Holiday online shopping – naughty or nice?
This is a guest post by Robert Capps, VP and authentication strategist at NuData Security.
With the Christmas holidays coming up, there will be a race to secure holiday gifts at the best prices if they didn’t already on Black Friday and Cyber Monday. Consumers are expected to spend an average of $1,226 during the holiday shopping season reaching ~$1.05 trillion between November and January, according to the latest Deloitte 2017 holiday retail survey. The survey also predicts that, for the first time, online shopping is expected to outstrip in-store shopping.
Who will get the gifts?
With passwords stolen by hackers at a rate of 250,000 passwords a week according to Google researchers, online companies will have a hard time distinguishing who is the real customer and who is the hacker. In all, since 2013, over 9 billion records have been breached. As of November 2017, last year’s historic high of 1,091 breaches has already been surpassed. With these numbers, the odds are that hackers have most all of shopper’s static identifiable data: passwords, social security numbers, names, address, motor vehicle information and more.
It also means that most authentication platforms that use static data like passwords and credentials are no longer reliable due to past years’ hacking activity. So, the job of identity proofing, customer verification, and consumer authentication will need a variety of layers that don’t rely solely on personally identifiable information (PII) to allow companies to make reasonable decisions as to whether to allow certain transactions or to review or block them. For online companies, the magic of the holidays will happen when the legitimate customers are recognized, and suspicious transactions are blocked without frustrating or impacting legitimate consumers. The online experience needs to add reliable layers of security and at the same time balance that with a smooth experience for customers, so they come back again, and don’t abandon their cart for a competing organization.
The number of methods to make purchases and transactions is increasing exponentially; from the good old credit card with the magnetic stripe to the myriad of online payment options available today. The card-not-present industry, in particular, strives to make purchases and transactions as simple and frictionless as possible to ensure they are top-of-wallet. For this, companies that offer online services to consumers often subcontract third-party organizations to help make the payment or the transaction process smoother and/or safer. At the same time, many of these third-party companies hire services from other third-party companies, creating a long chain of providers that handle highly sensitive personal data.
More intermediaries unfortunately also mean more potential gaps or vulnerabilities for hackers to profit from during the holiday season. Fraudsters look for PII, so they can ultimately steal money through account takeover, for instance.
The upcoming shopping season will awake those ‘sleeping’ hackers who have gained access to customer’s accounts and are purposely waiting for the high-traffic days to perform their fraudulent purchases or transactions. To detect out-of-character and potentially fraudulent transactions before they can create a financial nightmare for consumers – and for vendors – companies must adopt new user verification and authentication methods that fraudsters can’t deceive.
A layered gift
A layered solution that includes passive biometrics and behavioral analytics is leading the way to provide more safety for consumers, and less fraud in the marketplace. This layered solution identifies machines from humans, then separates good machines from bad, selects known humans from unknown humans, and finally sorts unknown humans demonstrating low-risk signals from unknown humans demonstrating high-risk signals. This process lets organizations fast-track the known and low-risk users for an optimal experience, saving the friction and traditional authentication methods for the highest risk users.
This solution integrates four different layers: the device, location, and connection layer; the passive biometrics layer; the behavioral biometrics layer; and the consortium of aggregated data that allows merchants to leverage intelligence gained cross-brand and cross-company. Integrating these four layers companies can validate the user through information that imposters can’t replicate, securing the good user’s transaction at every step.
According to Deloitte, online sales will reach $111 million during the holiday seasons. This forecast is an indicator of the increased traffic retailers can expect to see in the following weeks and be ready for it. This may be the time to start thinking about reviewing your risk and experience approaches so next year you are leading the pack, and you won’t be on the fraudsters Christmas list.
Passive biometrics and behavior analytics combined in a layered defense is a distinctive way online retailers can ensure that the holiday is a happy one for all.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.