In the wake of a pandemic and at a time when consumers are inseparable from their devices, eCommerce companies are facing a daunting challenge: How does a business recognize and protect its trusted customers, mitigate the effects of opportunistic fraudsters, and deliver the best user experience possible? How does this affect online identity?
In a series of video conversations, Ryan Patel, a global authority on business and corporate governance, and experts from NuData Security dive into answering all the important questions about online identity, covering such topics as device intelligence, behavioral biometrics, behavioral analytics, and identity as a whole. These conversations break the topics down in easily digested ways underpinned by real-world examples of how businesses — and, most importantly, their customers — can benefit from using online identity tools to make better decisions and improve the user experience.
Device intelligence with Justine Fox, NuData Principal Product Manager
Fox defines today’s digital landscape in simple terms: Consumers can access the services they need and products they want from anywhere, at any time. And businesses should take advantage of this.
Businesses leveraging device intelligence can assess factors related to devices to recognize their trusted users. Examples of information gathered by device-based security tools include:
- The user agent: A string of data that includes basic information about the device interacting with the platform, such as type of device, operating system, browser type, and version.
- The device ID: Created through cookies stored in the user’s browser, which recognizes that user upon repeat visits.
- Device fingerprinting: An intelligible string of data based on factors like the device’s time zone, language setting, and screen resolution, among other possibilities.
Monitoring device intelligence allows a business to authenticate its customers and, when anomalies arise (for example, the presence of a user on a browser not seen from those credentials before, who’s behaving in a way that’s not normal for that account), those interactions can be flagged for potential fraud.
When device intelligence is leveraged properly, the user journey through the online platform becomes much more enjoyable. As devices increasingly interact with platforms and services — and even as they’re replaced (a user with a new iPhone, for example) — device intelligence tools leverage the information gathered to keep interactions safe and consumers on an enjoyable, frictionless journey.
“Devices are disposable,” Fox said. “You’re not.” (2:50)
Behavioral biometrics, also known as passive biometrics, with Dave Senci, Mastercard Vice President of Product Management
Senci supplied a simple definition of behavioral biometrics: Your inherent behaviors when interacting online in any digital platform.
These behaviors can include:
- The length of time required to fill out an online form.
- Input behavior, such as whether the user tabs or clicks from field to field, and
- The user’s typing cadence and mouse movement.
Companies that can get to know the behavior of their trusted users can get ahead of the user experience game, without compromising security. Combined with device-based intelligence, behavioral biometrics can help a company distinguish its legitimate users from bad actors, and in the event of suspicious activity, other forms of authentication, such as two-factor or a one-time passcode, can be stepped up.
The first step for business leaders looking at enhancing their behavioral tools, Senci said, is to consider these questions: Who are your customers? What is the value that’s held behind their accounts? And can behavioral biometrics be leveraged for a better user experience in a frictionless way and still mitigate fraud?
Behavioral analytics for Online Identity with Jonathan McGrandle, NuData Director of Market Delivery
When it comes to behavioral analytics, McGrandle sees device intelligence and behavioral biometrics coming together in a holistic way that allows companies to better understand the customers with whom they’re interacting.
Behavioral analytics builds a unique profile based on a client’s inherent behavior. It considers data points such as:
- When does the customer interact with the platform?
- Where is the interaction taking place (at home, in the office, or on public transport)?
- Does the typing cadence align with past interactions?
- What does the customer do on the platform (browse, make purchases, review loyalty points, pay bills)?
“All of this is going to feed into your profile and feed into your identity,” McGrandle said. (5:45)
Behavioral analytics encompasses not just the tendencies and attributes of individual users but also the larger population of customers, learning to recognize specific behaviors of good users. Through machine learning, a company can then establish a baseline on how good users are expected to interact within their platform and flag anomalous behavior that could represent fraudulent activity.
Like the other NuData experts, McGrandle emphasized that the primary goal of behavioral analytics isn’t fraud mitigation, although that’s certainly a benefit. It’s about making the experience for the legitimate users seamless and secure – ensuring that they’ll return again and again.
Online Identity as a whole with Michelle Hafner, NuData Senior Vice President of Product Strategy & Execution
In her discussion with Patel, the NuData COO laid out the stakes for companies that are considering whether to use behavioral tools. Hafner noted that one of the key benefits of behavioral tools is that they optimize the user experience. They allow the company to take a layered approach to security and reduce friction for legitimate customers, only adding additional authentication measures where necessary.
Behavioral tools should be used by companies to apply context to the customer journey. For example, a one-time passcode might be tolerated, even welcomed, when a customer is trying to access their online banking account. This additional layer of security often makes customers feel satisfied that their accounts are well protected. However, customers are not going to feel the same way when faced with two-factor authentication just to play their favorite online game.
“If you don’t do it right, you’re going to have churn.” Hafner said. “You’re not going to have repeat customers.” (5:21)
By incorporating behavioral tools into their security strategy, companies can do it all: provide their trusted customers with a seamless user experience, keep their accounts protected, mitigate fraud, and block potential fraudsters, all at the same time.
Watch all four episodes of Making Sense of Online Identity: