Cheers was a popular television show based on characters that stopped by the bar in Boston named “Cheers.” The bartender knew their names and what each wanted to drink and where they would sit. It is similar to walking into your favorite coffee shop and having the barista recognize you and start pouring your coffee as soon as they see you walking up. A place where they can identify you the moment they see you, just as if you were entering a familiar space where you feel home.
It is the same type of warm atmosphere online companies are trying to create for their customers. In person, recognition is automatic – you see a friend and you know it is him or her. However, online, people are generally identified by their credentials, passwords or security questions.
With almost nine billion records exposed since 2013 – which include personal tax information, social security numbers, motor vehicle numbers, and more – chances are someone else can use your information to buy products and services fraudulently. According to Forrester, an analyst firm, seven billion dollars have been lost this year to account takeover alone across different verticals. Additionally, this year’s holiday eCommerce sales are projected to grow 10% over last year’s holiday season, so identifying real customers is more critical than ever.
Passwords are Passe
Once the foundation of online identity, passwords are now losing value. Passwords have always been hard for customers to remember and to change regularly. Forrester reports that 20% to 30% of help desk calls are password-related. On average, password issues cost about $179 per person per year. Passwords have been easy for hackers to guess, through social media, and easy to break using brute force attacks – fraud where thousands of passwords are cycled automatically over millions of websites until hackers find the right combination.
As a reaction to the record-setting breaches that have dumped almost everyone’s personal data into the wild, online companies are putting up security barriers to cut down on fraud. The problem is that these security barriers can also discourage customers from buying. Forrester reports that 37.4% of online shopping carts are abandoned at the login step. The key is to open the door to customers while locking-out cybercriminals.
Risk-based Authentication
In a digital world that demands an increasingly frictionless experience, the online space has to be secured with new technologies that can validate the legitimate customer without undue friction. A trusted environment has to be created through a risk-based authentication infrastructure that relies on intelligence from devices, connections, behavioral analytics, and passive biometrics.
The trick is to choose dynamic security tools that look at the device as well as at the human behind it, with real-time monitoring. Dynamic tools can understand the legitimate customer’s changes without raising any unnecessary flags. Are you traveling to Russia and checking your bank account from a hotel computer? No problem, dynamic layers can pick that up and recognize it is you without asking for additional information.
Using passive biometrics combined with behavioral analytics, companies can identify customers in real-time by their behavior. This technology can cross-reference the behavioral information with the device, location, and IP information to build a complete and accurate picture of the user. This detailed picture allows companies to identify real humans from automated technologies and determines if a user is legitimate or a fraudster. Even if you are logging in from a new IP, device, and location, the behavioral layer still knows it''s you.
This layered defense tracks a customer’s online behavior much like when a person is recognized at their favorite establishment. Biometrics combined with behavioral analytics tracks mouse movements, screen swipes, patterns of touch, how hard keys are pressed, how a device is held, and more data points. All these are tracked through the entire online session and compared to the previous behavior of a customer.
The layers can communicate with each other and provide a combined risk and trust score. This risk can help companies decide if they want to fast-track the customer, block them, or step them up using two-factor authentication (2FA) or additional biometrics steps – such as a fingerprint or retinal scan. Using a layered solution that includes cutting-edge technology companies can pinpoint with near 100% accuracy the validity of a user.
Recognition Equals a Great Experience
As online companies build risk-based authentication frameworks with intelligent and dynamic layers, they can keep out the riffraff while they offer a better experience to valued customers. It also allows customers to feel the love without the frustration of unnecessary friction and the online space becomes a place where everyone knows your name.
About the Author
Robert Capps is a recognized technologist, thought leader, and advisor with over twenty years of experience in the design, management, and protection of complex information systems – leveraging people, process and technology to counter cyber risks. In his previous role at RedSeal as a Senior Director, Robert was responsible for technical, security, and customer operations. Prior to RedSeal, Robert was Senior Manager, Global Trust and Safety at StubHub.