two factor authentication, improving security in ecommerce

The most precious asset today is data or information. The more meaningful data you collect, the richer you become. A software company can finish due to just one pen drive. Therefore, to remain in business, you have to win customer trust. Customer trust is also the first step towards making a business profitable.  This is also one of the famous techniques for improving security in e commerce. The threat of hacking is also increasing. A hacker can steal all your data if it is not secure. Therefore, all software companies take data security very seriously. To achieve this goal they use many tools as part of their standard procedure of software development and ensuring security. Two factor authentication is also one out of them. All leading websites and applications use this to make them secure. This also enhances user trust in the ecosystem. From Facebook to Flipkart, YouTube and Amazon everyone provides this option to customers.

What is two factor authentication?

This is a process of improving security of a web application or a website. This is also a standard technique for improving security in ecommerce website development. In this case we cross check user credentials two times. One by regular login id and password and second by sending OTP on mobile phone. When both (password & OTP) match with the values entered in the database, login is confirmed. If any of them fails or mismatch of credentials or security check the application does not allow the user to get inside.

How two factor authentication works

This is part of the login process. All actions happen on the login page. Check out the steps below to understand the process.

Step 1

First of all you have to enter your login ID (email id or phone number) and password. The software matches your details with already saved data.

Step 2

If the details are the same as the one you entered it triggers the next step. The software sends an OTP (one time password) which is normally a 4-6 digit code using a standard OTP message template. You receive this message on your registered phone number or email (depends on software application).

Step 3

Now you have to enter this code inside the OTP space (text box). This code is also available in the system. As soon as you enter the code, it matches the entry and allows admission only when this is a 100% match. On successful authentication, you enter in the application or website as login successful.

What happens after multiple failed login attempt?

In normal circumstances, the application gives you the option to receive the code again. You can simply click on the “send again” link and receive the message once more. Once you enter the code, it verifies the code again. Only a successful match can take you inside the application. Normally you get 3-5 attempts for authenticating an account. If you fail to do it then your account gets locked.

How many unsuccessful login attempts are allowed?

There is no international standard procedure available for two factor authentication. This completely depends on the client. For example, in the case of banks, many of them allow three attempts. After three unsuccessful attempts the account gets locked. In some other applications, user login may get suspended for 30 minutes. In case of State Bank of India after three unsuccessful login attempts the SBI net banking (user specific) will block for one day. So this is completely application and requirement specific.

What happens after 3 unsuccessful login attempts in SBI and other banks

The purpose of two factor authentication is to ensure security in transactions. As a standard procedure, most banks disable old passwords completely considering it a security threat. But on the other hand, you can easily generate a new password after verifying other personal and financial details.

Why is two factor authentication important for improving security in e-commerce websites?

There are many ways for improving security in ecommerce websites. Ecommerce websites save a lot of data. This data is very precious considering your privacy. They collect data like personal details, debit and credit cards database etc. Any kind of data leak from ecommerce may lead to financial loss. Therefore, all e commerce companies try their level best to ensure customer security. Therefore it is important for them to include two factor authentication for improving security in ecommerce.

Change Language »