Passwords are not enough

Published: August 7, 2014 by David Britton

Companies are facing incredible difficulties identifying fraud risks at the point of origination. Setting up accurate fraud detection processes has become more and more challenging as mobile and online channels have become widely used by consumers. At the same time, fraudsters’ techniques are becoming increasingly sophisticated. To compensate, organizations have had the choice of either:

a) Implementing very tough identity-proofing standards — risking turning away legitimate customers.

b) Lessening their criteria and opening themselves to increased risk.

Any business that functions in a web connected environment that has a need to recognize new or returning consumers must look beyond the simple credentials that have been provided by the user such as usernames, passwords, email addresses, phone numbers, handles, secret questions or secret answers. To increase assurance businesses need to start need to start looking at authenticating users through their devices that are being used to present those credentials.

The underground is awash in legitimate but stolen credentials and should be treated with a great deal of skepticism by the businesses attempting to authenticate their customers. There will always be a pendulum swaying in the echoes of this kind of news – with businesses locking down access with more stringent policies and in doing so they begin to undo all the work that has been done to create a frictionless consumer experience.

The industry may now begin to realize the ultimate dream of the consumer: completely effortless access. Rather than requiring consumers to type in credentials that may have been compromised why not leverage the various technologies that exist to simply recognize the consumer when they access the site in question? Digital consumers interact with businesses via their digital proxies – their devices – which must come in digital contact with the web servers in order to gain access.The industry should require the machines to do heavy lifting (rather than consumers) when it comes to “recognizing” them when they return.The right technology offers a more robust, privacy-compliant and transparent way for businesses to recognize their digital consumers.

As we’ve discussed previously the authentication process will shift from a single view to a layered, risk-based authentication approach that will include comprehensive and real-time updates of consumer information. This is done through technology that has been tested over the years and protects millions of customer accounts today with incredible results in terms of both fraud detection and frictionless consumer experience.

The time has come to embrace the realities and the possibilities of the new digital environment in which we operate.

Learn more about how your business can authenticate consumers confidently.