“Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” – Benjamin Franklin
Suppose Franklin were still with us in today’s age of big data and machine learning. In that case, I think he would change his quote to say: “Those who unwittingly would give up significant amounts of their Personal Data to purchase a little temporary Data Security or Social Utility, will end up with less Data Security.”
Recently, I participated in a webinar, “Empowerment and Fraud Prevention Are Key,” with my Experian colleague, Joe Talbott, SVP of Sales, and Tracy Kitten, Director of Fraud and Security at Javelin Strategy & Research. Based on the Experian and Javelin whitepaper, “Giving Consumers Control and Enhancing Fraud Prevention”—which dives into some consumer data collection trends and recommendations—we discussed how organizations could improve their consumer experience, build trust, and reduce risk by leveraging fraud prevention measures that put consumers in control of their digital identities.
We covered many foundational points I agreed with during the conversation, like empowering consumers with a security hub and urging brands to develop a playbook for fraud resolution and breach response. However, I must admit that I didn’t agree with all of Javelin’s recommendations.
Here’s my sticking point. Javelin suggested encouraging acceptance of behavior tracking through consumer education, but I don’t think that’s the best approach. My experience tells me that the better thing to do is store less consumer data in the first place.
In the whitepaper, Javelin writes about how Behavioral Biometrics, which involves the tracking of behaviors, locations, and device usage, to name a few, is an effective way to reduce fraud and cybersecurity risks. Javelin noted that 85% of cybersecurity experts agree that Behavioral Biometrics is effective, and the only thing holding it back is consumers’ willingness to allow the tracking. To increase the opt-in rate, they recommend educating consumers further on why it is okay for them to allow more of their data to be tracked – which is an exchange for greater security.
Biometrics can be effective, but I don’t think it’s the right focus for the conversation. The bigger and better questions to ask are:
- Do consumers need to give companies more data to keep the massive amount of data they already have safe?
- Is it a bank, a social media company? The data requestor is critical. Right now, companies and organizations have the tools necessary to protect consumer data, including stronger and more granular field-level encryption, better perimeter security, robust data deletion policies, and Two-Factor and Multi-Factor Authentication.
Finally, Javelin also noted that while 49% of organizations use biometrics and 33% plan to implement it in the next 12 months, only 14% say they do not use biometrics and have no plan to implement them.1 While these companies may be the minority, I think they’re right.
Hear me out.
The issue: the more consumer data businesses have, the more data they have that’s at risk of being stolen when a breach occurs. Notice I didn’t say “if.” Instead of keeping more data, companies should educate consumers on how to reduce their digital footprint. That means going beyond digital tracking to cover data consumers give to providers like doctors, dentists, survey sites, of course, the multitude of websites they visit. Companies also should strongly consider taking a shift-left security position, baking security into their development lifecycle, and creating a stronger and more aggressive organization-wide security stance.
As a data intelligence and engineering professional, I think it’s best if consumers provide the least amount of information possible across their entire digital and even in-person lives. I mean, do consumers need four credit cards if one will do? The point here: first, companies need to invest and take data security more seriously, and second, consumers need to do everything they can to reduce their overall things-that-can-be-stolen footprint.
This minimalist data-divulging practice is in consumers’ best interest because, let’s be honest, companies and IT departments have failed them.
Due to lack of security, roughly 22 billion data records were leaked on the dark web in 2020.2 The high volume of breaches and exfiltration of data onto the dark web is why Experian has found 18.3 billion total records through our dark web scanner, CyberAgent®. Unfortunately, but not surprisingly, businesses, by and large, have failed to acknowledge the exposure elephant in the room. Until companies promise to do a better job of protecting valuable PII, they should not request access to more of it. Above all, data collected should serve a greater purpose, such as preventing fraud, not just data collection for data collection’s sake.
Ultimately, I understand the benefits of educating consumers to take more responsibility for their digital identity but collecting more personal data on their digital behaviors is not the solution.
For more on this topic, watch the webinar “Empowerment and Fraud Prevention Are Key,” or read the whitepaper, “Giving Consumers Control and Enhancing Fraud Prevention,” to help your company respond to the consumer shift toward digital channels, improve the consumer experience, build trust and reduce risk.
1Javelin Strategy & Research, May 2021 Poll
2 ID Agent