In this interview with Help Net Security, Tom Wesselman, CTO of TeleSign, explains how to successfully combat identity fraud to not only protect an organization but its customers too.
As cybercrime sophistication reaches new heights, what can organizations do to tackle these new threats?
Phishing, identity theft, and ransomware are not new types of cyberattacks. What is new is bad actors increasingly using automation and other advanced technologies to more quickly identify and exploit vulnerabilities in organizations’ defenses to access or steal sensitive data without being detected.
One commonality among most attackers is their desire to achieve the most lucrative outcome. They view themselves as a business, and like any business, they want to increase their ROI. Using automated bots is an easy and inexpensive way to identify vulnerable targets and launch their attacks.
Therefore, organizations must build and enforce barriers that the criminal determines are too complex and expensive to overcome. One way to do so is by conducting extensive vetting during the new customer onboarding process that challenges customers to verify their identities. A rigorous approach to onboarding not only ensures the person creating a new user account is who they say they are and builds trust, but it will also compel a bad actor to give up and move on to their next target.
What are the technologies they can use not only to protect themselves but their customers too?
Companies should use technology that validates new users and challenges any suspicious behaviors. For example, flagging an attempt to complete a high-value purchase online and initiating additional research to confirm the transaction’s legitimacy. Continuous monitoring of all customer actions, including long-term customers, is necessary to catch unusual behavior.
Requiring new customers to provide identifier attributes such phone numbers or email during the account registration process and using AI risk-based scoring solutions can help determine risk levels for each user. Automating the analysis of multiple behavior signals associated with one or many identifiers will achieve greater accuracy in identifying risky behavior and security threats.
Why do companies often sacrifice security for customer experience?
Unfortunately, the desire to provide an engaging and seamless customer experience too often trumps security. For example, CAPTCHA may deter a potential customer from taking the time to create an account, or requiring a multi-factor authentication pin may prevent them from completing their purchase. It is also common for companies to permit consumers to virtually sign documents or place orders without creating user accounts.
This mindset is in dire need of a shift and companies need to view security as means for their organization to be successful. Research shows 85% of consumers will remain loyal only to brands they trust and are 7x more likely to buy from companies they believe prioritize their privacy and the security of their personal information. If an organization is laxed on security, they could jeopardize this trust, ruining relationships with even more customers than if they were to have preventive measures in place.
How to successfully combat identity fraud?
A person’s digital identity is invaluable both to them and to the companies they entrust with that information. Companies face significant business and regulatory compliance consequences for failing to protect their customers’ sensitive data. Multi-factor authentication (MFA) should serve as the foundation of fraud prevention and account security and can include several methods for validating a customer’s identity, including:
- A customer-created password or PIN
- Mobile phone or hardware token: a unique code sent to the customer via mobile phone, computer, or other trusted connected device
- Biometrics such as fingerprint or face recognition
Layering authentication and validation tactics work to prevent fraudulent account creation and make sure that a customer’s information is not compromised. Additionally, when the above-mentioned measures are enforced simultaneously, the end-user can more quickly and definitively determine if the user is in fact real. MFA also supports the employ of continuous monitoring tactics by assessing millions of data points.
MFA is a necessary component of fraud prevention. Think of it as stacking security measures to fortify the castle wall via a variety of tactics. Identity verification solutions work together to thwart attackers trying to gain entry and access to sensitive data stores and strengthen customer loyalty. Given the ever-changing world of technology and drastic increase in fraud attempts year-over-year, it’s vitally important to avoid stagnation, especially when it comes to issues of identity security. An ongoing proactive approach gives brands the best chance to stop fraud in its tracks.