Understanding digital identity and joining the network can protect e-retailers and customers from fraud and ensure a frictionless purchasing journey, according to experts in cybersecurity.
Speaking at the EMEA Digital Identity Summit 2019 in London a couple of weeks ago, experts outlined how a cross-industry, global digital identity network could benefit those operating within any virtual marketplace.
Hosted by ThreatMetrix, a LexisNexis Risk Solutions company, the event focused on enabling seamless, safe digital business by authenticating customers in real time.
Dr. Stephen Topliss, Vice President, Fraud and Identity at LexisNexis, highlighted how ThreatMetrix’s own technology analyzes transactions via code in an app or website to build an alphanumeric identifier for each of its 1.4b recognized users.
This is completely anonymous: the technology uses no raw data and ensures customer privacy. Data is encrypted; personal details are not retained; all processes are GDPR compliant, Dr. Topliss explains:
“When you have all the data you can create digital identities: unique identities for everyone interacting online and you do not have to know who that person actually is. Our global digital intelligence network brings all the data and intelligence together to give a risk and fraud indicator.”
Jason Lane-Sellers, Director, Fraud and Identity at LexisNexis, explained a digital identity is created through behavior profiling and analyzing multiple contexts or indicators: devices, locations and transactions.
“In the past we considered physical identifiers and in the early days of the internet we looked at one device because people didn’t have multiple devices. Now we have to take multiple contexts to build that full digital picture to understand who somebody is and whether they are a good customer.”
Initially, digital analysis just looked at IP:
“Now we are also talking about biometrics: thumb prints, how you hold your phone, type on your keyboard and whether you are left or right-handed.”
Trusted identities repeat behaviour so when “out of profile” transactions occur, e-retailers are alerted to the possibility of an attack, stolen device or account takeover.
Those in e-commerce should assure their customers of the benefits of being part of a digital network – the more data there is, the better the analysis, Mr. Lane-Sellers insisted.
“Everybody helps everybody if you are part of the network and the wider the network the higher the value, particularly in the e-commerce space.”
Working in real time aims to make purchasing seamless and strengthen the relationship between the e-retailer and customer, said Mr. Lane-Sellers:
“This is managing the customer journey – you need to profile the entity as they start the process because they will not sit on the page for longer than three seconds. They want a simple journey, otherwise they will go elsewhere to purchase. They want that one-click experience, and many e-retailers are getting near that.”
E-retailers must explain to customers they analyze the customer’s digital interaction to create this frictionless journey.
“If the e-retailer can monitor and understand what is happening in the digital world, it also protects everyone from risk.”
Fergus Campbell, Head of Communications at British classified’s site Gumtree, spoke at the summit about steps being taken to combat fraud.
“While Gumtree operates as an online marketplace, not an e-retailer, we take our customers’ privacy and security just as seriously.”
The company has dedicated policy, fraud, safety teams and a robust help center to this cause. It encourages users to report breaches and provides simple ways to do so. They also recently began working with ThreatMetrix.
“With ThreatMetrix we are able to utilize our digital identity network to accurately isolate and block potentially high-risk behavior. Gumtree can identify and block new account creations that appear high risk and are therefore likely to be fraudulent.”
One of the biggest current fraud areas is “takeover,” where fraudsters target existing accounts to access services, said Mr. Lane-Sellers.
“A lot of e-retailers focus on the payment stage but in the modern era more threats are happening early on. The account itself is being manipulated so it is about understanding and controlling who is logging on to the site because by payment stage you might not pick it up.”
“E-commerce is all about repeat business and brand impact is as bad as any payment issue. If you have that kind of breach, then you lose customers that have been impacted and you have the impact if they tell others or there is media coverage.”
“Payments are important, but e-retailers now need to look after the customer from beginning to end. Technology is advancing so fast that it is hard for them to look after themselves. They need to understand the e-retailer is doing so – and they will expect them to.”