On this day 10 years ago, software developer Jack Dorsey (@Jack) typed out a simple message. He only had 140 characters to work with and the words “just setting up my twttr” shortly appeared on the website which we now recognize as Twitter.
Its popularity exploded from there. By 2007, global users were sending 5,000 tweets a day and just three years later, in 2010, it had skyrocketed to over 50 million. When Twitter filed its initial public offering in November 2013, it was over 500 million tweets a day.
But as the saying goes, what comes up must come down, and on its 10th birthday, the future of the site looks a little uncertain. Today user growth is stalling and advertisers are decreasing their spending on the social media site. But that said, Twitter is certainly making all efforts to try to win back the attention of its users and advertisers. In particular, Twitter has recently been trialling ‘buy’ buttons directly in the ads they host, allowing users to make impulse online purchases with ease. It’s not just a perk for users; advertisers like it because it links social media campaigns directly to revenue rather than just ‘likes’ and followers. There is, however, an obvious security and trust issue here.
In the decade of Twitter’s existence, we have experienced a real shift in the threat landscape. Cybercrime is more sophisticated and more targeted than ever before. So even if we accept that these web sites have sufficient security to protect stored credit cards, there is the bigger issue of authentication. People check social media sites up to hundreds of times per day. Passwords and credentials are nearly always cached and users want simple methods to protect their accounts and private information – no one wants to type in a complex 16 character riddle to access their Twitter account. Yet these same credentials might now enable a payment. Apple Pay faced a similar issue in enabling mobile payments and decided on biometric authentication utilizing a fingerprint scan as a secondary authentication method.
In addition, this relationship between retailers and social media sites adds a layer of complexity to risk and liability for fraud and chargebacks. These are all ‘card-not-present’ transactions, so the risk is with the ‘merchant’. But who is the merchant? The social media site, or the retailer?
In an ideal world, the party that is conducting the transaction should be in charge of the level of security that is applied. But in today’s world it is not so simple. If the social media site is making the payment decision (based on their own authentication schemes), but the merchant that ships the goods is bearing the risk, then we have an imbalance, and a potential problem for the merchant, who may find themselves with a risk over which they have little control, or visibility.
So as Twitter continues to mature, and introduces new functionalities, its approach to best security practices should too. With the growth of new digital payment methods and social media sites turning into e-commerce sites, it is crucial that data protection and privacy become part of the fabric to assure consumers that their information is protected Only then will consumers completely trust these new methods and technology.