All posts by David Britton, VP of Strategy, Global Identity & Fraud

Experian has been named a leader in Liminal’s Link Index for Account Takeover Prevention in Banking. Download Report Advances in technology have increased the scale and sophistication of fraud attacks for businesses around the globe with a significant increase in recent years in account takeover fraud (ATO). During the pandemic there was a rise in account opening attacks as the world moved in lockstep to digital channels, creating huge growth in online digital accounts. Now fraudsters are attempting to takeover those digital accounts and are leveraging AI tools to convince consumers to give away their login credentials, creating an enormous financial risk and loss for banks and other service providers. In a March 2024 survey of bank buyers across North America, Europe, Latin America, Asia Pacific, and the Middle East, Liminal found that ATO attacks now average $6,232 per incident, while fraud teams have reported a 66.8% increase in social engineering attacks in the past two years. However, Liminal also found that despite the growing exposure, only 44% of banks are leveraging mobile device signals. The opportunity for banks to implement more effective tools is the result of a combination of factors: 96% are worried about balancing ATO prevention with privacy laws. 82% say customization was necessary to comply with regional regulations. 96% have concerns about limitations on device signals stemming from data restrictions with consumer technologies. As a result, banks are faced with a three-pronged problem: simultaneously solving for authentication, identity and fraud prevention. Identity across the customer lifecycle Truly understanding a customer, especially in a digital-first environment where hundreds of billions of events occur each year, requires much more than ensuring a name matches a social security number and a physical address. The customer, their account information, the device they use, the network they are coming from, the geolocation of their device, and the behavior they exhibit are intertwined. Banks must now assess more information than ever before to try to distinguish between a legitimate customer and fraudsters. This challenge only gets harder when businesses require more complex passwords, which users promptly forget. Fraudsters, ever creative, exploit the password reset processes to impersonate the customer and convince businesses to give them the new reset password. In ATO attacks, often the only data presented to a business by the user at the time of login is a username and password. However, there are hundreds of other variables that may be passed back and forth between the device and the business in that digital moment, which can be useful for identifying potential threats or legitimate users. This exercise can be a monumental task that involves capturing vast data sets, knowing the difference between critical data and data that increases workload, analyzing that data and then marrying that back to what you know about the customer, all in a few milliseconds. And this is where one of the biggest hurdles exists. These vast data sets sit across a complex set of systems and technologies that have been implemented (but not fully integrated) over time. And consider within this context, the authentication team managing ATO that would otherwise benefit from a cohesive set of data isn’t usually aligned with the general fraud teams and is even further separated from the credit risk or compliance teams. These gaps in technologies and teams hinder ATO prevention and provide zero support for any interdependencies with other critical functions – and fraudsters are more than happy to exploit this weakness. On the other hand, managing a more complete view of the customer (which allows the business to streamline operational costs, data costs, and infrastructure costs) to prevent more ATO attacks and provide a more seamless experiences for the consumer has never been more possible. A fundamental shift in mindset is required to prevent fraudsters from exploiting gaps between business functions. Legitimate customers do not care about these internal divisions; they only see the inconsistency when one part of the business has no knowledge of them compared to another. This disconnect not only frustrates customers but also undermines trust and security. To effectively combat ATO attacks, financial institutions must leverage comprehensive data insights that cover various touchpoints. Integrating identity verification, device intelligence, and behavioral analytics is essential for distinguishing legitimate users from fraudsters. Breaking down traditional silos and enabling seamless data sharing ensures a holistic approach to fraud prevention, delivering a secure and frictionless customer experience. Liminal, a leading market intelligence firm specialising in digital identity, cybersecurity, and fintech markets, recently named Experian as a leader in its Link Index for ATO Prevention in Banking. Leading in ATO prevention The report highlights vendors that lead in authentication, fraud and identity and based on two primary criteria: product execution and strategic positioning. As a top-ranked vendor overall and in product execution, Experian’s performance underscores the effective integration of identity management in our solutions, positioning us as a leader in shaping strategies for account takeover prevention over the next five years. Download Liminal’s Link Index for ATO Prevention in Banking “When it comes to ATO prevention, banks are prioritizing highly accurate solutions that minimize fraud losses and limit financial loss, while reducing customer abandonment through a seamless user experience. Overall satisfaction is most strongly correlated with scalability. As a leader in this evaluation, Experian not only delivers these capabilities to banks, it also demonstrates an unparalleled ability to meet the market’s growing demand, which is projected to reach $1.5 billion by 2028.” Will Charnley, Chief Operating Officer, Liminal The report details the trends that are fundamentally reshaping the ATO threat landscape and today’s specific challenges, as well as those on the horizon, that banks must overcome, while also meeting an increasing expectation of customer satisfaction. Key statistics detail a prescriptive assessment of the market landscape and total addressable market, as well as findings from a March 2024 survey of banks conducted by Liminal, which includes: Specific key purchasing criteria (KPC). The scale and average cost (by volume and per incident) of ATO attacks. A descriptive methodology for calculating fraud loss opportunity costs. A priority-tiered description of ATO solution capabilities. As banks continue to operate in a competitive digital environment that favours excellent customer experience in parallel with fraud prevention, it is crucial to recognize that the front-end experience mirrors back-end operations; therefore, creating seamless integration on both sides is critical. Download Report CrossCoreR provides a fully-featured toolkit that leverages a wide range of capabilities for highly accurate and scalable ATO prevention.

