Why there's no account e-mail verification?

[Greg1234]

When user makes an purchase, and he has to create account for that, there is no mechanism to check if he owns the e-mail address that he provided. Why? I understand that when you allow to create orders without registration, then the order can be placed with trust that he provided correct data.

But we don't allow to purchase without registration, that means user has to create valid account before purchase. And there is no email with link that user has to click to confirm his e-mail. The account is automatically created and only the e-mail customer gets (next to order confirmation) is that he created the account.

Can anyone know solution to this? Can anyone know a reason for this to be this way? I know I can probably buy paid module that does it, but I think such a basic (super basic) functionality should be provided by the store without any module. What's next? Maybe next version of Prestashop will require me to buy paid module for my customers to be able to place an order at all? For me it sounds as crazy as no option for account verification.

[GabrielLuk]

Basically, what it's all about... You are interacting on your web with USERS or PEOPLE.

Many companies prefer to be in touch with a person. Reddit and other websites, which are anonymous, are nearly pure online communities, would be exceptions.

1- An e-mail checked is a confirmed e-mail user. A checked email may minimize irritation if an email has been typed incorrect.

2- Prevention of some simple bots If a user joins some music, makes a bunch of playlists and logs out and forgets the password... If you can restore your password correctly, it would be great.

3- For marketing purposes, a checked email is of higher value. You know the email is a dead end and not a fake one.

4- You may analyse the behaviours of users and concentrate them on their surfing patterns directly.
5- A checked email allows you to contact a person regarding security breaches or other critical site problems.

An e-mail that has been checked prevents misuse. There are several individuals with my name who either register for services and mistype their email addresses, or sign in to some altered hook-up site which does not require verifying (for obvious reasons), so I regularly get spam and information from places I never sign in.

 

[Greg1234]

23 minutes ago, GabrielLuk said:

Basically, what it's all about... You are interacting on your web with USERS or PEOPLE.

Many companies prefer to be in touch with a person. Reddit and other websites, which are anonymous, are nearly pure online communities, would be exceptions.

1- An e-mail checked is a confirmed e-mail user. A checked email may minimize irritation if an email has been typed incorrect.

2- Prevention of some simple bots If a user joins some music, makes a bunch of playlists and logs out and forgets the password... If you can restore your password correctly, it would be great.

3- For marketing purposes, a checked email is of higher value. You know the email is a dead end and not a fake one.

4- You may analyse the behaviours of users and concentrate them on their surfing patterns directly.
5- A checked email allows you to contact a person regarding security breaches or other critical site problems.

An e-mail that has been checked prevents misuse. There are several individuals with my name who either register for services and mistype their email addresses, or sign in to some altered hook-up site which does not require verifying (for obvious reasons), so I regularly get spam and information from places I never sign in.

 

I am sorry but I don't understand a word from your answer. Have you really understood my question?

[GabrielLuk]

Yes, I try my best to give you as much information as possible. 

Registration sounds like a boring, long process that does not have to do with the task: to make an acquisition. Some site registration is a long and tedious process, sometimes even as a separate step from the check-out.

You don't have to be so. When a user makes a purchase, the user typically already requests all the information necessary for registration. Websites usually request information, including name, transport and billing information, required for the transaction. Furthermore, websites usually request an email address for an email address and update the status of their order.

The only aspect of registration not covered by a standard check-out is a password.

Before users enter the checkout process, it is obviously an option for registration. Some users want to register and to see confidence if they want. When you have the option to create a password after the transaction is completed, please tell the user when you can expect the option rather than during the check-out process.

Edited January 20, 2020 by GabrielLuk (see edit history)

[Greg1234]

Sorry but either your English is not good, either you still don't understand my question.

I asked: when user makes an purchase and creates account, why there is no mechanism that checks if user is owner of the provided e-mail address? Despite of problems coming from user made mistake in the e-mail, additional problem is that some bots can make hundreds of fake accounts, or someone can use other person data to create a purchase.

Also explain me please what this sentence means: "Furthermore, websites usually request an email address for an email address and update the status of their order."

Edited January 20, 2020 by Greg1234 (see edit history)

[electriz]

@Greg1234

I was wondering the same. This option with link to verify should be implemented by default - or at least, as an option which you can turn on in BackOffice.

This is really weird and does not protect from creating spam-accounts at all.

I know there are modules with captcha or even with this account confirmation link - but still why should you look for module when this option should be built-in Presta...

