#GartnerSEC: Combine Security and Customer Experience Online to Tackle Fraud

Creating trust on the internet requires the aligning of effective online fraud protection with good customer experience, according to Jonathan Care, senior director analyst at Gartner.

Speaking during the Gartner Security and Risk Virtual Summit, he observed that currently, many e-business fraud prevention teams are overly focused on loss prevention; indeed, 58% of Gartner clients have stated that fraud prevention blocks the goal of having a frictionless customer experience. Yet the two go hand-in-hand. Care said: “Many security failures and omissions can be traced to poorly designed UX.”

Trust often means something different to customers than it does for those in the cybersecurity sector, and if security measures impede user activities, it can prove a source of frustration, potentially leading to the loss of business. “Often this comes from a poorly designed security experience,” noted Care.

This includes upfront demands for sensitive security information and lack of device and channel crossover with regard to security requests. Care stated: “As a consumer, it shouldn’t matter to me if I am transacting via a web portal, a mobile app, or even interacting via the contact center.”

In addition, when online channels are targeted by hackers, this also causes “a reduction in engagement due to the loss of trust. We see a drop in traffic and therefore commerce revenue.”

It is therefore critical that online businesses find a model that combines safety with a seamless customer experience. Care believes there are three pillars to achieving this. Firstly, a commitment to prioritizing trust and safety to ensure the customer experience is slick, including with security measures like authentication.

The second is customizable customer flows, in which the risks associated with individual customers at any point in time are assessed to determine the level of security required. This can be achieved be detecting soft signals such as the use of behavioral analytics and device measurement to see whether additional authentication is needed. Care commented: “When the transaction risk is high and when the trust in the customer is low, then we need to bring in that identity proof.”

The third is the utilization of automated fraud solutions, which use analytics and machine learning to “govern a strongly defined rules base.” For example, this may include the option to redirect a customer to a manual, in-person interaction.

This requires a change in mindset, processes and technologies, according to Care. In terms of the technologies that are needed to underpin this approach, adoption of fraud detection systems that adapt to the user journey are vital, particularly those that incorporate machine learning methods, such as identity graph evaluation and analytics.

This must be done incrementally, as systems should constantly evolve to meet the changing threat landscape, as well as retain flexibility to meet new customer preferences.

Care concluded: “For consumer-facing e-businesses, trust and safety must govern the user experience and not loss prevention.”

What’s Hot on Infosecurity Magazine?