Skip navigation
All Places > In the News > Blog > Author: taylortwain

In the News

3 Posts authored by: taylortwain

3 Considerations for Building a Gig Economy App

 

The largest hotel chain in the world (Airbnb) has no hotels, and the largest taxi company in the world (Uber) has no taxis. How did this come about? How did these and other so-called “gig economy” companies impose massive disruption on billion-dollar industries in such a short time?

Part of the answer, of course, involves their novel business strategies. But also at play are the apps that drive these gig-economy companies. Uber, Airbnb and the like would be nothing without well-designed apps that deliver an excellent user experience.

 

In this regard, there is a lot that developers can learn from the gig economy. Traditionally, programmers haven’t spent much time thinking about how to develop the type of app that powers a company like Uber. But as the gig economy grows more and more important, that will likely change.

 

Toward that end, let’s take a look at what developers should be thinking about if they’re building a gig-economy app. The lessons below apply whether you’re creating such an app from scratch, or improving one that already exists (and yes, while gig-economy apps like the ones I’ve mentioned above may be great, there is always room for improvement).

 

Scaling the stack

 

To be competitive and relevant in today’s gig economy market, where customer expectations are basically going through the roof, scalability is key. It doesn’t matter whether there is just one user on your app or 100,000 — They all expect your app to perform like Netflix. Accounting for spikes in usage is an important part of scaling and you need to be ready to handle the traffic before you start advertising or giving out discounts. The key here is to scale horizontally and automate the process of adding and removing containers or virtual machines based on demand.

 

Automated scaling isn’t just about adding more nodes based on a preset threshold. It’s also about automatically rebalancing the workload among the servers and hosting virtual machines in multiple regions. Load balancers monitor nodes and distribute traffic efficiently among them so no one node takes on too much work. However, this process must be repeated every time there’s a significant change in workload, or some servers may be overworked while others just waste away. That’s why it’s a good idea to automate the process with a tool like Elastic Load Balancer from AWS or Cloud Load Balancer from Google.

Location and architecture

 

Location is important, too, and multi-region hosting offers much better latency for end users. This is because apps deployed across multiple regions can not only serve users from more data centers, but also from data centers that are in closer proximity to them. It’s good to not have all your eggs in one basket, especially in case of a DDoS attack. Multi-region hosting is critical with regards to disaster management, as it not only keeps your data safe, but also allows for a backup cloud to pick up the load if one cloud service is attacked or compromised.

 

Scaling out is different from scaling up, and it’s where you add more nodes as opposed to upgrading them. Without the proper application architecture, however, scaling out can lead to a drop in performance as the nodes struggle to communicate with each other. This is especially true for microservice architecture where services communicate with each other in more ways than we ever thought possible. A microservice service mesh like Istio facilitates this inter-service communication by acting as a communication layer for your services. Istio provides a way for developers to seamlessly connect, manage and secure networks of different microservices, regardless of platform.

Simplicity and security

 

Local services apps like TaskRabbit, Handy, and Thumbtack have numerous service options like plumbing, moving and packing, home improvement, and more. The secret to managing this complexity, however, is to keep it all as simple and organized as possible. The more complex your application, the harder it is to scale, so the secret lies in masking all that complexity behind an extremely well thought-out and simple user interface. It’s also important to keep app size down to a minimum. A smaller app not only makes your life as a developer easier, it also takes into account the limited storage capabilities of most mobile phone users.

Online payments are a great way to make the app experience convenient, and more payment options mean a higher conversion rate. Where there’s money involved, the risks of a breach are always higher, so be proactive about security. Encourage users to change passwords frequently, especially when there are digital wallets linked to your app. You also need to be quick to disclose when a data breach happens and keep all user data encrypted to the maximum level.

 

Cloud vendors follow the model of shared responsibility where they are responsible for the security “of” their cloud platform, but you are responsible for security “in” their cloud. Key management services that can encrypt data at various levels both in transit and at rest can give you more control over data access and better security.

 

Lastly, future-proof your app to take into account your industry and the technology you are currently using. Your app will never stop needing enhancements, so don’t get comfortable, or you’ll be a sitting duck for the next startup thinking about “disruption.”

 

Conclusion

 

Software is eating the world, and the gig economy is no exception. While the innovative business models of gig-economy companies may be part of the reason for these companies’ success, the apps that gig-economy companies build are also key — and can be the deciding factor between a successful gig-economy company and a failure. Winning in the gig economy requires an app designed for scalability, security, performance and future-proofing by following the tips outlined above. 

Businesses invest a lot of resources in getting consumers to click on ads and drawing visitors to websites or mobile apps. They create amazing product displays to make people like and engage with their product catalog. They even offer irresistible discounts to finally get their products added to the shopping cart.

 

But even if these efforts are successful in attracting clicks and visitors, they don’t necessarily lead to results. A common challenge is the issue of “cart abandonment,” which means potential customers abandon a website or app once they are in the middle of the process of selecting items or paying for them. On average, an online store loses 75%-83.6% of sales to cart abandonment.

 

cart abandonment at 75%

 

Why do customers abandon their digital carts? There could be lots of reasons, of course, but poor user interface or user experience are chief among them, which are both issues that developers can help address.

 

Toward that end, here’s a list of five tips for preventing cart abandonment by improving the mobile flow checkout for their apps.

 

1. Let users check out as a guest

Thirty percent of users abandon the cart if they’re asked to register upfront. Niche players face this challenge more than the Amazons of the world. Customers don't like registering unless it is tied to a benefit (say a coupon code). Sometimes, even existing customers don’t prefer signing in. This is especially true when they forget their passwords and have to go through the password reset flow. These are key reasons why cart abandonment rates are lower with sites that allow users to check out as a guest.

 

good mobile workflow checkout as guest

While some users might like to provide information to get personalized suggestions, others might not like spending time filling out registration forms. So, always give them three options: sign up, sign in, and check out as a guest. This should not be a problem with fulfillment, as you can always add email and contact number fields in the delivery information form.

2. Make data entry a breeze

Most people avoid signing up just because they are too lazy to enter their details. Even when you allow users to check out as a guest, they will have to fill out the delivery form. So keep the forms precise and less boring. You can create a great user experience if you can fill out some of the fields in the delivery form by requesting certain permissions. For example, by requesting access to a user’s Google+ profile, you can fill out the fields like first name, last name, email, etc. Getting access to the user’s device location will help you get fields like state, city, locality, etc, automatically filled. This way, you can dramatically reduce the time your users would otherwise have to spend on a frustrating data entry process.

 

good user workflow data entry

Avoid clearing all fields if there is an error in one (or several) fields. Shoppers get frustrated with having to re-enter the whole thing. Save all the valid information and highlight the invalid information along with an error message. Additionally, display error messages clearly and avoid using generic messages like “invalid information.” The form you get while signing up for a Google account is a great example of a good user interface (UI) design. The form tells you exactly what went wrong and how it should be corrected.

 

mobile workflow how to correct fields

 

3. Make customers feel secure about payments

Not having a particular type of card or mobile wallet should not stop customers from checking out. Give them a lot of payment options. In addition, some customers are concerned about the security of their credit cards. Their fears are sometimes justified by the increasing number of cyber attacks. So always display security badges and make users feel secure about their payment. If possible, provide a delivery (COD) option for customers who don't know enough about security badges and aren’t comfortable with the online world.

4.  Keep the user focused on the checkout

One mistake that most online stores make is promoting other products on their checkout pages. This makes room for a lot of distraction. Customers tend to navigate to other pages hunting for better and better deals. They eventually end up confused looking at the myriad of options. Buyer’s dilemma sets in and results in cart abandonment.

 

You should cross-sell your products, but the checkout page is just not the right platform. Amazon recommends other products on the product page itself, but with a checkbox. This way, the user can buy the recommended products without leaving the main product page.

 

good workflow checkout

 

Keep designs simple, remove unnecessary links, and encourage a closed promo code field. Once a customer has added a product to the cart, your only goal should be getting the product checked out.

5. Avoid lengthy checkout processes

Don’t make the checkout page too long. Avoid less necessary conventional steps like asking “Are you sure about the details entered?” Break up the checkout process into multiple steps and deploy one step per page. Have a prominent progress bar to guide users through the checkout process. The load time of your site directly affects user experience. Fifty-seven percent of visitors abandon their carts if the load time exceeds three seconds. The faster your pages load, the more products you will sell.

Conclusion

Forty-nine percent of people operate their phones using one hand. So design the user interface in such a way that the user can complete the checkout process using one thumb. Make sure that the design works for tablet users as well. Enrich your app with all possible luxuries, and make the checkout flow as convenient as possible. Ensure that customer assistance is readily available. Add an iconic CTA button to call customer support. And offer useful links to FAQs so that users will not have to look for solutions across the Web when they have a problem with checkout. A good user experience is created only when you really care about the comfort of your customer.

