode function leave themselves vulnerable to ID fraud. This proportion increases when looking at younger groups of users that have embraced mobile technology. This is when the convenience of having a credit card saved on the phone can grow extremely inconvenient, extremely quickly.

Instead of optimizing purely for convenience, it may be more suitable to take a more balanced approach to mCommerce checkouts. In addition to the one-button checkout, we recommend that you ensure that a password is required for each visit and for each checkout. The profile will still save all the credit card information, but the user only needs to enter a password before successfully making a transaction. Ideally, users could also enter a password to unlock the app once they switch back in, which serves to make sure no one but that user will be able to access profile or credit card information. This way, the app still only requires one field to make a transaction, instead of the usual five: credit card information, verification code, billing address, shipping address, and name (which can all be solved). This feature is already used by many mobile banking apps, and is akin to Google’s two-step verification. Thus, while entering a password takes a few seconds, it means an additional layer of protection in case the device is lost or stolen.

Final Thoughts

At the end of the day, mCommerce is very much like the beginning of eCommerce all over again: people fear others gaining access to their personal information. They need security. As unbelievable as it sounds, the password protection mechanism still isn’t commonly used in mobile apps. The challenge becomes a matter of finding the right mix of security and convenience, and it appears that this balanced approach may come in the form of a password. Users still have the option of convenience: if they don’t want to constantly enter in the 16-digit credit card number, they can just enter a password.

We think that this little tweak will make users feel much more secure about mobile transactions. By doing this, not only will users have further peace of mind, it also encourages the adoption of this new technology and removes the objection of safety and security from the minds of skeptics.


Connect with Jeremy on LinkedIn.

About the Author


Everyday Git Commands in RubyMine
Everyday Git Commands in RubyMine

As a long-time command-line Git user, I was hesitant to adopt RubyMine’s version control tools. But I deci...

Ember.js and SoundManager2, Part 1
Ember.js and SoundManager2, Part 1

Continuing the experimentation with cool libraries and ember this time I’ll use SoundManager2, a really use...

SpringOne 2022

Register Now