Rachel Folz

People, product, and process pro.

Groupon does proactive security right

My new least favorite Sunday hobby is working through all of the notifications I receive about possible suspicious activity on my myriad of internet accounts.

Like most internet users, my online life is littered with lots of old, not-so-secure passwords logged on long-forgotten sites. But these passwords haunt in the form of emails claiming that action is needed on my part to correct unexplained activity on my account.

Usually, the email asks me to complete some serpentine set of reauthentication that their site isn’t exactly optimized to handle. In some cases, (ahem, Fitbit) I had to go three sub-menus deep to an area of the site that hasn’t been touched by a developer since “Gangnam Style” was a hot, new dance craze.

In case you need a refresher.

But today, an old friend surprised me and shared a lesson on how we should all be more proactive about securing the information users share with us.

I received an email from Groupon saying that they had noticed some usual activity in my account. Okay, nothing new there but the next part is the difference-maker.

“To protect your account, we’ve proactively deleted your billing information and removed your existing Groupon password. “

Yes! Thank you. This shows an understanding of what the goal of a breach is. Hackers don’t want to use my account to save 50% at Latitudes Bar & Bistro, they want to buy gift cards to sell or to get ahold of that sweet, sweet credit card information. This simple, and dare I say, automated, act demonstrates to me that Groupon cares about users and understands what’s at stake. It doesn’t put the burden of unspooling this mess with me, instead, they used their systems to protect what matters.

Even more than that, they are taking a chance. They know if my credit card information isn’t saved with them anymore that there will be a little friction the next time that I go to complete a purchase, but they trust their value, and their values, enough to protect me at a possible cost to them.

That’s great user experience.