SAS: Rising above in customer security

We started the work by researching different CIAM alternatives, best practices, and the most suitable technologies for the SAS IT environment. The importance of design was also highlighted from the beginning, leading us to benchmark popular brands such as Spotify and Meta.

We aimed for the optimal total cost of ownership and considered SAS’s in-house resources and the recruitment market of top cybersecurity professionals. With these aspects in mind, we recommended using a commercial CIAM instead of open source. This way, the chosen service provider would be able to ensure CIAM maintenance and development in the future.

Next, we created the project plan and started the execution in close collaboration with the SAS global IT team. At the Futurice end, the development team consisted of a product owner, a full-stack developer, and a UX and UI designer from Futurice’s Family company Columbia Road. As we were doing discovery and delivery simultaneously, we primarily used the Kanban framework, enabling a transparent and agile process that can quickly adapt to the new findings.

Throughout the process, our guiding principle was that existing proven customer flows would be changed as little as possible. We updated the login redirect flow for security reasons and added an email confirmation request for more reliable user verification. At every step, we ensured the new features looked and felt like SAS.

In addition to establishing the authentication service, we built a global CIAM platform that the individual teams in the SAS Digital & IT could easily adapt and use. As the process continued, we received input from more teams. All in all, we struck a successful balance between developing the service, delivering on business and technical requests, and managing technical debt.

The airline protects its data using the best available methods and technologies, and SAS’s customers are now safer. Misuse of customer accounts is made near-impossible, and with improved user data collection, SAS’s fraud detection can stop fraudulent activity before it happens. Unauthorized visitors have minimal opportunity to access the site, and even if they did, SAS would get accurate data on the attempts.

The quality of customer data has clear benefits in terms of customer experience, personalization, and technology costs. From a brand perspective, reducing the risks of security and fraud has a positive impact on cost and potential reputational damage.

Modern multi-factor authentication methods will also improve the overall customer experience and decrease customer service load by making self-service easier. In the future, SAS will explore ways to add “instant signup & login” to the loyalty program by utilizing customers' accounts on other platforms, such as social networks. The goal is to make joining the EuroBonus program simple and convenient without sacrificing security and account protection.

Try it for yourself and take flight securely here ->