If you can log into it, it touches customer identity.
In the wake of Facebook data breaches and rising concern from customers across the internet about various leaks and mismanagement, the idea of customer identity access management—or “customer identity,” for most purposes—has come to the fore. “Customer identity” is a mix of different services, many of which can touch browser-based push notifications. So, where do they touch, and when should you be concerned?
Customer Identity Explained
The best way to think of customer identity is if a customer can log into it and then configure it, then there is some aspect of customer identity to it. That includes push notification preferences for browsers. For example, if a user opts into push notifications on one browser, and signs into a browser on another device, how that browser manages customer identity may or may not carry over push preferences.
It’s also a point of concern if you offer push notification signup behind a log-in screen, such as informational push notifications for when a product ships, or push notifications about financial matters. While browser-based push notifications can be encrypted “end-to-end,” and this data is minor next to breaches like Social Security numbers and credit card data, it still may be a point of concern for your customers, and you should have an answer for how you manage it.
Need to log in?
You Can Lead A Horse To Security…
Part of the problem with customer identity is, awkwardly, the customer. We all have customers that use awful passwords, share passwords with literally everyone, enter their passwords into any dialogue box that asks nicely, and so on. And then, of course, there is the reality of systems; if it’s designed to allow people in, there is some degree of vulnerability to people breaking in.
Fortunately, push can be used to control this. For example, you can offer a “security push,” so if somebody logs into a customer account from a device you don’t recognize, you can push an alert to the browser they’re logged into to let them know that happened. When customers make changes to their account, you can push out a link to confirm they’ve made those changes. In broader terms, if there are push notifications your customer needs to log in to your site to activate, make sure that it’s equally simple to deactivate them, making the preference visible and easy to find in your back-end.
In a broader sense, it’s worth being aware of the customer identity approach of the browsers you work with. Chrome, for example, works fairly hard to ensure a seamless experience across any form of browser. Ideally, whenever you get a new device, you log into your Gmail, and everything else falls into place. But that may shift depending on how browsers are engineered, and it’s worth keeping track of how this experience works and changes over time.
Customer identity touches a huge range of topics, well beyond push notifications. But the most important aspect is customer service. If your notifications are informative, easy to configure, and easy to use, then you’ve won half the battle right there. To see push notification in action, get a free trial of Pushnami!