It's hard to imagine an individual customer volunteering to remember multiple online passwords for various online accounts. Yet, for most of internet history, passwords have served as the backbone of online security and recognition—and given fraudsters easier access to our personal and financial data. Fortunately, our recent report reveals that consumers and businesses are evolving how they think about online recognition and authentication. Passwords are no longer consumers' preferred method of online security. For the second year, they didn't even make the top three list of what consumers consider the safest recognition methods. Instead, consumers are increasingly open to a variety of recognition tools, from physical and behavioral biometrics to one-time passcodes. By providing recognition choices, companies can improve the customer experience, decrease fraud, and ultimately build even more brand trust. Consumers are moving beyond passwords, but what should come next? Around the world, consumer fraud concern is rising in tandem with fraud activity. More than half of consumers report that they're worried about fraudulent online transactions, and 40% say that their concern has grown over the past year. That's likely because online fraud has become a far too common experience. For instance, 58% of consumers say that they've been a victim of fraud or know someone who has been a victim, and 83% of consumers say online security is their top priority. The awareness has made consumers more interested—and more confident in—emerging online recognition tools. It seems that many are not only tired of passwords but also understand how easily passwords can be compromised. Those surveyed ranked physical biometrics, pin codes delivered to a mobile device, and behavioral biometrics as the safest recognition methods. Notably, consumer confidence in each of the top three methods has increased significantly since 2021. This confidence in advanced recognition tools spans generations. For instance, 90% of Baby Boomers rank physical biometrics as the most secure, and 82% of Gen Xers and 75% of Gen Z say the same. Meanwhile, 81% of Millennials say behavioral biometrics are the most secure. These survey results suggest that most consumers are aware of fraud risk and willing to explore technologies that make their online transactions safer. Why recognition choice leads to better business outcomes Amidst this environment of change, financial service companies have the opportunity to introduce advanced recognition methods. Consumers are showing their willingness to move beyond passwords. But which recognition method should financial service companies choose? Which one will win out over the others? There's no one right answer. Consumers rank physical biometrics, pin codes, and behavioral biometrics as their top three preferences; however, there is no runaway leader in the group. Which method consumers prefer depends on what they're prioritizing. For instance, consumers who want convenience prefer physical biometrics, while people who value security tend to like two-factor authentication. The ambiguity around preferences allows businesses to introduce choice to their customers. Companies can offer visible methods that give customers access to the newer recognition tools they're beginning to prefer. Meanwhile, continuing to layer invisible methods that strengthen the overall security profile and enhance the customer experience. A menu of recognition options speaks to customer sentiments toward emerging technologies and may engender more trust and loyalty to a brand. For example, our 2022 research shows that 59% of consumers say that use of artificial intelligence increases their trust in a company. The key is being transparent about the choiceson offer and the role they play in protecting customer accounts and data. For example, explaining that the data underpinning specific authentication methods never leaves the device can go a long way with customers who may have misguided assumptions or reservations about specific recognition tools. The orchestration imperative Implementing choice can help customers improve the perception—and reality—of their online security. But leveraging multiple recognition options can also help organizations to better fight fraud. Multiple options enhance understanding of the customer and enables data analysis that can more easily identify outliers. The numerous data points strengthen recognition efforts, which further reinforces trust. It's a virtuous cycle that improves the customer experience and benefits the business. However, implementing multiple recognition methods can be a costly endeavor. Whether using outside vendors or developing and maintaining tools in-house, businesses should be layering recognition tools in the most efficient (and affordable) way. This is where orchestration tools really help. Creating secure environments for customers and businesses will continue to be complicated. Fraudsters are only getting more creative, and mitigating their impact requires a complex web of solutions that stymies them at various points. By starting with an orchestration engine, businesses can launch and manage multiple recognition methods more elegantly, using each tool correctly and at the right point in the customer journey. This strategic approach creates a single point of access to fraud and identity solutions, giving a 360-degree view of customer identity and reducing friction across the customer lifecycle. The days of passwords as the primary recognition tool are waning. Today's consumers understand the benefit of advanced recognition methods and will use them to increase their security, convenience and privacy. Offer customers choices, and businesses can meet these evolving expectations and decrease fraud risk along the way. Stay in the know with our latest research and insights:

As holiday shoppers flood online to finish up last-minute gift-buying, there's a high chance that they're paying attention to not just product prices or shipping times but also the security of their transactions. In 2020, with many stores still closed down due to the pandemic, digital sales over the holidays increased by 20%. Though we're still awaiting figures from this year, all signs point toward an increase in digital transactions that's here to stay. But as online transactions have ramped up, so have consumer concerns about the safety of their online activities. The recent Global Insights Report showed that 42% of consumers are more worried now about online safety than they were last year. The concern is understandable—as more people head online, we've seen a record number of breaches. However, now more than ever, businesses need to integrate security into their customer experience, taking a layered approach that provides added protection without additional hassle. Heading into the new year, those that can show they prioritize security as part of the customer experience—and not adjacent to it—will earn the trust and business of a rapidly expanding online customer base. More activity, more risk We've been tracking consumer and business activity online over the course of the pandemic. Our most recent research, drawn from surveys done in October, reveals a 25% increase in digital transactions worldwide since the beginning of the pandemic. It's a figure that's remained constant, even as covid-related restrictions wane and people venture back out to physical stores and banks. This massive digital shift happened in response to a crisis. Businesses such as financial services, restaurants, medical organizations, and retailers suddenly experienced a flood of online business and digital demand. Their option: Respond or be left behind. But as the dust settles, the enormity of the shift and how fast consumers normalized digital behavior is quite astounding. Someone who may have never considered online grocery delivery now uses it regularly. People who habitually visited their bank branch may now bank on their mobile devices. The examples are infinite. Consumers