Edited January 20, 2020 by electriz (see edit history)

[Greg1234]

8 minutes ago, ndiaga said:

I think  it will be very easy to implement ...

Yes I think it is not super complicated, but without coding skills it's impossible to do it without module. And as I mentioned, I find this such a basic feature of online store, that it is at least surprising that Prestashop doesn't offer it, and the reasons for it are totally non understandable for me. 

[Greg1234]

21 minutes ago, ndiaga said:

Email verification  can discourage some  customers.

I would say that account registration can discourage (not link verification), but if you require people to register then the registration should be secured with e-mail verification.

 

Quote

So we think  that the only reason they come to your website  is they find your products  usefull and the only they register is they  are willing to buy  so why verify theire emails?

Yes, our customers don't contribute in any way.  But there has to be a way to contact a customer, in case of payment problems, products availability, delivery delay or any other reason. So since we don't require phone number, the e-mail has to be correct. This is a first reason. 

Second reason is imagine someone makes an order using your e-mail address, he can make us and you some problems, not unsolvable, but also not necessary. 

Last reason is that if user simply provides e-mail address with a mistake, we will see the order as completed but if user doesn't contact us that he didn't receive any order confirmation (just he will assume the order didn't happen), we will have no way of finding this out, and also no way of contacting him.

 

Quote

In e-commerce   a long, painfull registration process will drop  sales.  

Sure, this is definitely true, but then there should be an option to disable or enable it, because for some (for many I believe) this is needed.

Edited January 20, 2020 by Greg1234 (see edit history)

[Greg1234]

@ndiaga 

You mean newsletter subscription module? Funny you suggest this as "with no issues" solution

This is not a solution. It is even far from being a work around.

The issue is apparently Prestashop doesn't have this feature, and   according to what you say it was decided this way 😕

[Greg1234]

Quote

I  see you really  want to  have this feature in your website  so why not  hire a dev  to provide  the solution or buy  a   module that  does  it?

OMG man, I can write it myself and looks like I will have to. This still doesn't change the fact (which is the subject of this discussion) why isn't it available in prestashop. 

I know I can hire a developer or buy a module (read the 1st post) but this is the issue, I think it should not require investing extra money as it is a basic functionality...

[peekyou]

I agree with Greg, it should definitely be a functionality in the core of Prestashop, which anyone would be able to enable/disable.

[robb84]

I'm sorry, but I have to say that it's absolutely unbelievable that there is no default way to verify email address when customer/visitor create an account (as happens in 100% of the e-commerce shops in the world).

[robb84]

It is certainly an extra step that customers need to add to the process to complete an order, but it is also about being professional. People are used to validating their e-mails during the registration/buying process in online stores. I don't think there are any shops that don't include this step. Even if the double opt-in is not mandatory in the GDPR during the registration step, it is still an extra guarantee for customers, which certainly, for the more careful ones, it will surely be appreciated.

To "sweeten the pill", it could be pointed out during the e-mail confirmation procedure that this mechanism serves to ensure the safety of customers. To create a "flowing" experience, it would be perfect, after clicking on activation link, If there are products in the cart (and therefore registered from checkout process) make a redirect directly to the 1st step of the checkout to continue the order process smoothly.

Maybe another aspect to consider should be that of login via social media (facebook, google, etc.) as if they register through these services (aka social login), the e-mail address should already be activated and therefore the activation email link should not be needed.

My 2 cents

[Ninnetyer]

So, any news on this?, this feature is a must in vanilla Prestashop with so many bots around, not to mention the quantity of fake emails that can be registered, or the quantity of fake purchased using someone elses email that your store may face. Why nobody though about this?.

There is literally no e-shop that won't use email verification.

[jetway]

Well, this one is pretty simple. A user interacting with your store is unlikely to give you a fake email. If he has the intention to buy something, why should he give you the wrong email when in the end, you have his mail address?

If you're operating an online community, that is a very different topic because, in that case, you have nothing to identify a user, and then email verification makes sense.

[cataplina]

On 11/30/2020 at 3:19 PM, ndiaga said:

We  are  working  on  a  module.

Great! Let us know when it is ready because I´m very interested

[smampfal]

On 5/18/2021 at 3:49 AM, ndiaga said:

Hi,

The  module  is  ready .

Please contact  me  for  further detais. 

i would also be happy about this module :)

[ifs-net]

also password reset does not work for customers