Working with identity and authentication in retail has some striking differences from that of other industries. In addition to being subject to compliance requirements like PCI, retail has unique challenges as a result of managing hundreds to thousands of locations across the globe. Some examples include:
- Speed at the Cash Wrap – applications requiring strong authentication cannot be hindered by time intensive steps. When retailers are checking customers out during a holiday rush it’s critical that no one leaves the store due to long lines.
- POS Applications – Many retailers have a collection of home grown and commercial applications they have acquired over time, each having their own credential stores. This creates a burden when accessing the different applications because users have an opportunity to forget not only one password but sometimes three, four, or more.
- Labor Laws – The cloud age has made applications available from almost anywhere. However, many retailers need tight control over where their hourly employees are accessing applications. If hourly workers are using company applications from home off the clock, they could expose the retailer to liabilities for payment.
- Online Security and PCI – Many retailers not only have the challenge of protecting employee identities but consumer identities as well. Storing credit card information in consumer profiles makes life a lot easier for consumers but it also attracts bad guys.
There are several strategies retailers should look to employ when addressing these challenges. It’s important that a flexible access control platform like SecureAuth is utilized to increase security and eliminate costly inefficiencies while providing a good user experience. Let’s take a look at a few solution approaches retailers have deployed:
- Strong Authentication that Doesn’t Slow Users Down - Utilizing Adaptive Authentication with device recognition provides a great combination of security and user experience, particularly in a high pace environment where users simply cannot endure the constant disruption of entering one-time passcode (OTP) for multi-factor authentication. SecureAuth offers unparalleled flexibility to meet unique use cases; for instance many retailers clear the browser used on the POS each time it’s closed, creating a challenge if using cookies for device recognition. SecureAuth is able to perform device recognition with or without cookies to fulfill this unique use case. Some popular and traditional two-factor authentication methods may not be a good fit for retail users, which is why SecureAuth offers 25+ methods to choose from.
- Single Sign-On is a HUGE Convenience for Users - Many retailers have a sorted collection of applications used by their employees, and many of these applications have the ability to be federated. Federating legacy applications allows retailers to standardize on a single identity and allow access to multiple applications without having to provide credentials every time (Single Sign-On). Coupled with strong authentication, this is a huge convenience to employees. SecureAuth offers several tools to allow organizations to federate legacy applications without performing a complete refactoring of the application. SecureAuth also provides Self-Service password reset functionality that can be used against a multitude of identity stores to reduce the password management nightmare further.
- Control Access by Location to Comply with Laws - Controlling access by location is another important feature to avoid litigation from the labor laws of many states. SecureAuth allows administrators different access polices for employees connecting from a trusted network versus connecting over the Internet. This allows retailers to ensure hourly workers can only access applications, even cloud ones, while they are clocked in at the store.
- Flexibility to Handle Employee AND Consumer Scenarios - Business to consumer use cases like ecommerce portals can require a very different set of capabilities than typical business to employee scenarios. SecureAuth has a broad set of capabilities to allow application architects a tremendous amount of flexibility in how they incorporate strong authentication into their apps. SecureAuth offers an authentication and identity management API, highly brand-able web pages, OAUTH2 and OpenIDConnect (in addition to traditional enterprise federation protocols like SAML) as well as several exciting integration capabilities soon to come.
- Adapting to New PCI Compliance Mandates - A full blog on PCI compliance is planned for the near future, but you can’t talk “Retail” without mentioning it. Authentication is only a part of PCI compliance; however, regulations are set to change soon and require administrators to use two-factor authentication even when connecting to PCI systems from the trusted network. SecureAuth offers several methods of meeting this requirement whether it’s using the Windows Credential provider and the Linux PAM module or integrating with VDI solutions used on jump box networks to provide strong authentication.
Hopefully we provided some insight on how SecureAuth can help retailers protect their employee and consumer identities without impacting business.
Reach out to SecureAuth if you would like to take a deeper dive on any of these topics.