that made the online shift did so initially for physical safety reasons. They didn't want to be close to crowds or strangers because of the virus. Online felt safer. But now that digital transactions are part of many people's daily activities, consumers are awakening to the risks of online transactions. Many may have already experienced a breached account or received a notice that their data was compromised. Indeed, we saw a significant increase in attacks over the year across industries. Ransomware attacks alone are on track to reach 700 million by the end of 2021, a 1,300% increase from the year before. Best practices for better online security in 2022 More consumers are transacting digitally, and that's good news—businesses can expand their reach, grow their revenues, and introduce new digital products. But the question is: How can you leverage the growth while still keeping customers safe—and importantly, not impeding, their online experience? The answer rests part in mentality and part in action. Let's start with the first. Understandably, security guidance in the past often split the onus of safety between the business and customer. Who hasn't reminded customers that they need good password hygiene, device security, and personal data practices, or they may put themselves at risk. Indeed, customers paid attention; they ranked security as their number one priority. But the days of relying on customer actions are over. Businesses that gain customer trust in the future will be those that empower customers to improve their security while actively working to ensure that even if customers fail—their systems do not. You can achieve this by: 1. Beginning everything with a security mindset Businesses need to make security part of their growth strategy. That way, when they do experience planned — or unplanned — surges in activity, their security systems scale to meet them. Coordinating security across functional teams in the event of anticipated demand increases is another smart way to keep customers safe as your business grows. For instance, if marketing is planning a major campaign to spur online purchases, then IT and security need to know about it ahead of time. 2. Developing a multi-layered security strategy There is no magic bullet for preventing cyberattacks, account takeovers, or data breaches. But you can create hurdles for bad actors at every single turn. Combining device recognition, document and identify verification, and behavioral identification makes it that much harder for cybercriminals to impersonate your customers. Our research shows that customers are increasingly willing to provide more personal information to businesses if it means increasing their online security. They're eager to double-down if you are. 3. Utilizing vendors that keep you competitive The security space is evolving rapidly, and it's difficult for individual businesses to mind their own digital operations and keep pace with cybersecurity trends. Fortunately, high-quality vendors can do that for you, providing updated systems, education on new threats, and access to emerging technologies that keep your company and customers safe. The added benefit of these best practices is that they improve the customer experience along the way. Our research shows that customer loyalty to specific online brands is dipping—61% say they're interacting with the same companies online, which is a decrease of 6 percentage points from the previous year. Add in supply chains issues that are impacting inventory, and consumers are primed to find alternatives to their favorite online businesses. But the problems we’ve faced during the pandemic don’t have to define our digital future. Combine security with a quality experience in 2022, and you can attract and retain online customers that come for your product or service and stay because they feel safe. Stay in the know with our latest research and insights:

Why digital acceleration has created more opportunities for deepfake fraud tactics like voice cloning and what businesses can do about it Digital acceleration has placed information and services in the hands of the masses, connecting individuals on a global level like never-before, and in turn making them increasingly dependent on devices in their daily lives. The argument for technology as an equalizer in society is a strong one. Most people have a voice and a platform, producing millions of virtual interactions and recordings every day. But in this digital world of relative anonymity, it is difficult to know who is really on the other side of the connection. This uncertainty gives fraudsters an opening to threaten both businesses and consumers directly, especially in the realm of deepfakes. What is a deepfake? Deepfakes are artificially created images, video and audio designed to emulate real human characteristics. Deepfakes use a form of artificial intelligence (AI) called deep learning. A deep learning algorithm can teach itself how to solve problems using large sets of data, swapping out voices and faces where they appear in audio and video. This technology can deliver extraordinary outcomes across accessibility, criminal forensics, and entertainment, but it also allows a way in for cybercriminals that hasn’t existed until now. Deepfake fraud tactics A principal tactic among deepfake fraud is voice cloning – the practice of taking sample snippets of recorded speech from a person and then leveraging AI to understand speech patterns from those samples. Based on those learnings, the modeler can then use AI to apply the cloned voice to new contexts, generating speech that was never spoken by the actual voice owner. For businesses, deepfake tactics such as voice cloning means access to points of vulnerability in authentication processes that can put organizations at risk. Fraudsters may successfully bypass biometric systems to access areas that would otherwise be restricted. For government leaders, it can mean the proliferation of misinformation – a growing area of concern with huge repercussions. For consumers, the risk of falling victim to scams involving access to personal information or funds is particularly high when it comes to voice cloning. How to prevent deepfake fraud 1. Vigilance: Stay on top of sensitive personal information that could be targeted. Fraudsters are always at work, relentlessly seeking out opportunities to take advantage of any loophole or weak spot. Pay close attention to suspicious voice messages or calls that may sound like someone familiar yet feel slightly off. In an era of remote work, it is important to question interactions that can impact business vulnerabilities – could it be a phishing or complex social engineering scam? 2. Machine learning and advanced analytics: Deepfake fraud is an emerging threat, which leverages the development and evolution of the technology that fuels it. The flip side is that businesses can in fact use the same technology against the fraudsters, fighting fire with fire by deploying deepfake detection and analysis. 3. Layered fraud prevention strategy: Leveraging machine learning and advanced analytics to fight deepfake fraud can only be effective within a layered strategy of defense, and most importantly, at the first line of defense. Ensuring that the only people accessing the points of vulnerability are genuine means using identification checks such as verification, device ID and intelligence, behavioral analytics, and document verification simultaneously to counter how fraudsters may deploy or distribute deepfakes within the ecosystem. As with many types of fraud, staying one step ahead of the fraudsters is critical. The technology and the tactics continually evolve, which may make the countermeasures on the table right now obsolete, however the fundamentals of sound risk management, with the right layered approach, and a flexible and dynamic solution set, can mitigate these emerging threats.   Stay in the know with our latest research and insights:

