The pandemic has only accelerated online migration and requires more nuanced identity verification than ever before.
Entrepreneur New Years Leader
Be inspired by the business resources in our guide and help you meet your goals in 2021.
5 min read
The opinions expressed by the entrepreneur's contributors are their own.
Proving a person's digital identity has always been a challenging problem, especially when weighed against the need to access information online. Customers want their information to be secure, but they also want to avoid being bothered by onerous authentication tasks. Businesses are therefore faced with the trade-off between security and accessibility, and the problem becomes more complex as almost everything goes online.
Related Topics: Need for Better Fraud Prevention Strategies Amid Rise of Payments Digitization: Report
Assess the potential for fraud
Companies that consider it necessary to identify customers or business partners must always be aware of the potential for fraud. Fortunately, AI and advanced identification systems are making great strides in fraud identification. The increasingly expansive digital footprint of online activities makes it possible to establish behavioral patterns and indicate whether or not a device is associated with potential fraud in various online activities. A solution that can couple digital footprint data with consumer credit information and public record data, when available, provides an even more complete picture, so a business can be more confident about whether a consumer is who they say they are – or one potential fraudster.
All of these technologies help identity verification companies to identify potential fraud for their customers at an early stage. Online retailers or banks forego a simple authentication process for usernames and passwords and prefer multiple factors of authentication and fraud detection services to prove the identity of a consumer. These factors include:
Knowledge-based authentication (KBA) informed by hard-to-guess personal data or credit dataMultifactor identification, use of email and phoneDocument-centric identity authenticationDigital attribute risk assessmentBehavioral analysisReputation and link analysis that can link multiple devices together
With all of these factors, machines can learn a person's identity and be used to improve the success rate in online businesses. In this way, consumers can be sure that their identity is being successfully protected while the company can be sure that it is protecting itself and its consumers from fraud.
The private sector can often learn lessons from the way government works, particularly in cybersecurity. To authenticate their users, government agencies have largely shifted from using knowledge-based testing alone to a combination of device risk, document review and multi-factor authentication, using, for example, email and phone to assess physical credentials. This has enabled government agencies to reduce fraud and improve identity verification success rates. Moving to this model can be a way for organizations to provide a more streamlined and secure way to verify identity.
Focus on being proactive
There are many examples of supposedly safe applications and websites that are hacked using inexperienced methods (phishing is one of the most common examples). There is always room for improvement, but some of these violations have eventually forced companies to wake up and become more aware of the threat. A good assumption is that everyone's identity has already been stolen, so it can be assumed that the bad guys have passwords and answers to security questions.
New identity verification methods need to be developed that will force us to use additional factors to stop fraud. However, scammers are getting smarter and smarter, so organizations can never get complacent about their own authentication processes. There is a need to keep innovating.
For example, with TransUnion we have a database that works with tens of thousands of companies and consumers around the world. These partners return both positive and negative information about digital devices to the database. This enables potential threats to be crowdsourced, where device information and other risk factors can be retrieved from potentially fraudulent devices and passed on to other subscribers so that fraudulent activity can be detected and mitigated immediately. Fraudsters can be identified by their devices even if they change their online identity due to the uniqueness of each device.
It is important to implement new security measures so that customers can have a positive user experience while addressing security concerns. This stems from the balance between security and accessibility. Applications must be safe and at the same time not cause stress. This is where analyzing risk signal intelligence can be critical. This enables companies to verify their identity without placing additional demands on their customer base.
See Also: 4 Tell-Tale Signs Your Business Is Ready For A Cybersecurity Attack (And How To Respond To It)
Constant innovation is the key to success
The digital world is constantly evolving, and yet the core requirements remain the same: verify a user's identity and prevent fraud. The bad guys are constantly looking for new ways to break down old authentication methods. So it's up to companies and their cybersecurity partners to stay one step ahead and still enable a seamless customer experience.