A retailer that fails to balance various age groups' cybersecurity needs risks making its tech products inaccessible to parts of the population.

Justin Fox, director of software engineering at NuData

Online audiences are growing increasingly age-diverse. They now range from children gaming on their caregivers’ smartphones to seniors video chatting with their grandkids. While that diversity is generally a good thing, it also poses a security challenge for retailers.

Every user is different, with different needs, worries and levels of risk tolerance. Some of those differences correlate to age groups—and that can make it hard to design ecommerce technology that ensures security and a good experience for all ages.

For example, requiring multi-factor authentication (MFA) on ecommerce transactions can help protect against fraud and accidental purchases by children. But for seniors, who tend to be less experienced with digital tools, an MFA notification on a phone lock screen can be easy to miss, leading to abandoned carts and user frustration.

A retailer that fails to consider—and carefully balance—the cybersecurity needs of different age groups risks making its ecommerce apps and other tech products inaccessible to large segments of the population. To avoid this outcome, make sure your product teams are aware of the potential barriers various age groups face—and challenge them to find ways to verify user identity that don’t impede any group’s access.


Different age groups face different barriers to online access

When engineers and designers imagine the end-users of their products, they often visualize people with similar capabilities, experiences and knowledge as themselves, and they tend to design product features, including cybersecurity protections, accordingly. However, most apps’ product teams are less diverse than their existing user bases, especially when it comes to age. Nearly three-quarters (73%) of tech workers say the average age of employees at their company is between 20 and 40.

This homogeneity can contribute to biases that cause age-related accessibility factors to go overlooked. Below are a few potential barriers your product teams should consider during the development process.

Children and teens: Fearlessness necessitates guardrails

Children of all ages spend a great deal of time immersed in digital worlds for entertainment, communication and schooling. As a result, they tend to be very digitally literate, and they’re generally not intimidated by new digital tools.

However, children’s fearless embrace of technology has a downside. They may not fully consider the consequences of their actions online, whether it’s sharing personal information on an insecure website or making unauthorized in-app purchases in a mobile game with a parent’s credit card.

Even if your app or website isn’t intended for kids, you should assume that some children will gain access. Keeping the internet safe for children—and protecting their caregivers’ wallets—means putting up guardrails to avoid accidental ecommerce purchases and other issues. However, those guardrails can’t add friction to the overall user experience or reduce access for different user groups.


Seniors: Inexperience impedes access

Unlike other generations, adults aged 65 and over didn’t grow up using the internet. That hasn’t stopped them from adopting online services—43% shop more online than they did before the pandemic.

However, a lack of experience using digital tools can translate to difficulty performing key actions online. For example, during a new account opening, an inexperienced user may miss messages asking them to confirm their email address, so they never complete the account creation process. Many seniors are aware of the rising incidence of fraud and cybercrime against their age group. They are wary of unexpected texts and notifications—another reason why MFA can present an accessibility challenge for this age group.

A large volume of unused or unconfirmed new accounts, abandoned shopping carts and password help requests can signify that your less experienced users struggle with your platform. You need online user verification processes that instill confidence in seniors rather than making them wary and that don’t require them to interact with easily missed notifications or messages.

Other adults: Meeting a variety of needs

We tend to think of non-senior adults as a relatively tech-savvy group, but that’s not always the case. Digital literacy can fade over time, and an adult who doesn’t use online tools regularly may start to lose their ability to perform basic tasks with technology. Technology is also constantly evolving, and adults may not have the time and energy to learn to use newer tools and platforms. These factors can lead to some of the same frustrations described in the seniors section above.


Also, not all adults have equal access to technology. Almost half of lower-income adults don’t have a broadband internet connection at home. Some may be working from an outdated or even damaged device if they can’t afford to upgrade their phone every year. This can make it harder to use some common verification technologies: For example, someone with an older phone without a fingerprint scanner may not have access to access an app requiring biometrics to log in.

Other adults are in the ranks of the one in four Americans who have a disability, which may further impact their ability to use common app features. Even if they have a phone with a fingerprint scanner, someone without hands won’t be able to use it. Taking these possibilities into consideration will help you design verification processes that work for all users, regardless of their income level, skill level or disability status.

Leveraging technology to improve accessibility

Raising awareness about barriers to access associated with age groups is a vital first step to designing more accessible security protections. From there, you can work to counteract the biases that might result from your team’s homogeneity, for example, by testing products on a more diverse group of users.

With accessibility top of mind, your product teams can leverage technology to understand each user’s unique needs and adapt online experiences to them. Many apps have already taken the first steps by offering users multiple options for authenticating their identity, for example, by asking whether they’d prefer to receive a code by email, voice call or text. But layering on additional technology could remove even more friction and potential barriers to accessibility. For example, by using passive biometrics, you could verify each user based on inherent behavior, such as how they type or hold their phone. In cases where there is a high degree of confidence, you wouldn’t even need to ask for a password or MFA code at all.

No single solution can address the cybersecurity needs of all age groups. However, experimenting with the full range of technologies available today could help you design more accessible experiences that welcome a broad diversity of users.


A first step toward a more inclusive world

When it comes to accessible and inclusive design, age is just the tip of the iceberg. Factors including gender, race/ethnicity, socioeconomic status and disability also affect how people access and use technology, and retailers should consider all of them in designing cybersecurity software.

However, considering the needs of different age groups is an excellent start. By designing your cybersecurity protections for an age-diverse user base, you’ll make your products more accessible, improve the overall digital experience and build trust with customers across generations.

NuData is a fraud-prevention company owned by MasterCard Inc.