Fraud threats continue to rise across the globe as consumers are spending record amounts of time online due to the pandemic. At the same time, emerging threats of fraud are growing, as fraudsters are taking advantage of the globally shifting economic conditions. Fraud prevention remains a top concern for both consumers and businesses alike. Anticipating future fraud risk is critical and companies are adopting more complex technology systems to ensure consumers’ financial safety. To provide a safe and convenient experience, businesses need to take a customer-first approach when evaluating the latest technology and solutions available to them. To ensure they are providing secure online experiences, businesses are turning to verification strategies using data technology and other detection methods. In fact, according to this year’s Global Identity and Fraud Report, customer recognition security strategies have become the new norm for businesses with 82 percent of companies saying they now have one in place, a 26 percent increase since the start of the pandemic. An independent research firm headquartered in Germany, KuppingerCole Analysts, released a report, Leadership Compass: Fraud Reduction Intelligence Platforms, that provides an overview of the market segment, vendor service functionality, prevention measures and innovative solutions to fraud. The report cites Experian as an overall leader, product leader, innovation leader, market leader and technology leader in fraud reduction intelligence platforms. Experian is also credited for taking a client-oriented upgrade approach and delivering other cutting-edge features while maintaining compatibility with our older platform releases. We also scored a strong positive for interoperability, usability, deployment, innovativeness, market position, financial strength and ecosystem; and a positive in security and functionality. We pride ourselves in our digital identity protection services and consumer safety, taking proactive approaches to fraud prevention and providing businesses with the necessary tools to identify risks of fraud. The report discusses fraud prevention measures and innovative solutions to fraud. According to the report, cybercrime costs will reach $10.5 trillion by 2025. The report evaluated 15 different data security and fraud prevention platforms and ranked their products, innovation, market positioning and technology in their report. All of Experian’s fraud detection and prevention services are available through our CrossCore® partner ecosystem. By combining advanced analytics, rich data assets, identity insights and fraud prevention capabilities, businesses can connect any new or existing tools and systems in one place, whether it be Experian’s, Experian’s partners or its own. With its built-in strategy design and enhanced workflow, fraud and compliance teams have more control to quickly adjust strategies based on evolving threats and business needs, which helps to improve efficiency and reduce operational costs. Learn more about the CrossCore platform.   Stay in the know with our latest research and insights:

In this opinion piece on CEO World, David Britton, VP of Industry Solutions, Global ID & Fraud, discusses why, in today's increasingly digital world, it is much easier for fraudsters to operate on a global scale. As commerce and financial services ramped up their online offerings due to the pandemic, it enabled criminals to take advantage of people in vulnerable situations. There has been a significant shift away from previously prevalent fraud schemes such as account takeover, account opening and card-not-present, towards the direct manipulation of individuals to get to their personal information and payment details. "Not only have they been taking over the world, but fraudsters have been taking advantage of the growing digital environment, and as recent research from Experian found, 55% of consumers say security is the most important factor in their digital experience. It is important for individuals to know what to do to ensure that their information is secure and to have technology to utilize in order to fight against this issue. For both personal and businesses, there are ways to combat the scandals of fraudsters." Business fraud prevention With a focus on ransomware and email compromise, there are many things businesses can do to minimise vulnerability to fraud. A layered approach to defence is key, along with device intelligence and strong employee training. Personal financial fraud Although there is a common misconception that credit card details pose the biggest fraud opportunity, identity theft is by far the one to watch for consumers today. Fraudsters can use personal information for credit or payments. "Businesses must invest in new technologies in order to give people the added security they desire when accessing their accounts. In fact, according to our most recent Global Identity & Fraud Report, consumers no longer believe passwords are the most secure method for authentication. Since the pandemic, consumers have an increasing level of comfort and preference for physical and behavior-based – or invisible – methods of security." Read the full article Stay in the know with our latest insights:

In a recent interview, I had the opportunity to talk to Chris Preimesberger of eWeek about the latest Global Identity and Fraud Report. We discussed some of the business challenges executives face in the increasingly complex space around fraud mitigation while reflecting on how and why the pandemic has shifted the fraud landscape. Market movement – more of us were online than ever before With so many of us at home during the pandemic, access to digital services and the purchasing of goods online increased dramatically. According to our research, businesses responded by investing in supporting services to accommodate the increase in traffic. We saw a lot of action from businesses around how to improve the customer experience while getting a better understanding of who the customers are and how to get their online problems resolved. Our January research wave showed that with all this investment into customer experience and enablement, there were some key areas of investment. Analytics – the use of automation and AI to help make smoother, better decisions for customers – ranked highly in business priorities, but this approach does not exist in isolation. Businesses are also doubling down on support staff to ensure that consumers have a way, if there’s an anomaly in the process, to be able to respond. Whether that’s password resets or call centre staffing, there’s a desire and there’s an intention by businesses to increase staff on digital support. A shifting sense of recognition We also surveyed consumers on their preference for passwords versus other security methods. Security remains the top consideration for consumers when online, above others such as convenience, but interestingly, for the first time in four years password protection did not appear in the top three preferred security methods, favoring instead a more friction-less approach to authentication. This shift in consumer attitudes towards what we call invisible security paves the way for businesses to start to adopt more sophisticated or nuanced approaches to authentication and security. They can start to leverage behavioral analytics or device intelligence recognition without intruding on the user experience. Normalizing biometrics and the importance of a layered approach Customer attitudes around traditional biometrics are very positive – it’s one of the top-rated preferred security methods thanks to the providers that have popularised it through the mobile devices we all use every day. However, the challenge with pure biometrics is always at the point of enrolment – how do you ensure that the right person is assigning their biometric to a device? This is why a layered approach to security that incorporates traditional identity verification or authentication processes along with more advanced technical elements like behavioral analytics, device intelligence, network