February 22, 2019
February 20, 2019
Posted October 10, 2017
It is no secret that we live in a post-data breach world. A simple glimpse at the news serves as a sobering reminder of this fact.
One of the most recent breaches, which targeted Equifax, is getting quite a bit of scrutiny, with the U.S. Congress even stepping in to review what happened.
So, before getting hit with a breach and possibly finding yourself sitting in front of Congress, it might be a good time for all digital businesses to take a step back, review your processes around customer authentication and explore the benefits of using digital identities.
At every touchpoint along the customer journey, critical decisions need to be made – Is this a trustworthy customer? Should I accept this payment? But, are digital businesses making these decisions based on incomplete or fraudulent information? Recent history suggests they are.
Take the customer onboarding process, for example. A name, email address, password and social security number might have been sufficient in the past. But, that information is readily available on the dark web, rendering it ineffective today.
What about when a customer requests a password reset? Many digital businesses still rely on secret challenge questions. After all of the recent data breaches, the answers to those questions aren’t so secret any more.
Of course, customers don’t reach out exclusively via online channels, so any review should include all customer touchpoints.
Customers still contact businesses by phone for any number of reasons, including to change account information or make a payment. And, since contact centers don’t use video conferencing to talk to customers, agents must rely on the personally identifiable information provided by the customer for authentication – all of which could be stolen or compromised.
While it might seem tedious to review every step along the way, not doing so could be disastrous.
This readily available stolen data is, in essence, the key to getting into your business’s front door. In the offline world, if the keys to your house were stolen, wouldn’t you take some sort of action? Most people, once it was realized that the keys were missing, would not only check all the doors to make sure the locks haven’t been tampered with, but also change the locks.
That’s what digital businesses need to do. The keys to your locks – a customer’s personally identifiable information – have been stolen. And it’s time to change those locks – for good.
If anything was learned from the Equifax breach and the subsequent hearings, it’s that a new method of customer identification is sorely needed. The former CEO of Equifax, Richard Smith, said so himself.
“The concept of a Social Security number in this environment being private and secure—I think it’s time as a country to think beyond that,” Smith said. “What is a better way to identify consumers in our country in a very secure way? I think that way is something different than an SSN, a date of birth and a name.”
Those statements were echoed by Rob Joyce, special assistant to the president and White House cybersecurity coordinator.
“I feel very strongly that the Social Security number has outlived its usefulness,” Joyce said last week at a cyber conference in Washington.
Joyce added that officials are looking into “what would be a better system” that utilizes the latest technologies, including a “modern cryptographic identifier.”
It seems like Joyce is calling for a solution like ThreatMetrix ID™.
Our groundbreaking ThreatMetrix ID provides a unique, anonymized identifier for every recognized user in our Digital Identity Network®. It delivers a visual representation of all the attributes that make up a digital identity. And, it provides your businesses with a confidence score on the veracity of that Digital ID, empowering you to make accurate decisions about users and transactions.
It can be utilized across lines of business and throughout your organization, providing a fully integrated and holistic approach to customer authentication.
Yes, the era of using static personal information, such as a social security number, email address, password and the like, for customer identification is over. This way of authentication no longer serves the purposes of today’s digital businesses – or today’s digital consumer.
A new era has emerged – one of trust and identity in the digital economy.
And, based on what was said at the recent Congressional hearings, it looks like others are finally catching on to what we’ve been saying for quite a while now – it is time for digital identities.