How the Grinch stole my identity: Three tips for fraud prevention this Christmas
Crowds aren’t the worst part about shopping during the holidays. Consumers often throw caution to the wind in pursuit of a good deal, clicking on suspicious links or giving their personal data to fraudulent sellers, writes Sundeep Tengur, senior business solutions manager at SAS.
Christmas is one the most lucrative times of the year for fraudsters, especially those who commit identity theft. As many as 8% of US consumers are affected by identity fraud at Christmas time, with 43% saying their identity was stolen while shopping online.
This International Fraud Awareness Week, it’s worth remembering that companies lose an estimated 5% of their revenue to fraud each year. However, there are clear steps organisations can take to keep themselves and their customers safe.
With a rigorous, data-driven approach to identity verification, they can stop identity fraud before it has a chance to do any damage.
1. Know your data, know your customer
As e-commerce has grown in size and importance, organisations are waking up to the fact that the digital identities customers use to shop online are highly malleable and open to abuse.
The problem is that crucial authentication decisions are too often made based on incomplete insight. This is because many organisations only collect and analyse some of the data that’s on offer.
If you don’t consider every possibility you’re only leaving blind spots to be exploited by fraudsters. For example, an authentication system may approve a large transaction by a cybercriminal impersonating a customer simply because they’re using the customer’s stolen device.
Yet, if the system had checked the device’s location and the customer’s behaviour the hacker would likely have been exposed.
The main data points to consider are:
• Background information: The organisation’s previous interactions with and knowledge of the customer based on an existing profile.
• Channel information: The channel or device the entity is using.
• User behaviour: The behaviour of the identity while they’re using your services.
• Public record: Publicly available information on the customer.
• Network analysis: Wider data from analysis of the market and threat landscape.
Organisations don’t have to implement every data type into their verification process. Yet, every new segment they do adopt vastly increases their chances of detecting and stopping fraud in progress.
2. Think of the customer and bring all your systems together
Authentication systems must be secure, but they also have to be quick. Customers won’t wait around if you spend more than 10 seconds weighing up their credentials. The process has to be seamless and instantaneous.
Yet, the industry’s approach to authentication has sadly become segmented. There are thousands of point of sale solutions that cover only one part of the verification process. They are rarely joined up and only waste customer’s time and patience.
To turn insight into fast authentication decisions, organisations should consider an end-to-end solution.
When a customer tries to sign in or access a service, an orchestration platform should be set up to collect all the desired data points before sending them to a decision engine. The engine can then analyse the data and evaluate if the entity is the customer they claim to be.
When the process for verification is joined-up and data-driven, passive authentication becomes a reality. The customer enjoys a real-time, seamless experience – no password required – while the decision engine rapidly confirms their identity in the background. This is security and customer satisfaction all in one.
3. Don’t underestimate the enemy
Cybercrime is fundamentally adversarial. A lone wolf or criminal outfit will probe every weakness in your verification system and will stop at nothing to breach your defences.
What’s more, these hackers are constantly innovating and adopting new technologies to stay ahead of security measures. Even popular, tried and tested measures like two-factor authentication have already been compromised.
You need to cover all your bases and ensure they have no place to hide, but that means constantly stress-testing and developing your security infrastructure. Crime doesn’t rest, so neither can you.
This Christmas and beyond, you need to keep your ear to the ground and adapt your security measures to the latest attack vectors and techniques.
By Sundeep Tengur, senior business solutions manager at SAS.
This article is also featured in the holiday season Dec 2019 /Jan 2020 edition of the Banking Technology magazine.
Click here or on the banner below to read the digital edition – it is free!