In order to successfully and scalably combat card-related fraud and digital payments hacking, organizations need to rely less on standards like EMV and PAN/PRN, and recognize today’s currency is no longer just about money.
Instead, digital identity has emerged as a new form of currency, and it requires protection too.
Counterfeit fraud, card-not-present fraud, fraudulent applications, card-not-received fraud, and lost and stolen fraud have all contributed to the digital payments fraud so many U.S. organizations and consumers are experiencing.
Additionally, hackers have become adept at compromising user account data, rendering protective tactics like PAN (i.e. the personal account number or the 16 digit number on credit cards) and PRN (i.e. the provisional receipt number or a unique 15-digit token) nearly useless.
What is digital identity? Previously, money was transacted via highly tangible items such as coins, symbols or even farm animals. But in the 21st century, money has become increasingly digital. The way people interact online directly affects their digital reputation, and that resulting digital identity gives people access to their bank account, allows them to apply for peer-to-peer loans, and enables them to participate in our shared economy.
A helpful way to consider digital identity is to think of it as the bridge between physical identities and online user identities. Digital identities are unique and impossible to fake, as they leverage the infinite number of connections users create when they transact online, so they work well to ensure legitimate users are recognized and provided with seamless online experiences. At the same time, digital identities can help accurately detect fraudsters using stolen or spoofed identities before the fraudulent transaction is processed.
In order to facilitate advanced fraud protection and accurately authenticate valid users, organizations need to capture and fully understand the complete digital makeup of each of their individual users. There are a variety of unique data points that make up a user’s digital DNA, including the following five elements:
User Credentials: This includes any/all associations between an individual’s accounts and email addresses with anonymized, non-regulated, personal information. This data might include user names and telephone numbers, or even more advanced intelligence relating to devices, locations and online behavior.
Trust Tags: Trust tags are digital labels that can be applied to various combinations of entities within a user’s persona to indicate their trustworthiness. Trust can be associated dynamically with any combination of online attributes such as devices, email addresses, or card numbers, allowing for trusted users to be quickly recognized.
Persona ID: This element captures connected entities such as email addresses, transactions, accounts, devices, IP addresses, geolocations, proxies, and physical addresses relating to an individual.
Links and Associations: Leveraging persona IDs, organizations can benefit from real-time linkage of a current transaction to related transactions through a matrix of attributes associated with the user, device and connection.
Behavioral Biometrics: Behavioral biometrics evaluate current user and device interactions, and compare that information to historical user and device interactions and to known bad behaviors.
The reality of today’s business landscape is that all customers are digital, and unfortunately it’s becoming harder and harder to verify the authenticity of these valued, online customers. Organizations are growing more adept at adapting their business to a more online-centric user experience, but in terms of preventing digital payments fraud, the majority remain focused on the wrong problem.
So much of digital payments security is focused on the protection of networks and devices, however determined and persistent hackers are usually undeterred by such safety measures. Organizations should instead focus their valuable resources on the digital identities that hackers may have already stolen. By stitching together verified customer data points such as location, payment details, websites visited, login credentials or typical transaction behavior, organizations can more effectively identify and transact with legitimate users, and at the same time thwart nefarious hackers in real-time.
Armen Najarian is Chief Marketing Officer at ThreatMetrix.