In the post-breach era, how can businesses go digital with confidence?
Every day, around half the world’s population and 80 percent of U.S. citizens transact online, fueling the $3.4 trillion digital economy and forcing businesses to undergo a digital transformation. But transactions that were once local and done in person have become digital, mobile and increasingly global, providing businesses with a daunting challenge.
Each new digital transaction represents a trust decision that companies must execute in real time. However, these decisions are dependent on understanding the true identity of the person at the other end of the transaction.
But today, cybercriminals leverage a constant stream of stolen credentials and personal information acquired through corporate data breaches and available on the dark web in an attempt to defraud digital businesses and their customers.
A total of 1,080 data breaches have been recorded in 2017 with a total of 171,114,261 records exposed, according to the Identity Theft Resource Center, as of October 10, 2017.
Taking advantage of the anonymity afforded by the Internet, criminals use these credentials to take out fraudulent loans, hijack bank accounts, make payments with stolen credit cards and otherwise wreak havoc in just about every industry.
Digital businesses opening up their systems to the web struggle with this new reality—so much so that some analysts have coined the phrase “Post-Breach Era” to describe it. Organizations across the globe are unable to make accurate trust decisions because they have no way of knowing who those users really are, or which they can trust.
A major part of this problem is that the way businesses authenticate users has become obsolete. Static credentials, such as the user ID and password, were developed decades ago when the presumption of confidential access to these credentials seemed reasonable. That presumption is no longer valid.
In this post-breach era, business leaders across industries must ask some serious questions:
- Are there any business systems where it is not critical to know with certainty the identity of the individual on the other end of a transaction?
- How can we make accurate trust decisions when authentication systems can’t tell the difference between a valued user and a criminal using stolen credentials?
- What technologies are available to secure digital account creations, logins and payments so businesses can grow profitably and securely?
The modern reality is that we hear about new data breaches every day. But it may not make a big difference anymore. With so many identity credentials now in the wild, businesses without advanced mechanisms to verify identity don’t have any way of knowing who’s gaining access to the business systems within their enterprises. A breach half-a-world away may have exposed credentials to their systems or compromised an identity. Organizations are caught in a thicket trying to decipher legitimate user from fraudster while well-funded and organized cybercrime rings develop and refine their attacks.
For example, online lenders evaluate loans without knowing if applicants are really who they claim to be. Retailers process transactions on credit cards that may be stolen. Businesses of all types are performing activities on user requests that are presumed to be legitimate, only to find out later that fraud has once again infiltrated their organizations.
The total online global shopping cart abandonment rate for Q1 2017 is 75.6 percent, according to Smart Insights, August 2017.
Beyond the immediate financial costs associated with fraud, we now have entire departments focused on cleaning up the aftermath. The overhead of this activity needs to be absorbed by these businesses and passed onto consumers in the form of higher prices.
In an attempt to protect themselves, organizations are adding extra layers of security, such as two-factor authentication (2FA). These step-ups commonly involve one-time pass codes sent to the user’s mobile phone, or require special devices that their customers must carry with them wherever they go.
While necessary in extreme cases, this adds friction to the digital experience. When used too broadly, the overall burden of verifying identity shifts onto users. This “out of band” authentication results in an alienating experience and usually leads to fewer transactions, higher abandonment rates and increased customer defections.
This whitepaper explores the digital transformation imperative and associated challenges many businesses will encounter
This extra authentication has also proven ineffective. Cybercriminals are adept at circumventing step-ups, forcing businesses to manually review identities post-login, and leaving them at continued risk of fraud.
The rapid pace of online business puts additional pressure on organizations to deliver a speedy, frictionless user experience. However, much of the technology used to achieve this goal also provides fraudsters with easier access to your business – a serious inhibitor to profitable growth.
The risks associated with cross-border transactions have also kept many digital businesses from expanding into new global markets. High densities of cybercrime in some geographies expose them to higher risks, manual reviews and higher operating costs.
These modern realities make it harder than ever to achieve growth without compromise.
Organizations saddled with these challenges often get stuck in the status quo, unable to innovate quickly. Meanwhile, newer, more nimble competitors that use advanced authentication are attracting market share because they’re able to give customers the fast, frictionless experience and the security they want. These businesses are able to discern legitimate from fraudulent digital events starting from the very first point of interaction, enabling them to streamline their business processes and transform the user experience. To accomplish these goals, businesses are using a new technology called digital identity.
Next up: The Digital Customer Journey