Article 5 min

What consumers think about online security and how brands can respond

Consumers and online security

According to a recent survey done by Trulioo, of 3,000 consumers living in the U.S., U.K. and China, 60% reported that they purchased more products or services online than they did before the pandemic. This shift in consumer habits, however, comes with a number of challenges that must be addressed.

New accounts, new opportunities for attack

Many people who’ve come to rely on online commerce during the Covid-19 pandemic are relatively inexperienced with the tools for staying safe online. Some of these people may have had a few digital commerce accounts before, while others may have been entirely new to online shopping. As the ninth edition of Forter’s Fraud Attack Index (registration required) revealed last September, people new to eCommerce are more likely to employ weak passwords and neglect best practices like two-factor authentication. The result? Millions of new online accounts are unusually susceptible to account takeover attacks.

While consumers should educate themselves about the risks of account compromise, online businesses also have a responsibility to help keep their customers safe. According to the Trulioo survey, more than three-quarters of people believed that the past year had put them at greater risk of online fraud than they were before the coronavirus, and 72% said they believed that their personally identifiable information (PII) is available for sale somewhere online.

Unfortunately, millions of Americans face the harsh realities of the misuse of personal information. The Federal Trade Commission’s (FTC) Consumer Sentinel Network took in approximately 1.4 million reports of identity theft alone last year, more than double the amount of incidents reported in 2019. Specifically, more than 365,000 reports involved identity thieves opening new credit card accounts.

A series of high-profile data breaches, such as Marriott and Solarwinds in 2020 and T-Mobile this year, continue to stoke fears and skepticism around the security of accessing services and buying products online. But as more interactions inevitably occur digitally, online businesses should be working overtime to build and maintain a sense of trust and safety with their customer base.

Walking the tight rope of security and convenience

One of the core tenets of trust and safety online is to ensure legitimate consumers can transact safely and at the same time prevent bad actors from perpetrating financial crimes or fraud. To help achieve this, online organizations need to reliably verify and authenticate a person is who they say they are by introducing identity checks.

While eCommerce companies might worry that putting these checks in place will put a barrier for customers, there’s data that reveals shifting consumer expectations. For example, 71% of participants in the Trulioo survey indicated they worry brands are prioritizing speed over security, and almost half of respondents said that the onus is on businesses to protect their customers from online fraud or identity theft.

Additionally, findings from a FICO report delving into Covid-induced digital transformation in financial services reveal that U.S. respondents have high expectations when it comes to identity verification. 62% expect to have to prove their identity when opening an account digitally, and 42% said they would expect the need to set up biometric identification.

Best practices for mitigating risks

Identity verification is complex considering the vast differences among consumers around the globe that span different markets, industries and jurisdictions. Every interaction presents a unique scenario that poses different levels of business risk.

Striking the perfect balance between mitigating risk and offering a positive customer experience, organizations need to deliver just the right amount of friction via a risk-based approach. This means carefully considering the risk profile of a consumer and metering out the appropriate level of due diligence or friction.

To supplement more traditional identity verification methods, organizations can also harness a trove of invisible mobile data, like typing speed, to help differentiate bot from real human and spot suspicious user activity.

Importantly, online businesses need to think critically about information to be requested at critical stages of the customer journey, like onboarding or account creation. By mapping out information use, understanding how that information flows and implementing strategies accordingly, security risks are mitigated. Businesses also need to be explicit and transparent about their data collection policies and ensure they only collect mandatory information. This means working toward the principle of data minimization, that is, avoiding the collection of extraneous information on customers and only using data for its intended purpose.

Finally, fraudsters and bad actors are consistently looking at new potential vectors for fraud. It’s therefore critical for every online business to stay abreast of the latest trends in the security realm and frequently take stock of their processes to ensure they’re strong and resilient. Internet businesses should recognize that security isn’t just a responsibility but a must to maintain the trust and safety that underpins all of our digital interactions.

This article first appeared in Forbes.