access, and transactional context is so important. For example, “Is this device associated with David’s account? Is this actually David or a bot? How does David hold his phone?” This includes layers of security that are considered privacy-safe, and may not even require traditional identity data but have anonymous attributes that can be associated with how someone interacts. This will be pivotal in allowing businesses to enable a more comprehensive, pliable, and flexible approach to security rather than relying on rigid but easily broken mechanisms that we’ve been using for a long time. Why the types of fraud will change as the world seeks normality Over the last year, fraudsters focused their energies on stimulus funding and many other forms of low-hanging fruit that they could easily go after, pulling back from their activities in traditional financial services or e-commerce. As the pandemic eases off in many parts of the world, fraudsters are likely to increase their activity in these areas once again as stimulus programs close down, and as consumers increase their spending. Fortunately, we found that more than half of businesses will continue to invest in fraud prevention solutions over the coming year. Fraud trends to watch in 2021 As we look at the direction in which fraud is moving, we know there is an increase in several types of fraud as we navigate what is becoming the post-pandemic world of 2021. Account takeover fraud is set to be on the rise again this year. This is when stolen credentials are used to gain access to systems. Account origination or new account opening fraud will also be on the increase, where fraudsters use stolen identities to create brand new accounts, including a rise in synthetic identity fraud. Card not present online transactions is something we will see in huge volumes given the explosion of online traffic over the last year, which will undoubtedly include an increased volume of fraudulent transactions. Stay in the know with our latest insights:

As the demand for digital exploded over the past year, companies responded in kind. Those who were prepared rapidly scaled their digital capabilities to accommodate the sudden influx of customers. And those who were caught off guard? Many found themselves scrambling to meet the moment. For both parties, the result has been an accelerated digital transformation that's benefiting businesses and customers alike. The focus has been primarily on improving the front-facing customer experience. But as we look ahead, the dramatic shift toward digital has also opened up opportunities to enhance the security and authentication experience too. By weaving authentication into the customer micro journey—the subsets of tasks that comprise the customer journey—we can strengthen security and decrease fraud. And the data collected along the way creates wholly new opportunities for personalization that improve the experience that much more. A brittle solution   The most common authentication approach requires customers to create usernames and passwords and provide personal information to verify their identities. Customers increasingly expect that companies will require them to provide this personal information to secure their accounts. In fact, in a recent Experian survey, 45% of customers said they'd be willing to share more personal data with companies. However, as long as passwords serve as the primary security tool, the approach remains vulnerable. First, it's unlikely that companies would (or should) continuously ask customers to provide passwords and verify their identity at various stages in the customer journey. This means that there's one big gate for fraudsters to scale and limited hurdles once they've gained access to an account. Certainly, passwords are unique to an individual, which is a positive. But they're also brittle, so they're easily broken or compromised. They don't flex with the user or the customer experience, nor do they offer security beyond a specific juncture. As we look to improve the customer experience continuously, we also need to provide end-to-end authentication. Doing so ensures you can recognize customers at every point of their journey, whether they're logging in or checking out. Securing the micro journey An end-to-end approach requires an understanding of customer micro journeys. It's not enough to provide a great digital experience, say via your account onboarding, but then have a completely different experience when a customer needs access to payment support. Considering micro journeys allows you to dive deeper into each component of the consumer lifecycle, and to understand the nuanced interactions that occur within each of those stages. Rather than just focusing on general approaches across Onboarding, Login Access, Transactions, etc., each one of these stages can be broken into smaller discrete steps (micro journeys), where opportunities exist to simultaneously delight the customer, and to create a much more nuanced risk management strategy. Then you can ensure that each task is seamless, easy, and personalized to the individual. Such a strategy can create deep and lasting customer loyalty. And identification remains a crucial part of every micro journey. No one likes to be at a party and have the host ask them their name repeatedly. The concept applies to security as well. Passive or invisible approaches to authentication eliminate this friction. For example, companies can continually authenticate the customer by employing physical or behavioral biometrics as they progress through the journey. The technology considers: How does the customer hold their device? What time are they usually active? How much pressure do they apply to the screen? Such data paints a much more nuanced picture of an individual—and one that's exceptionally hard to impersonate. And while privacy concerns arise, the type of data required to authenticate customers in this way is far less intrusive than asking for personal information. Customers are increasingly amenable as well. In our research, consumers cited physical biometrics, OTP, and behavioral biometrics as their preferred authentication methods. Passwords didn't even make the top 5. A holistic approach We're at a point in which forward-looking companies can rethink the complicated security dance they've been asking customers to do and move toward a more passive approach. It's an evolution that doesn't just improve the security experience; it also opens up massive opportunities for increased personalization. The data gathered across these micro journeys enables you to design experiences that truly meet customers' individual needs. That capability can become a significant differentiator and driver of growth. Getting there, however, requires a holistic view of your customer experience—one that includes security as a critical element. Our past three research waves show organizations are starting to deprioritize fraud prevention in favor of customer care and online offerings. This is a concerning trend: companies cannot forgo one for the other. Instead, organizations will need to consider both security and customer experience and creatively explore how to bring them together. It's a long-term strategy for customer retention and growth, one that requires a deep understanding of your audience as well as the solutions needed to enable passive authentication. For organizations, the journey toward passive authentication as part of the customer experience is more of a marathon than a sprint. But by focusing now on melding recognition and the customer experience together, organizations can ensure they're ready to deliver high-quality, less intrusive, and more secure experiences that customers are beginning to demand. Related stories: The evolution of digital identities What your customers say about opening new accounts online during Covid-19 and impacts on how you handle customer authentication 2021 Predictions: Consumer demand for digital will persist and the customer journey will be redefined  

