Back to Case studies

SAS: Rising above in customer security

SAS, the leading airline in Scandinavia, is constantly reinventing itself in digital-first services, where digital safety is just as important as in the air. The new customer authentication layer, co-created by Futurice, raises the airline’s security capabilities, providing state-of-the-art fraud prevention and data security for travelers worldwide.

An SAS employee cheerfully serving a customer at an airline counter

Technologies used

  • Auth0
  • Java
  • JavaScript
  • TypeScript
  • React

The challenge

As cybersecurity threats and fraud attempts increase rapidly, SAS wants to provide safety for its customers – not just in the skies but also in its digital channels. The airline’s security enhancement process was at a phase where the next step was establishing a modern customer identity and access management (CIAM) layer on the company’s global website to help combat fraudulent activity and improve account security. The main goals at this stage were to overhaul the features related to logging in, customer profiles, and customer data. Another essential aspect was functionality and seamless service flow through every touchpoint – including when a password is forgotten.

Impact and outcomes

  • Improved security and fraud prevention

    More safety for customers, lower reputation risks.

  • From reactivity to proactivity

    Detection features help stop fraud before it happens.

  • Better customer data

    Benefits in terms of customer experience, personalization, and total cost of ownership.

What we did

We started the work by researching different CIAM alternatives, best practices, and the most suitable technologies for the SAS IT environment. The importance of design was also highlighted from the beginning, leading us to benchmark popular brands such as Spotify and Meta.

We aimed for the optimal total cost of ownership and considered SAS’s in-house resources and the recruitment market of top cybersecurity professionals. With these aspects in mind, we recommended using a commercial CIAM instead of open source. This way, the chosen service provider would be able to ensure CIAM maintenance and development in the future.

Next, we created the project plan and started the execution in close collaboration with the SAS global IT team. At the Futurice end, the development team consisted of a product owner, a full-stack developer, and a UX and UI designer from Futurice’s Family company Columbia Road. As we were doing discovery and delivery simultaneously, we primarily used the Kanban framework, enabling a transparent and agile process that can quickly adapt to the new findings.

Throughout the process, our guiding principle was that existing proven customer flows would be changed as little as possible. We updated the login redirect flow for security reasons and added an email confirmation request for more reliable user verification. At every step, we ensured the new features looked and felt like SAS.

In addition to establishing the authentication service, we built a global CIAM platform that the individual teams in the SAS Digital & IT could easily adapt and use. As the process continued, we received input from more teams. All in all, we struck a successful balance between developing the service, delivering on business and technical requests, and managing technical debt.

It’s been a pleasure to work with Futurice on this large and complex project. Their highly skilled and motivated team members have fully integrated into the SAS team. A key finding in working with the Futurice team in this project is the “can-do” attitude towards whatever we explore, and their high-quality development and customer value-driven approach in all areas of the development cycle. I am very pleased with the team and how they take on our roadmap to further strengthen and improve our services.
Peter Gustavsson
Head of Loyalty Solutions, SAS

Why it matters

The airline protects its data using the best available methods and technologies, and SAS’s customers are now safer. Misuse of customer accounts is made near-impossible, and with improved user data collection, SAS’s fraud detection can stop fraudulent activity before it happens. Unauthorized visitors have minimal opportunity to access the site, and even if they did, SAS would get accurate data on the attempts.

The quality of customer data has clear benefits in terms of customer experience, personalization, and technology costs. From a brand perspective, reducing the risks of security and fraud has a positive impact on cost and potential reputational damage.

Modern multi-factor authentication methods will also improve the overall customer experience and decrease customer service load by making self-service easier. In the future, SAS will explore ways to add “instant signup & login” to the loyalty program by utilizing customers' accounts on other platforms, such as social networks. The goal is to make joining the EuroBonus program simple and convenient without sacrificing security and account protection.

Try it for yourself and take flight securely here ->

About Scandinavian Airlines (SAS)

Scandinavian Airlines commonly known as SAS, is one of the more popular airlines in the Nordics. SAS offers the most departures and has an attractive offering for people who travel frequently to, from and within Scandinavia. SAS conducted 817 flights daily in 2016/2017, and a total of around 30 million passengers traveled on SAS’s 272 routes between 123 destinations in Europe, the US and Asia. In addition to airline operations, activities at SAS include ground handling services, technical maintenance, and air cargo services.

Talk to us

Get in touch

Wherever you are on your digital journey, our services and experts can help you along the way. Let's get talking!