Sewing Up Holes In Website Security, Without Seams

registration 3960205 1280

Marking the line between good traffic and bad traffic in your online marketplace can feel like navigating a minefield, except some of the mines explode, and others explode… with money.

Of course, the easiest way to determine which customers are likely to be good – they’ll make legitimate purchases and have a positive lifetime value – is to request the pertinent identifying information, perhaps at sign-up or the checkout stage.

This information can be scrutinized to make sure the customer is legit before they’re allowed to interact with the marketplace. That said, more requests for information means a customer journey with more friction, in other words more opportunities to reconsider their purchase, and higher cart abandonment rates.

Revenue teams hate friction. Despise it.

But this kind of friction is, of course, standard practice for basic cybersecurity. Being able to identify a responsible individual who is connected to an online account is the most important stitch in constructing a warm cybersecurity blanket, and this kind of identity information has to be requested.

So how can you sew up all the security holes in your infrastructure without the unsightly, high-friction seams? 

Frictionless, dynamic authentication through software is the answer.

What Is Frictionless Authentication?

To understand what frictionless or nearly-frictionless ID authentication can look like, let’s first look at some forms of high-friction authentication. Some companies, depending on their vertical and their legislative oversight, might conduct authentication checks through:

  • Selfie video liveness checks

  • Multi-factor authentication

  • Application form upload

However, not only do all of these throw up huge mountains of customer friction in your journey, but they are also increasingly easy for fraudsters to work around, with sophisticated phishing scams to work around multi-factor authentication, application fraud, and some enterprising (and desperate) fraudsters are even making some faltering headway into using deepfakes to get around liveness video checks.

By comparison, frictionless authentication can have very light touchpoints. Just a fast request for a name and email address, perhaps a zip code. With these data points from a customer, a risk profile can be developed that gives your website just as much confidence as to the validity of a user as having to submit an entire application form. This process is called data enrichment.

computer 3596169 1280

How Data Enrichment Patches Your Security Holes

Data enrichment is the process of expanding a data point into other pieces of information associated with that data point, and exists in many brands of anti-fraud software.

Top Article:  The Definition of IP Addresses And Why Should You Hide It?

This means that a single email address can be shaken down for other identifying data that helps determine whether or not an account is trustworthy. So, during a normal customer journey, a user simply registering their email can turn up information like:

  • Other online accounts registered with the email address – social media, ecommerce, apps like Spotify or AirBnB

  • The relative age of the email address, with older accounts being more trustworthy

  • The reputation of the email domain – is it Gmail, or something you’ve never heard of?

Similarly, the IP address of a user can also be examined for signs of risk. Conveniently, this is a data point that requires 0 friction to ascertain, yet can yield telltale information like:

  • The location of the user – does it make sense? Is it sanctioned somehow?

  • Is the user connecting via TOR, VPN, proxy or another anonymizing service?

  • Is the IP associated with a datacenter proxy with a poor reputation, or otherwise blacklisted?

Other pieces of data that most customers feel are an acceptable part of a customer journey are things like a name and address, and those points result in a similar smattering of enriched information.

In fact, with those two data points, it is extremely likely that any user approaching your website can be narrowed down to one possible person. 

Each tidbit that is then discovered through those points can be fed through the fraud software’s risk analysis programming, which in turn assigns each signal a risk score.

Some characteristics – a relatively new email address, for example – trigger a relatively low score, but others, like connecting via a TOR client, have a much higher risk score.

When the score becomes too high, that user can simply have their user experience paused while their profile is manually reviewed, or barred outright. Meanwhile, users that stay under the risk threshold will notice little, if any friction along the way – a system of dynamic friction.

This kind of system also allows you to find the true edge of your ROI, without letting it fall off the steep cliffs of fraud. In other words, some users may have tendencies that appear fraudulent in terms of their overall risk score.

Top Article:  How Many Passwords Does The Average Person Have in 2022?

However, there are perfectly valid reasons to, for example, want to connect to a website via a VPN. Some fraud detection solutions might simply stop this user from continuing their journey, but a dynamic solution can just as easily put that journey on hold until the user’s holistic profile can be looked over by a member of the security team.

Inevitably, some of these users will certainly be worth blocking – saving your site from costs associated with whatever their nefarious intentions were – but most will probably be privacy-minded users, whose business you certainly want. 

web development 4202909 1280

Dynamic Websites Use Dynamic Friction

The kind of website that you should want to build is one that can roll with the punches. New payment technology? Of course you accept that. Landing page looking outdated? You modernize and redesign. Fraudsters troubling your bottom line? You employ a fraud detection solution with dynamic friction.

Sure, dynamic friction is still friction, but it is reserved only for those users whose profiles might make you raise your eyebrows in suspicion anyway. Some of them will be bad actors with the intention of mayhem in your domain, and the rest should understand that the price they pay for their online anonymity is a few more moments of authentication. 

The vast majority of your userbase is very likely to be made up of “good” users. An obvious road to return on investment, be it through user traffic or a profitable ecommerce marketplace, is giving these good users the most velvety-smooth UX possible, facilitating their usage and purchases with the fewest friction touchpoints possible. 

Dynamism like this is not only what builds your site’s reputation and the satisfaction of your customers, but also facilitates the payoff for all the work devoted to lead generation, marketing, and sales. Though not every lead can turn into a profit, the least you can do to satisfy your website’s goals is to make sure there are no holes that all your hard work can slip through.

Leave a Reply