As the world witnessed, the Covid-19 pandemic led to a swift and dramatic digital explosion. As lockdowns began, our day-to-day quickly shifted to a virtual environment. Now, on the back of this widespread response, businesses are forced to rethink their customer engagement model. And, with new digital-first customer journeys, there must be a shift to recognize customers in a predominantly digital way as well. The concept of identity – even digital identity – must evolve. Digitally observable information Recently, I spoke with Juniper Research about this imperative. After analyzing the global digital identity market, they’ve offered insights on current dynamics and trends shaping its future in their Digital Identity Report 2020-2025. Importantly, as we progress digital identities, we must consider more than what a user might typically provide about themselves. We must include digitally observable information, which forms part of a consumer's digital identity. This data includes their device (what they use), and behavioral insights (how they use the device or interact with an app or website). It even includes the specific context of their efforts (what they are doing), such as signing up for an account, moving money, making a payment, virtual window shopping, etc. Related story: View digital identity market trends infographic Intelligent data processing Of course, pulling these kinds of observations together in a meaningful and useful way requires intelligent data processing. This need leads to the use of technologies such as advanced analytics and machine learning to help make sense of the broad streams of data. The double benefit of understanding how to use this aggregated data is that, given the transparent and passive nature of observing data of this nature, it can be used without requiring the consumer to "do" anything other than going about their business. So, businesses can achieve multiple benefits by adopting a forward-looking stance to identity, including reduced risk of fraud, improved customer experience, and stronger consumer/business relationships, which ultimately leads to increased top-line growth. Consumer privacy preferences Finally, to maintain consumer trust as we progress, it's important to acknowledge consumer privacy preferences. Given consumers' concerns around privacy and security, this is an important element within the path forward. Businesses that are transparent around the use of data have been shown to garner greater consumer trust than those that don't offer that transparency. So, any reimagining of digital identity must also have "privacy by design" as a foundation to the approach – not only to meet growing regulatory demands – but, more importantly, to manage consumer expectations. “[It’s] estimated that in 2024 over $43 billion will be lost due to online payment fraud. As we carry on into an unknown future, disrupted by the pandemic, this interwoven nature of identity-security-privacy will play a vital part in making sure our internet, workplace, government services, and banking are safe havens.” -Digital Identity Report 2020-2025, Juniper Research Learn more about: Importance of the evolution of digital identities, including the ability to manage and access the growing volume of online accounts. Advancement of the identity space occurring through the simplified transmission of information via APIs, but the challenge remaining to ensure data is valid, authentic, and from an authorized person. Government attempts at digital identities have faced many challenges, but these use cases continue to progress the development of the digital identity landscape. Benefits to fraud management through the adoption of digital identities can be tremendous – decreasing risk by decoupling identities from transactions, making them more secure from both ends. Usability is king – a good customer experience underlying the use of digital identities will be critical to adoption, and therefore success. Maturation of identity offerings is currently occurring and what’s likely to be successful includes solutions that simplify identity services and those that rely on broader ecosystems. Remote working changes the enterprise approach, with the adoption of Zero Trust Architectures and relevant supporting technologies continuing to emerge to create a safe, yet flexible working environment. The digital identity competitive landscape is evaluated, including vendor analysis and Juniper’s leaderboard. Related stories: Fraud trends during a very pandemic holiday Digital Identity and Blockchain: What lenders need to know Why consumer trust in the digital experience is so important in a pandemic era

Fraud rates have held steady throughout the year despite the move to digital, but a few factors could change that this holiday season bringing greater losses than those of Christmas past. Globally, we’ve seen a spike in digital traffic as a result of Covid-19 the past 6-9 months, with some countries like Brazil reporting a 200% increase in digital traffic to retail sites. This means some physical fraud controls, like EMV or chip-and-pin, are no longer relevant. The number of data breaches this year compromised more than 36 billion records, eclipsing history’s reported record total. This means more legitimate credentials have been stolen, sold, and/or being used to commit fraud. On top of that, many businesses may be starting to loosen their online security restrictions in order to take full advantage of the topline revenue that comes with the influx of holiday traffic. This is especially true for those who’ve struggled to stay in business during Covid-19, who will look to increased holiday spending to offset declines earlier in the year. Unfortunately, fraud at the holidays is difficult to detect and there can often be a significant lag until fraud is realized, in some cases up to 3-6-months. So how do businesses protect themselves while providing a secure place for customers to shop online this year, especially during big events like Black Friday and Cyber Monday, while still offering a convenient digital experience? Businesses will need a layered approach to fraud management, and it starts by knowing what to expect. Holiday fraud trends to watch: Payment behavior: Most consumers will do all their holiday shopping online which means card-not-present payment fraud will likely spike, as fraudsters hide in the increased volume of traffic. With the shift from physical to digital transactions, traditional fraud controls, like EMV or chip-and-pin which are effective at minimizing card-present fraud, simply are not available to protect digital transactions. Average order value also tends to increase during the holiday season, requiring retailers to establish higher value thresholds for each order, to avoid flagging legitimate orders for review. Shipping behavior: Generally shipping behavior at the holidays is different than the rest of the year. People buy gifts and ship directly to the recipient, which means fraud detection logic that matches billing and shipping addresses to the legitimate cardholder may cause more false positives than fraud detection. Chargeback fraud: Holiday gift-giving pressure or loss of household income can sometimes lead to chargeback or friendly fraud, where a person may purchase an item – typically entertainment services or devices – use it and then return it, with or without intent to pay. Or in some cases, purchase an item, then issue a chargeback claiming no knowledge of the purchase. In-account fraud: Many retailers are now requiring a customer to set-up an account when making a purchase to identify their behavior and track purchase history. Like we’ve seen in the banking industry, fraudsters will use stolen login credentials to gain access to these legitimate accounts, make purchases using a card on file, and set up a secondary shipping address to re-route the items. Mule behavior: A newer form of fraud that’s gaining traction is where a legitimate customer is recruited to use either their shipping address or in some cases, their