Here’s an interesting experience I’ve encountered recently about a few times so it bears being reported. A big American coffee chain replaces its customer loyalty card with an app. This is fairly common today – in fact, as a customer, please don’t give me physical cards. I hate carrying them around and they often aren’t with me when I need them. From the organization’s CX point of view, the card has less features to capture customer-brand engagements compared to an app. The app, however, better be useful to me as a customer. I’ll rant about mobile app usefulness in another story so, back to this app.
This loyalty app is fairly useful. It accepts preloading of monetary values and I can use the app like a mobile wallet. It tracks purchases and rewards my loyalty with instant rewards and other promotions. The physical stores are well equipped and the experience is generally nice. I once forgot to bring my analog wallet (when did cash and wallets become analog I wonder?) and I could still get myself a drink and snack. In store activities also helped promote usage and I noticed that there were some forms of data mining and insights going on at the back to tailor some promotions and rewards my way. It wasn’t a lot – personally, I felt a lot more could be done but again, another story for another time.
Since it stores monetary value, it’s obvious some form of authentication is required. And once in a while, you forget your password and lock yourself out of the account or app. We do that all the time for all sorts of applications. For iOS users though, I wish the app would integrate with either TouchID or FaceID to enable greater seamless authentication (app developers take note!).
Here’s the first bump. Lock yourself out of the app and what’s the next step? Reset the password. The difficulty comes when trying to reset your password on what I call “lazy integration.” Using the app to call the website page for password reset. This meant that trying to do it on a mobile device breaks the experience. The interface is a little awkward and obviously the fonts and size is a compromise. 2FA or Two-Factor authentication providers for many credit card companies also don’t have a mobile optimized 2FA screen and that is my biggest issue when companies ignore or sideline the mobile experience. The reason mobile here is critical because I would wager, 99% of the time you need the password is because you wanted to use it for a transaction on your mobile. So the reset needs to be optimized for that. When it happened to me and I failed to reset after the second try, I went to a competitor and spent my money there instead.
Next comes a pothole. The reset relies heavily on email. Google has some really smart spam filters but in many cases, you might not receive the reset email. What happens when the user doesn’t get the email on his mobile? Wouldn’t an authentication via SMS be more effective considering the app is on a mobile? What would the risk be if I stole your phone and attempted to reset the password? Firstly, as the owner, I can reset the password using my email if that is compromised. That’s why it would actually be more secure if the app would integrate with available on-device authentication such as TouchID or FaceID. The SMS reset code will only be sent provided the user authenticated with the device. My reset email never arrived or on the second attempt, took about thirty minutes to arrive – much too long.
Finally, the last pothole is that the reason I need to reset my password is because I locked myself out. Yes, its good to stop brute force attempts to break a password, but after I have reset my password, the one-hour or lockout period should be reset. Like I mentioned earlier, very likely you were trying to use the app and if it fails when you need it, that’s a pretty poor experience.
The final result? I’ve actually stopped using the app and frequenting the store. Two times was a bit too much for me. I’ve not written them off completely though. I still have the app, there’s still some cash value loaded but I no longer use it frequently except at places like airports.