Black Friday brings the picture of chaos to mind when people go berserk in stores, right? And true, not long ago the standard protection gear was helmets, knee – and elbow pads in the brawl for Black Friday brings the picture of chaos to mind when people go berserk in stores, right? And true, not long ago, the standard protection gear was helmets, knee – and elbow pads in the brawl for Black Friday door-cracked deals. But this is rapidly changing as more and more people (naturally) avoid the in-store ruckus and instead hunt for Black Friday deals online from their homes.

People’s desire to grab top Black Friday and Cyber Monday deals for their friend’s and family’s Christmas lists is a massive threat to both retailers and consumers. During the online shopping frenzy, people click-search for a bargain after a bargain and tend to ignore elementary security procedure

If it walks like a duck or clucks like a duck – it’s probably a duck.

As online retailers’ email campaigns ramp up with irresistible offers, cybercriminals are getting ready to get in on the action into action too. The holiday season provides a golden opportunity for fraudsters to dispatch millions of phishing emails with too-good-to-be-true discounts that land in our inboxes mingled with legitimate offers.

The smartphone security dilemma

It’s not just online frauds that present a threat – all digital or electronic means of payment, like card transactions and ATM withdrawals, are equally vulnerable to fraud, this we already know. But – there is one significant device that has become the most exposed and undefended in recent years – the smartphone. This fact is particularly disheartening as the smartphone is also the preferred means of payment and shopping for an ever-increasing amount of people. One security pitfall is, for example, that mobile browsers have short address fields and it can be hard to see the full URL because of this, which makes it more challenging to see the deceptive link.

The regulation that comes to the rescue – PSD2

The EU regulation PSD2 (Second Secure Payment Directive) is about opening up banks’ APIs to third parties. Still, the directive also requires that transactions from €30 and up go through heavy authentication before an approved purchase. To handle this, the customer experience can, in many cases, take a blow, as it means more clicks and complex setup of various authentication applications on people’s own devices and more advanced security procedures to go through than before.

How about Covr?

With this in mind, we developed the Covr app, which circumvents user-friendliness and security paradoxes. As a result, Covr is both ultra-secure and convenient for people to use – and the shopping holidays can become a fun, safe, and happy experience again for your customers.

In recent years, proving who you are has become more critical. Companies and online services need verification and use different methods for you to do so. We started with increasingly complex passwords, but more and more are looking at 2-factor-authentication or even multi-factor authentication. But what way is preferred, both from a security and user-experience perspective?

Having complex passwords that you can’t even remember yourself has lately proven to be a relatively poor method of securing your online accounts. Bill Burr, the former manager at the National Institute of Standards and Technology (NIST), created the password guide used today to find a secure password. The problem is that the guide was produced in 2003, and Burr now says that he didn’t understand how passwords worked during the time. The principle that is being used today doesn’t ensure safe passwords. A better method of creating secure passwords is to put together three or four unrelated words, resulting in a longer password without being unreasonably challenging to remember.

But having just a password to verify your identity has proven insufficient; look at the Heartbleed bug a few years ago, where thousands of passwords were leaked. In addition, through the years, there have been several reports where hacks or simple errors have compromised passwords. So, to stay safe, there should be another method to prove you are you.

The answer has come in the form of 2-factor authentication, where you use your password to log in to an online account and then get prompted on a different device (often your mobile phone) to authenticate that you are attempting to log in to that account. This ensures that you are you, or at least in theory. In addition, many started using text messaging to send a passcode you entered to verify the login. But lately, there have been numerous reports of such text messages being redirected to a different phone, and thus the authentication process is yet again insecure.

Many companies, such as Google, have created an app that ensures the verification code is only sent to that specific phone. In countries like Sweden, the banks have joined forces and created a Bank-ID linked to the citizen’s identification number. The problem with these is that they do not work globally or universally across platforms. In Google’s case, the service provider must then use Google’s authentication and, thus, their login system, which might be undesirable for many service providers. In the case of the Swedish Bank ID, you must have a Swedish personal number and a Swedish bank account.

In other cases, the verification process often requires several steps, which becomes a hassle for the user. This reduces the willingness to use the verification system. Since people tend to use the path of least resistance, the user experience must be at the system’s center. If logging in to your account isn’t easy, you will probably use a less secure method instead.

With Covr, you can offer your users a safe way of authenticating themselves and authorizing transactions via an app on their smartphones
With Covr, you can offer your users a safe way of authenticating themselves and authorizing transactions via an app on their smartphones

Developing a universal and global multi-authentication system that is secure and easy to use is, therefore, desired and urgent. Luckily, we are now seeing several such systems being developed, and the one currently leading the charge toward secure and easy online verification is Covr Security. They are a Swedish company that has used the experiences from the Swedish Bank-ID to create a system that is non-affiliated to a vendor with its agenda and works around the globe. The system is easy to use and implement and ensures the highest level of security. Simply put, it offers all that you could ask for in a multi-factor authentication system