validated account to make a transaction using stolen payment information, receive the package, and forward to the fraudster’s address. Sadly, these fraudsters are known as “mule herders” are exploiting desperate, out of work people by recruiting them to work on their behalf. In the financial services space, victims may knowingly or unknowingly use their own bank accounts, to allow fraudsters to funnel money from other stolen accounts as part of an elaborate wire transfer or P2P payments fraud schemes. Phishing: The accelerated digital traffic during the holidays presents fraudsters a great opportunity to get consumers to click on all sorts of “offers” or fake merchant websites and steal personal information. This increase in phishing can take place across all known channels – email, phone, social, text, and web – and is a trend we’ve seen attack businesses and consumers alike. Unfortunately, fraudsters are appallingly impersonating health organizations, setting up fake cleaning and healthcare supply stores, Covid-19 statistic maps, and websites, all in an attempt to lure victims into divulging sensitive data. Who does fraud hurt the most? Online fraud during the holidays hurts many players in the transactional relationship – the legitimate customer, the merchant, and the bank or payment provider – but merchants tend to bear the biggest burden. This is best illustrated by the dispute process.  When making a purchase, the main relationship is between the customer and the merchant. However, when a stolen credit card is used, or when a consumer has been a victim of account takeover fraud or some other fraudulent behavior, the person will dispute the charge directly with their bank or credit card company (card issuer). Card issuers and banks will either hold the charges back or reverse the financial transaction until a resolution can be met with the merchant. It then lies with the merchant to prove that the transaction was in fact legitimate, and to dispute that chargeback. The consequences of fraud for the merchant include multiple pain points: the cost of the stolen goods (and any shipping fees), the chargeback fee, potential fines by the merchant’s acquiring bank, and potential reputational challenges. Fraud prevention during the holidays The pandemic has already put an incredible amount of pressure on businesses and the rise in sophisticated fraud attacks may seem insurmountable.  Creating a secure and convenient experience for your customers is possible and there are strategies and tools that can be implemented. Tools to layer into your fraud strategy: Require (and check) signatures upon postal delivery Offer immediate email confirmation and tracking number information Use a wide variety of digital and transactional data to make optimal risk/trust decisions Adopt dynamic risk strategies where controls can be adjusted to match the threat level Leverage machine learning models to access a variety of niche solutions or data sources for accuracy If 2020 taught us anything, it’s flexibility and resilience – two words that should describe your approach to fraud management this holiday season. The holidays can be a time of great joy, and this year most people are hoping the holidays will lift their spirits. Don’t let fraudsters dampen those holiday spirits! Related stories: New research available: The continued impact of Covid-19 on consumer behaviors and business strategies  Better identifying your customers leads to greater trust How to get more from your existing credit risk and fraud risk technology

Public and private organizations worldwide are embarking on ambitious digital identity initiatives, from the tiny country of Estonia to efforts that encompass much of Africa and India. At the core, the broad goal is often the same: Use blockchain or equivalent technology to provide individuals with a unique digital identifier. That digital identity then enables seamless, secure access to services—governmental, financial, or otherwise. However, as you delve into the details of each program, there remain more differences than similarities. Organizations may have different drivers for pursuing digital identities and varied approaches. And in these early days of digital identity development, there’s not yet a single plan for aligning initiatives across the public and private sector or even within the financial services industry. So how do organizations evaluate where to invest and when to act, when efforts are progressing and changing in real-time? The impetus now is to understand the fundamentals of digital identity programs and then evaluate what your organization stands to gain—or potentially lose. Get that sorted, and you’ll be ready to make smart digital identity decisions at the right time for your company and customers. The fundamentals of blockchain Much of the digital identity conversation centers around the notion of blockchain-based digital identity programs and their benefits to consumers or citizens. Broadly, these programs enable individuals to have a digital identity profile, which is tied to a basket of attributes and stored on a blockchain. Those attributes are verified when the identity is established. Consumers then use their digital ID, for example, to access their financial applications. And organizations can verify the person via their digital identity token. Such programs provide privacy for consumers; they also promise to accelerate and secure all sorts of processes from applying for loans to paying taxes. That’s because, with a digital identity, consumers don’t need to re-submit documents or provide personal information to various businesses and entities. Instead, they can allow institutions to access their digital identity for proof of who they are. The potential for such programs is already exciting, and we’ve likely just scratched the surface of what’s possible. Still, most of the discussions leave out a critical component. That is: how will programs establish a digital identity in the first place? As financial institutions assess the digital identity landscape, digging into how programs ensure that the right information makes it into the system is paramount. As the saying goes, it’s garbage in, garbage out. Regardless of how innovative the technology is, a consumer’s digital identity is only as ​trustworthy as the information that created it. The digital identity trade-offs The security of digital identities is very compelling—especially as cybercriminals become increasingly sophisticated. Businesses can easily authenticate customers, and consumers have more control over their information, which is an issue of growing importance. A recently released Experian study shows that consumers are most concerned about protecting their financial data over other types of information. As privacy and security assurances become part of the financial service value proposition, digital identity programs will likely be a differentiator for companies. That said, doubling down on digital identity can initially seem at odds with another dual technology priority: Taking advantage of data to provide hyper-personalized financial products and services. By tokenizing identity information, organizations may need to forgo some of the data that enables that personal, customized approach. In the long run, I believe companies will find creative ways to balance privacy with personalization needs. For instance, customers may rely on digital identities to navigate their financial networks and then opt to provide additional information about themselves in return for better, more personalized service. Financial institutions will need to weigh some similar factors when leveraging digital identity programs to improve customer experience. Digital identity programs promise to remove the friction caused by customer recognition and authentication. Again, the organization may give up some data collection to enable that seamless experience. But in the long run, companies will likely find that the related improvements and revenue opportunities gained more than