 

 Adopting a P2PE solution is a great start to securing your retail payments, but it isn’t the end of your security responsibilities as a merchant organization. You still need to enforce best practices for developing in-house applications that interact with the P2PE system, and control the in-store retail experience to ensure security at every level.

 

Here is a checklist that can help merchant organizations and their developers ensure the key parameters are in place when building apps that involve P2PE payment processing: 

 

1. Be familiar with the PIM

The P2PE implementation manual (PIM) is an important document that is provided by a P2PE solution provider to their customers. Across the P2PE lifecycle, the PIM is the key responsibility of the customer. The P2PE provider is responsible for every other step of the payment cycle. Being familiar with the PIM will come in handy not just to troubleshoot minor day-to-day issues that arise, but to also respond quickly in an emergency. Knowing your way around the system is key to responding appropriately to an attack, and the PIM makes this possible.

 

2. Compliance needs real-time monitoring

There are many regulations to adhere to when handling payments. It takes a dedicated compliance process to ensure these regulations are enforced at every point of interaction in the app.

 

This is a challenge in today’s distributed cloud-native apps. There are numerous API-based integrations, and each of them should be reviewed to ensure they are secure. The system is dynamic, with integrations being added and removed on a daily basis. As the system changes, these events should be monitored for compliance. This requires real-time monitoring that takes into account new components as they’re added. Every event and activity that occurs in the app should be reviewed to enforce compliance and stored in an archive for auditing at a later point.

 

3. Update to the latest versions

Security patches are the main reason to keep your application components and PCI-P2PE version updated. With new threats arising frequently, the best thing you can do to enforce security is to keep your system updated. This includes software updates and replacing outdated hardware like PEDs.

 

4. Never store customer information in plain-text format

 

Never ever (ever) store customer data in plain text format

 

The whole point of P2PE is that it enforces strong defaults for encryption and decryption of card data and customer data starting from the PED (PIN Entry Device) and every step thereafter. If by any chance customer data or card data enters your system at any point of the payment cycle, or in any part of the application, it’s important to not store this data in plain-text format. This makes the data open for misuse. Instead, set up a way to monitor these events in real-time, and either encrypt the data or erase it automatically. Remember that these events should also be recorded for auditing purposes.  

 

5. Get certified by an external QSA

Though P2PE systems put the onus of security on the P2PE vendor, you still need to do due diligence to examine your system regularly. An external QSA (Qualified Security Assessor) doesn’t just help to catch potential vulnerabilities, but can also advise on optimizing system performance to quicken transactions, simplify workflows, and reduce the scope of PCI DSS audits.

 

6. Exercise caution with new payment types

With the advancement of mobile technologies, new payment methods like NFC are emerging. They are opportunities to enrich the customer experience, but they also need to be monitored for new types of security threats. Emerging technologies are prime targets for hacking, as there may be loopholes that are yet undiscovered. Appropriate defense requires monitoring with the help of machine learning.

 

7. Leverage machine learning

 

How machine learning algorithms help detect fraud

 

Combating payment industry fraud is all about the use of data. To come out on top, merchant organizations and vendors need to be able to use data better than the criminals. The only way to counter today’s complex attacks is to use machine learning.

 

Machine learning lets merchants and vendors identify attacks from patterns and anti-patterns that emerge from data — which could be a new transaction from a strange location, suspicious IPs, a sudden rise in the number of transactions on a card, and numerous other parameters.

 

ML algorithms can help spot threats and identify the sources as well. When considering a payments vendor, assess their machine learning capabilities and consider using a third-party security solution if required.

 

8. Separate retail and online payments

P2PE is specifically designed for managing retail payments. It is not meant for eCommerce transactions. It’s important that you enforce clear separation of concerns here. If the same product is available in-store and online, you’ll need to maintain inventory status in real-time and system-to-system communication to avoid conflicts between the two channels. Additionally, a data breach in the eCommerce portal may just affect retail, and vice versa. Hence, security measures should be compartmentalized when needed, and comprehensive at other times.

 

In conclusion, P2PE greatly assures security for retail payments, but simply opting for a P2PE vendor doesn’t automatically guarantee security. It takes a shared responsibility between you as a merchant organization and your P2PE vendor. By following this checklist, you can ensure your P2PE lifecycle is compliant and secure end-to-end. 

 

Related: