Saturday, October 31, 2009

Requesting your users to update their website profile

A common practice among many website that I use is that on the odd occasion they request that you update the original information that you provided to the website. I don't know about you, but anyone email asking me to update any information makes me suspicious. There are so many spam emails going around these days that every time I receive an email that requests that I update my account details or requests information, whether they be legitimate or not always raises my suspicion as to its origins and motives. Could it be the launch pad of some sort of phishing attack or something along those lines.

I believe that website owners and developers need to put their heads together devise a set of new standards for the process requesting users to update their account details or other information that may be required! Even if the email comes from a legitimate site that looks well formatted while also coming from and email address, such as, these days it just isn’t worth taking the risk of responding to these emails with so many tricks that the data thieves and hackers out there use and have up their sleeves.

A practice that I am going to adopt in the future with the process of requesting information updates from users, is to send them an email providing information that on a certain date the website will be requiring some additional information. Stated in the email it will state that an “sms” will be sent to the user (Already captured during sign-up). The "sms" will inform the user that an email has been sent to them on that date which will contain a link to the website. Also provided in the "sms" will be a confirmation code uniquely used to identify the user. When the user checks their email and clicks the link they are taken to a page where they have to enter the code before the fields required to enter their log in details are revealed. Once the log in is complete the user will be directed to the page that will capture the new information that the site owner requires.

I believe this more structured and secure approach that although will require a bit more development effort and cost it is something that would be worth implementing. I think users would generally feel happier about providing the additional information to the site as they would have previously been notified that they were going to receive an email of this nature.

Let me know if you think this is a feasible automated approach to dealing this common suspicion around these types of email requests? Can you think of any other innovative ways to reassure users that updating information and collecting new information from the user to use on the website is a safe process?