Active Identity Management Is the Key to Controlling Fraud

by Dewald Nolte 0

Over the past decade, data breaches have almost become a fact of life. Despite a seemingly increased focus on the importance of cybersecurity, it is clear that the way personal data is currently being protected, particularly in the financial industry, is not effective.

Part of the challenge lies in the rapid rise of e-commerce and in consumers growing increasingly comfortable with sharing their personal data with multiple websites and companies every day. Of course, the more widely the data is shared, the greater the risk that it can be accessed by parties with malicious intent.

The financial industry now faces the challenge of protecting consumers’ data while still allowing them the freedom to keep engaging in online activities. Traditional approaches to protecting data are clearly not cutting it in the age of digital innovation, which means they should change. And the change needs to involve making identity protection an active part of a consumer’s financial life.

Consumers Want Control

Many consumers have come to accept that the most a service provider can do is notify them that their personal information has possibly been stolen, that they are at risk of fraud, or that fraudulent activity has already taken place. It turns out that this passive approach to identity management is no identity management at all.

Up until this point, financial institutions have avoided involving their customers in security matters, not wanting to inconvenience them. However, it turns out that customers want to be involvedrecent research by RSA found that 93% of American digital users want to choose how their personal information and accounts are protected online. They want to feel in control of their identity and digital assets and to have the option of authorizing or confirming digital activities and transactions.

Contrary to a widely held perception, making the change from passive to active authorization and identity management measures can actually help increase revenue. It turns out that, when customers feel empowered by simple, active authentication measures, they feel safer, complete more transactions, and increase their usage of other digital services.

Mobile Offers Control without Sacrificing Usability

In addition to consumers’ willingness to be more actively involved in their own digital security, regulatory agencies are increasingly implementing more proactive measures to ensure that consumers are protected when transacting digitally. In the United States, no specific regulations require measures such as multi-factor or out-of-band authentication, but the latest update to the FFIEC’s IT Examination Handbook, “Appendix E: Mobile Financial Services,” recommends that financial institutions avoid single-factor authentication and instead opt for practices that rely on involving consumers directly in the authentication process. And for institutions doing business in the European Union, the upcoming 2018 PSD2 regulations require Strong Customer Authentication (SCA), which, among other practices, also entails multi-factor authentication.

Having consumers actively participate in protecting their personal data online and authorizing financial transactions does not have to mean inconveniencing them. Mobile technology provides a unique opportunity to balance enhanced digital security with user-friendliness: Putting the mobile at the heart of identity management and authentication is a guaranteed method to make consumers’ lives easier and to simplify their interactions with financial institutions.

Given their ubiquity, mobile devices can become powerful defence mechanisms in the fight against fraud, providing consumers with the means of rejecting fraudulent transactions before they are processed. Leveraging real-time, push-based technology means that authentication notifications can be received, reviewed and confirmed within a matter of seconds, and that the burden on consumers becomes insignificant.

They key to actively involving consumers in their own digital safety lies in an approach that is simple and absolute: empower them by giving them control in the palm of their hand.