Know your customer: device fingerprints streamline customer authentication
Which is more important: detecting a fraudster or authenticating a customer? Detecting fraud gets top billing in the news most of the time, but four years ago (an eternity in tech years) ComputerWorld’s Jay Cline put customer authentication front and center in an article titled “How to Build Privacy Into Customer Authentication.” Yesterday one of my Google alerts surfaced this article prompting me to consider what it says in the context of today’s technology.
Mr. Cline made a case for adopting a “tiered authentication policy,” meaning that the sensitivity of the account being accessed determines the level of authentication. In other words, require more pieces of personal information to authenticate access to higher risk accounts.
He further pointed out that there’s a downside to this approach: “Giving companies more information is dangerous, privacy advocates say, because no business has perfect security. And all customers have a point at which they’ll abandon a registration process if too much information is required.”
Biometrics, such as scanning human fingerprints for identification are even more invasive. But in the four years since this article appeared device fingerprinting has entered the picture providing a new and elegant solution to authenticating customers without forcing the person to give up more personal information.
More recently, the privacy experts at Ponemon Institute have looked into privacy, device fingerprinting and what consumers think about having their PCs fingerprinted. I wrote about this subject in more depth a few weeks ago, read it here.
- Tom
