Guilty Until Proven Innocent: How Incorrectly Identifying Good Customers as Cybercriminals Damages Your Bottom Line
Chances are, your brand's fraud management technology is costing you money.
According to the Department of Commerce, e-commerce sales in this year's second quarter grew by a robust 15.7 percent over the same quarter in 2013. But while the growth of online sales presents new opportunities for retailers, it also brings additional risks — not the least of which is an increase in cybercrime.
In an effort to protect their companies and customers from online fraud, many retailers have adopted a "guilty until proven innocent" security approach that turns away customers if there's the slightest hint of suspicious activities, resulting in lost revenue due to the incorrect labeling of users as fraudulent.
Fortunately, it doesn't have to be that way. By leveraging context-based authentication and a global network, you can improve security without damaging online revenues or the customer experience.
The Problem With Fraud Management Technology
Too often, the threat of a serious breach has led online retailers to implement technologies that prioritize security over customers. As a result, retailers have grown accustomed to an unacceptable level of customer friction in the online channel.
In the banking industry, when a customer attempts to log in to their account with a device the bank hasn't seen before, the bank initiates a phone call or text message to authenticate the customer's identity. This creates additional steps, especially if the customer hasn't updated his or her contact information or is unable to respond to the verification attempt.
The situation in retail is similar. Fraud management systems have historically been designed to accommodate the needs of specific industries and have been deployed for the singular use of retail brands. Consequently, the intelligence collected by the enterprise about e-commerce users is limited to the brand's own interactions with the customer, forcing retailers to presume that unfamiliar users or devices are guilty of fraudulent login attempts.
In today's online marketplace, however, consumers have multiple online personas and interact with dozens of websites on a daily basis — interactions that can be used to help verify and authenticate the user's identity for all online transactions.
Context-Based Authentication: A Better Way
Context-based authentication is a passive security approach that evaluates a user's device, associated online personas, transaction context and previous online behaviors in real time, enabling retailers to gauge user credibility according to a wide range of variables. Rather than relying exclusively on your brand's own history with a user, context-based authentication and a global intelligence network allows you to quickly differentiate good customers from fraudsters, eliminating unnecessary customer friction.
Let's say a customer attempts to log in to a retail account using a new, unfamiliar device. If the customer used previously authenticated and trusted credentials (e.g., name, physical address, email address and credit card) to make a recent purchase from another retailer, the device can be authenticated in real time since the customer's key credentials have remained unchanged.
One of the primary benefits of this approach is that it gives equal weight to the identification of both cybercriminals and good customers. Context-based authentication and a global network eliminate transactional hurdles, reduce friction and stop any further damage to the customer experience — without sacrificing security against legitimate fraud attempts.
Based on recent trends, online sales will likely break another record during this year's holiday season. Context-based authentication and global network intelligence can dramatically improve e-commerce security, but the caveat is that you need to consider implementing this technology now to avoid a potential catastrophe by making major security changes during the busy fourth quarter.
Reed Taussig is the president and CEO of ThreatMetrix, a provider of context-based security and advanced fraud prevention solutions.