makeup for any sacrificed information. ​At the same time, against a backdrop of an increasing number of stolen identity records, the idea that a digital identity program can help reduce the excessive proliferation of sensitive personal data is a significant benefit. The road ahead Financial institutions should prepare for the pending digital identity journey—even if they haven’t yet embarked. There are still multiple issues that the industry, consumers, and regulators will have to settle. For instance, there’s the question of adoption and how long it will take for businesses and consumers to use digital identity programs regularly. As we’ve discussed before, consumer trust ​and availability will remain a considerable component in driving that adoption. What’s more, we’ll likely see regulations follow digital identity efforts as specific initiatives gain steam and popularity. The rules may accelerate adoption or, conversely, increase the investment expense on behalf of financial service firms. For these reasons, financial institutions need to be involved early and voice their concerns often to ensure that regulations serve consumers without adversely affecting the business. In the meantime, businesses should remain aware that digital identity is a fragmented market, which may ultimately settle into an “ecosystem of ecosystems” across programs. It will be critical for enterprises to plan accordingly if they want to become early adopters. Or, at the very least, companies with a more moderate strategy should wait until a leading program emerges before making a significant investment. Digital identities represent a dramatic shift in how consumers navigate their online world and how companies continue to meet their online expectations and needs. Keep these developments on your radar, and you’ll be prepared to make smart digital identity decisions and investments. Related stories: Infographic: Global Identity & Fraud Trends, February 2020 The impact of Covid-19 on Consumers and Businesses, July 2020 The impact of Covid-19 on Consumers and Businesses, Oct 2020

The Covid-19 crisis has been a bit like existing inside a shaken snow globe—it disrupted everything, and a lot remains up in the air. However, amidst the uncertainty of the pandemic, one thing has become evident: Cultivating customer trust is more critical than ever. Trust naturally generates loyalty. This is especially true during and after a crisis. For example, Experian's latest global research from July 2020 shows 52% of customers who felt that businesses treated them fairly during the pandemic plan to give those companies more of their business. That fairness bred trust and that trust will undoubtedly lead to more business. As consumers continue to increase their digital transactions, companies need to work hard to enhance customer trust. Improved identity authentication and recognition, for example, will play a key role. As everything begins to settle, those that succeed will find their business on far more steady ground. Does trust even matter? It's a good question—and the answer may be evolving in real-time. Consider that in 2019, Experian's global identity & fraud study showed that digital adoption did not indicate consumer trust of the business. "Consumers still adopt digital channels despite being highly skeptical of the businesses," the study noted. Social media provides an excellent example. Overall, most consumers distrust many of the popular social media platforms, yet they continue to use them regularly. Interestingly, widespread adoption is linked more to convenience than trust. However, this comes with a real caveat: Customers are less concerned about trust when the product is more frivolous. For instance, not trusting a media outlet or social media platform is very different from not trusting a financial institution. Also, a lack of adoption doesn't always mean that customers don't trust the business. In the financial service and payments realm, low adoption may simply reflect that customers use the platforms less regularly. Now, as consumers increase their reliance on online services, maintaining trust will be paramount. For instance, since Coronavirus began, consumers have increased their use and awareness of mobile wallets by 8%, and their use of retail payment apps by 6%. Balancing the convenience that people have needed with the necessary trust will go a long way towards keeping usage high once the crisis subsides. A virtuous cycle Within any digital experience, several components inform customer trust. You want to ensure accurate customer recognition, as well as transparency with your authentication. Robust fraud protection and positive digital experiences also play essential roles. These form the Cycle of Trust, a virtuous circle that ultimately encourages customers to share more information with your company and pursue more transactions. Our 2019 study reveals the importance of each part of this cycle, and we see it playing out now. For example, 90% of consumers are willing to participate in a more thorough identity verification process early on to have easier account access in the future. The ability to routinely and accurately recognize your customers helps build their trust in your technology and products. Also, 76% of customers have more confidence in companies that use biometrics over passwords to protect their information. That means that you can use advanced authentication strategies to enhance trust even more. Transparency also comes into play. Letting people know how you're using their information and whom you're sharing it with makes them more apt to trust your organization—and continue to share their data. The future of trust This cycle represents the goal. In practice, though, there are still quite a few challenges that prevent organizations from getting that wheel spinning. For instance, many have separated the risk assessment processes of verifying customers at signup, logging in, and transacting, so there's no seamless experience. Instead, customers navigate different solutions to onboard, authenticate their identity, and complete transactions. A company may recognize a customer at one point in the process, but not all the way through. What's more, organizations often still place the onus on the consumer for how they represent themselves in the digital world. Authentication processes require them to remember passwords or retrieve codes from their phone. But as noted, the pandemic has opened an opportunity for dramatic improvement. Consumers are at a rare moment in which they're open to change—and they're even looking for it. For example, since the beginning of the pandemic, 60% of customers say they have higher expectations for online experiences. More than half of customers are also more willing to provide organizations they trust with personal information and financial data. Finally, 44% of customers note that since Covid, they are more trusting of companies that demonstrate security. So how can you increase trust while also meeting evolving customer expectations? Organizations that pave the way will likely assume more responsibility for recognizing and authenticating customers. This starts with becoming more creative in using the data they already have access to recognize and authenticate customers. Extending this passive and continuous recognition across channels will also be necessary. Doing so connects the disparate processes and creates a more seamless digital experience. Such initiatives also remove the identity burden from the customer and kickstart that virtuous cycle. No one anticipated the Covid-19 crisis. But it's opened up the chance to create fairer, more trusting, more transparent digital experiences for everyone—and companies shouldn't pass that up. Related stories: Latest global research: The impact of Covid-19 on consumer behaviors and business strategies Better identifying your customers leads to greater trust Covid-19 as a Gateway to Fraud: Top 5 Global Fraud Trends to Watch Out for in 2020 Podcast: Securing online identity