Recognizing good customers is a central concern of any digital business. But how can we achieve that in a digital world where consumers enjoy unprecedented anonymity? Digital identity could be the key to opening up new markets for an ecommerce business by building trust not based on who the customers are, but what they do online. Reed Taussig and Vanita Pandey from ThreatMetrix explain why digital identity and strong authentication are essential for the online industry.
What have been the key talking points at the Digital Identity Summit in London today?
Reed Taussig: We’ve been holding the Digital Identity Summit for about 6 to 7 years in the U.S. and have enjoyed good public participation from all over the world. But this year, we wanted to bring the show to the audience. Europe is one of the areas where we have made big investments, many of which have been very successful for us. By being here, we wanted to assure the public and our customers that we are committed to the region.
The second key topic that we wanted to bring up at the Digital Identity Summit is strong authentication under PSD2 and how it relates to the ecommerce and banking industries. I think putting things into context is essential, especially now when we live in a world that is much more connected and much more digital.
According to an Accenture report, 25% of the world’s economy is tied to the internet. Once you end up in a situation where that is the case, you become an internet-based selling entity operating on a global basis. In the context of global trade, cross-border authentication becomes a big issue. Cross-border transactions, according to the data we see on the global ThreatMetrix network, are 6.7 times more likely to be declined. The losses can reach USD 1.5 trillion, which, for the sake of putting things in perspective, represents 50% of the entire UK economy or 10% of the entire U.S. economy. A company that manages to improve acceptance rates could grow its ecommerce business to unimaginable heights.
According to the Q1 2017 Cybercrime Report from ThreatMetrix, there has been an explosion of stolen identity data, fueling more than 130 million cyberattacks in the first three months of this year. Could you elaborate a bit more on how these attacks have been evolving?
Vanita Pandey: In our report, we talk about global shared intelligence, which becomes very meaningful when it comes to protecting against fraud. Even if, from a consumer’s perspective, you do not have an overlap between two banks, fraudsters are in a position to hack both of your accounts with them. It is important to remember that good customers act locally and fraudsters act globally.
By simply living in a more global, more connected world, there is the risk of fraudsters gaining access to global data and attacking businesses in another part of the world from a completely different location. For example, we have identified the U.S. as the biggest attack destination, while Europe is the biggest attack generator with 50% more attacks coming from here. Moreover, I think the attacks are getting more frequent and higher in value as they gain access to more complex patterns that are ever-evolving.
We are also seeing a big discrepancy between the fast adoption of new technologies and the readiness levels of businesses to deal with these threats. Many people do not understand the importance of digital identity and are not aware that fraudsters and hackers are constantly refining their methods, making them more efficient, powerful and dangerous.
In the context of PSD2, there are 2 major issues that are being discussed related to authentication, mainly strong customer authentication and open APIs for banks. Can you elaborate on how ThreatMetrix has developed its products to help banks and PSPs comply with these new regulations?
R.T: We are in the process of rolling out a strong authentication suite in compliance with the new regulations, and our products are FIDO (Fast Identity Online) Alliance compliant. However, we believe that looking at strong authentication as a standalone issue is wrong. Businesses, and especially banks, have to look at it in the context of their existing risk-based solutions and how these solutions must be aware of context. For example, if I simply log in to my bank account to check my balance, there is no need for strong authentication under PSD2. On the other hand, if I have to transfer USD 50,000 to somebody in London, I would appreciate it if the bank would use some strong factor authentication to ensure that the money transfer is secured.
V.P: To add to this, leveraging shared intelligence is another crucial factor for accurate authentication. We look at the transaction amount, history tree, the risk profile of the customer, the malware risk and then we put this data into a global context of shared intelligence, which makes digital authentication stronger.
Can you elaborate more on ThreatMetrix ID? How does the solution work and what does it bring new to the table?
R.T: We have always maintained the perspective that our business value is in our shared global intelligence. What sets our solution apart is not the amount of data we have, but how we use it. The main feature of our product is that we do not need to know your name to know who you are.
Someone’s digital identity is a set of attributes that are associated with that person: phone number, email address, owned devices, credit cards, etc. By leveraging the data provided by these attributes, we can create trust tags, which tell a customer whether a client has been securely identified before or not.
ThreatMetrix ID assigns a unique identifier for individuals by combining all elements of an online persona, in an anonymized way. This takes into account not only their immediate behavior but their history accross digital channels. Creating a digital graph means you can visualise the transaction hitting your website or app, in context of your own rules. These attributes provide insight that allows merchants and banks to recognize safe transactions and avoid risky ones, regardless of the geographical area.
About Reed Taussig
Reed Taussig is President and Chief Executive Officer of ThreatMetrix. With expertise in building high-growth companies at the forefront of technological change, Taussig has led ThreatMetrix since 2008. Under his leadership the company has become the driving force in an emerging digital identity space by leveraging pioneering global shared intelligence technology.
About Vanita Pandey
Vanita is the Vice President of strategy and product marketing at ThreatMetrix, the Digital Identity Company. Vanita is the Vice President of strategy and product marketing at ThreatMetrix, the Digital Identity Company. In this role, Vanita leads the strategic vision and go-to-market for ThreatMetrix products and solutions.
About ThreatMetrix
ThreatMetrix, The Digital Identity Company, operates a global shared intelligence network to differentiate trusted customers from fraudsters. The ThreatMetrix Digital Identity Network® recognizes behavior and identities across 4.5 billion unique devices from 1.4 billion anonymized users worldwide. More than 5,000 businesses rely on ThreatMetrix as their decision engine to deliver a frictionless digital customer experience across all online transactions, for increased profitability and security. ThreatMetrix is recognized as the Leader in the 2017 Forrester Wave for risk-based authentication.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now