Unique Authentication and Convenience Challenges of the Retail Industry

Authentication Challenges
Back to Blog
February 23, 2017
Brian Bowden

Working with identity and authentication in retail has some striking differences from that of other industries.  In addition to being subject to compliance requirements like PCI, retail has unique challenges as a result of managing hundreds to thousands of locations across the globe.  Some examples include:

  • Speed at the Cash Wrap – applications requiring strong authentication cannot be hindered by time intensive steps.  When retailers are checking customers out during a holiday rush it’s critical that no one leaves the store due to long lines.
  • POS Applications – Many retailers have a collection of home grown and commercial applications they have acquired over time, each having their own credential stores.  This creates a burden when accessing the different applications because users have an opportunity to forget not only one password but sometimes three, four, or more.
  • Labor Laws – The cloud age has made applications available from almost anywhere. However, many retailers need tight control over where their hourly employees are accessing applications.  If hourly workers are using company applications from home off the clock, they could expose the retailer to liabilities for payment.
  • Online Security and PCI – Many retailers not only have the challenge of protecting employee identities but consumer identities as well.  Storing credit card information in consumer profiles makes life a lot easier for consumers but it also attracts bad guys.

There are several strategies retailers should look to employ when addressing these challenges.  It’s important that a flexible access control platform like SecureAuth is utilized to increase security and eliminate costly inefficiencies while providing a good user experience.  Let’s take a look at a few solution approaches retailers have deployed:

  • Strong Authentication that Doesn’t Slow Users Down – Utilizing Adaptive Authentication with device recognition provides a great combination of security and user experience, particularly in a high pace environment where users simply cannot endure the constant disruption of entering  one-time passcode (OTP) for multi-factor authentication.  SecureAuth offers unparalleled flexibility to meet unique use cases; for instance many retailers clear the browser used on the POS each time it’s closed, creating a challenge if using cookies for device recognition.  SecureAuth is able to perform device recognition with or without cookies to fulfill this unique use case. Some popular and traditional two-factor authentication methods may not be a good fit for retail users, which is why SecureAuth offers 25+ methods to choose from.
  • Single Sign-On is a HUGE Convenience for Users – Many retailers have a sorted collection of applications used by their employees, and many of these applications have the ability to be federated.  Federating legacy applications allows retailers to standardize on a single identity and allow access to multiple applications without having to provide credentials every time (Single Sign-On). Coupled with strong authentication, this is a huge convenience to employees. SecureAuth offers several tools to allow organizations to federate legacy applications without performing a complete refactoring of the application. SecureAuth also provides Self-Service password reset functionality that can be used against a multitude of identity stores to reduce the password management nightmare further.
  • Control Access by Location to Comply with Laws – Controlling access by location is another important feature to avoid litigation from the labor laws of many states.  SecureAuth allows administrators different access polices for employees connecting from a trusted network versus connecting over the Internet.  This allows retailers to ensure hourly workers can only access applications, even cloud ones, while they are clocked in at the store.
  • Flexibility to Handle Employee AND Consumer Scenarios – Business to consumer use cases like ecommerce portals can require a very different set of capabilities than typical business to employee scenarios.  SecureAuth has a broad set of capabilities to allow application architects a tremendous amount of flexibility in how they incorporate strong authentication into their apps.  SecureAuth offers an authentication and identity management API, highly brand-able web pages, OAUTH2 and OpenIDConnect (in addition to traditional enterprise federation protocols like SAML) as well as several exciting integration capabilities soon to come.
  • Adapting to New PCI Compliance Mandates – A full blog on PCI compliance is planned for the near future, but you can’t talk “Retail” without mentioning it.  Authentication is only a part of PCI compliance; however, regulations are set to change soon and require administrators to use two-factor authentication even when connecting to PCI systems from the trusted network.  SecureAuth offers several methods of meeting this requirement whether it’s using the Windows Credential provider and the Linux PAM module or integrating with VDI solutions used on jump box networks to provide strong authentication. 

Hopefully we provided some insight on how SecureAuth can help retailers protect their employee and consumer identities without impacting business. 

Reach out to SecureAuth if you would like to take a deeper dive on any of these topics.

Never Miss a Beat
Subscribe to Our Blog

SecureAuth Identity Platform Adaptative Authentication

Identity and Access Management

Empower your digital initiatives with secure access for everyone and everything connecting to your business

Product Features

Adaptive Authentication

Extend verification of a user identity with contextual risk checks

Multi-Factor Authentication

Leverage a broad portfolio of authentication factors for desktop and mobile

Intelligent Risk Engine

Protect your identities with advanced risk profiling analytics

Single Sign-On

Provide app discovery and one-click login through portal or desktop SSO

User Lifecycle Management

Enable admins with strong CRUD capabilities and users with self-service tools

Secure All Identities


Customer Identities

Deliver a frictionless customer experience safeguarding user data and privacy


Workforce Identities

Govern and control access rights for employees, partners, and contractors

SecureAuth Authenticate App

Passwordless MFA client with
Symbol-to-Accept. Stronger security.

The Value of Deploying Multi-Factor Authentication in a Digital World

Value of Deploying Multi-Factor Authentication in a Digital World

Read this white paper to gain insights and understanding of why passwords create risk and blind spots for organizations and their users.


Passwordless Authentication

Reduce the risk of breaches by eliminating passwords

2FA is Not Enough

Block popular phishing and brute force attacks used by bad actors

Protecting Office 365

Extend adaptive authentication and flexible MFA to all apps including Office 365

Securing Portals and Web Apps

Balance strong security and an exceptional user experience

RSA Migration

Transition to a modern identity and access management solution



Financial Services


Energy and Utilities

Public Sector


White Papers


Analyst Reports



Recorded Webinars

Innovation Labs

Support Portal

Calculate Your Savings

Lower support costs by enabling your users the control to reset passwords, account unlocks, device enrollment and update profiles

Meet SecureAuth

About SecureAuth