Page 26 - GS221201

P. 26

CoverStory
Co v er St o r y

distinguish bots from legitimate customers. Researchers er convenience, how can providers distinguish between
found subpar identity verification is a vulnerability that legitimate users and fraudsters or offer easy log-ins with-
contributes to fraud at all points of the customer journey. out compromising customer security?
"Layering in supportive capabilities such as social media Forter Solutions Consultants Maddie Vagadori and Alyss-
intelligence and AI/ML further strengthens fraud preven- sa Huitema explored this issue in a Sept. 6, 2022, post
tion," researchers wrote. "Study findings show that firms titled, "The Impact of MFA on Customer Experience," pro-
[that] follow this approach are less likely to be challenged posing the world has outgrown traditional usernames and
with identity verification, botnet attacks and optimizing passwords, which they noted are insufficient protections
fraud detection/risk levels with the customer experience. for the vast majority of users who apply the same creden-
They also experience fewer successful fraud attacks per tials across multiple sites.
month and realize a lower cost of fraud."
"Multi-factor authentication (MFA) is the industry-stan-
LexisNexis Risk Solutions researchers recommended the dard for securing accounts and supplementing traditional
following actions to harden security: username and password authentication, adding a second
• Identity proof customers: Identity proofing in- layer of defense," Vagadori and Huitema wrote. They cited
volves both verification and authentication. Verifi- three main buckets of factors:
cation uses self-provided data to confirm if a single • Something you know (for example, security ques-
identity is real. Authentication confirms a person is tions)
legitimate (who they say they are). • Something you have (for example, a text message
• Enhance technology: Replace manual procedures sent to your device)
with advanced, automated technologies to reduce • Something you are (for example, biometric authen-
challenge rates, manual reviews and related costs. ticators).
Deploy technologies that can recognize custom-
ers, pinpoint fraud and build a knowledge base to "MFA drastically reduces the likelihood of account take-
streamline on-boarding, can help detect insider over, safeguards sensitive data and makes consumers feel
threats and prevent account takeovers. like their online information is more secure," they wrote.
• Assess devices: Assess more than physical attri- "But MFA is not infallible, and not all factors are created
butes to authenticate an identity. Businesses need to equal, as there are varying degrees of man-in-the-middle
holistically assess device risk, transaction risk and resistance, susceptibility to social engineering, etc. More-
online/mobile behaviors, using data attributes like over, attackers are reaching new levels of sophistication
users' logins from multiple devices, locations and that transcend what passwords and MFA can effectively
channels to identify risks. handle."
• Leverage data: Enable integrated forensics, case MFA and privacy law
management and business intelligence to drive
profitability. Data-driven insights will help busi- Vagadori and Huitema further noted that MFA, in addi-
nesses create a robust fraud and security technology tion to becoming an accepted ecommerce practice, has
platform with strong fraud management capabilities been codified into law in various regions and countries.
that can help them adapt to the changing digital en- For example, PSD2, introduced by the European Union in
vironment. 2015 and later revised into PSD2, is designed to protect
• Add security layers: Replace single-point protection consumers throughout the EU and European Economic
with a multilayered security solution, customized to Area, they stated. "The most important component of
each phase of the customer journey and transaction PSD2 is the requirement of Strong Customer Authenti-
channels, that protects transactions across locations, cation (SCA), which means that a consumer must be au-
devices, geographies, user behavior and transaction thenticated using additional methods or parameters," they
patterns. wrote. "One of these methods is called 3-D Secure (3DS),
which was introduced as a secure authentication method
Letting customers in and keeping fraudsters out requires for online transactions."
multilayered, strong authentication, researchers conclud-
ed, a defense ideally powered by a single authentication 3DS provides an extra layer of security but adds a step
decision platform based on real-time event data, third- to the customer journey, which could lead to shopping
party signals and global, cross-channel intelligence. cart abandonment and false declines, the authors noted.
However, 3DS shifts liability from merchants, raises shop-
Balancing security, customer experience per confidence in online security and fosters PSD2 com-
pliance. While the authors have seen enhancements to
As security analysts have noted, balancing strong secu- 3DS, they stopped short of calling the technology a silver
rity with consumer preferences has long been a struggle bullet. When implemented intelligently, they wrote, 3DS
for risk managers and customer experience officers. In a positives outweigh negatives and could even lower fraud
world of instant credit decisioning and optimized custom- losses by as much as 80 percent.

21 22 23 24 25 26 27 28 29 30 31