Whether its a drivers license, social security number or a simple password, consumers present various forms of identification for verification numerous times a day. Mobile and online vendors use this information to authenticate customers to enable online transactions, often storing associated demographic and payment information for processing or future use. However, this customer convenience often comes at a cost.
According to online security firm Norton, 18 adults become a victim of cybercrime every second, and 1.5 million people worldwide becoming victims each day. Given the rising risk of cyber fraud, isnt it time that businesses understand the data liability risks they may be unwittingly taking each time they transact? More importantly, businesses should make sure they're putting alternative security measures in place to protect themselves and their customers.
Before companies can begin to investigate whether or not they are currently putting themselves or their customers are risk, its imperative to consider which of their customers credentials are being requested, stored and, in some cases, shared.
Given the ubiquity of online transactions, credentials are not necessarily those that can be stuffed in a purse, hung on a wall or filed away in a secure place. Online and mobile transactions typically rely on virtual customer credentials, which can include user names, email addresses, passwords and security questions. These virtual credentials often rely on an honor system for consumers and businesses. Essentially, businesses have to believe that the customers are who they say they are, and customers must believe that the businesses have the necessary safeguards in place to keep the stored customer information secure from fraud.
Unfortunately, honor systems are often broken.
People are connecting, joining and transacting online every day without properly considering the secure information theyre relinquishing in the process. Businesses want to offer their users the convenience of a quick virtual credentialing system (based on an email address, password or security question) as a means of authentication, but without the proper safeguards in place, this simplicity often comes at the cost of security for both the customer and business.
Catering to customer convenience has the potential for consequences.
While it might seem convenient to use
A knowledge-based authentication, or KBA, approach might seem like an easy way to provide convenient and familiar security measures to customers. They're commonly used in financial services and incorporate common personal security questions combined with token authentication. But if a cybercriminal learns this piece of personal information, it facilitates a breach across multiple accounts on different sites.
At the same time, entering into this risky situation is usually a two-way street. Its not just that businesses are asking for too much data. Consumers are also complicit in this slide toward convenience over security. For example, more than half (55%) of Internet users have the same password across all Web accounts, according to U.K. communications regulator Ofcom. For these reasons, businesses that offer convenient transaction options for their customers need to be more concerned than ever about data liability.
The reality is that retailers dont necessarily want or need to store their customers information, even though doing so is seen as a necessary evil. As such, businesses need to take a long, hard look at their current credential management practices to ensure that they can confidentially verify customers, while protecting their data in a transactional environment that is not so cumbersome to cause customers to abandon ship.
It has become apparent that businesses need to adopt more secure and comprehensive mechanisms to collect and validate consumer information that lie outside the realm of traditional registration and means of authentication. Mobile and Web businesses looking to effectively and safely process transactions should turn to providers that can seamlessly verify a users identity without adding new and disruptive steps within the registration and transactional flow process.
Card scanning, tokenization and biometrics technologies provide the same ease as other methods of verification but don't require businesses to store customer information. Implementing a card scan with the camera of a smartphone or tablet helps assure merchants that the customer actually does possess the identifying card.
As online and mobile activity becomes universal, businesses and consumers will increasingly be at risk for fraudulent identity hacks. Businesses need to continue to put the appropriate measures in place to protect themselves and their customers, while ensuring that they use available technologies to create the most seamless user experience possible.
In the race to provide consumers with identity verification tools that are simple and easy to use, it's in everyone's best interest to ensure that businesses are not sacrificing data security in the process.
Marc Barach is the chief marketing and strategy officer of Jumio.