By Sundeep Tengur, Senior Business Solutions Manager, SAS

Goodwill is all around us during the Christmas season, but eager Christmas shoppers must stay wary to avoid falling prey to a Grinch. Suspect links and less-than-honest vendors are finding their way to millions of online shoppers, and disappearing with their money.

It’s the most wonderful time of the year for those who are out to commit identity theft. Up to 8% of Christmas shoppers have been hit by identity fraud, and 43% have had their identities stolen while shopping online.

Each year, companies lose an estimated 5% of their revenue to fraud, much of this being stolen during the lucrative Christmas season. Nonetheless, all businesses have the ability to keep themselves and their customers safe. To succeed, they need a plan to predict threats and monitor cybercrime trends. Crucially, this plan must be underpinned by the best in fraud-beating technology.

Authenticating identities with data-driven tech is the key to stopping fraudsters in their tracks, before they have the chance to put a dampener on the season for businesses and customers alike. Analytics really can save Christmas!

1. Understand the behavior of genuine customers

As e-commerce has grown in size and importance, organizations are waking up to the fact that the digital identities customers use to shop online are highly malleable and open to abuse.

The problem is that crucial authentication decisions are too often made based on incomplete insight. This is because many organizations only collect and analyse some of the data that’s on offer.

If you don’t consider every possibility you’re only leaving blind spots to be exploited by fraudsters. For example, an authentication system may approve a large transaction by a cybercriminal impersonating a customer simply because they’re using the customer’s stolen device.

Yet, if the system had checked the device’s location and the customer’s behavior the hacker would likely have been exposed.

The main data points to consider are:

• Background information: The organization’s previous interactions with and knowledge of the customer based on an existing profile.
• Channel information: The channel or device the entity is using.
• User behaviour: The behaviour of the identity while they’re using your services.
• Public record: Publicly available information on the customer.
• Network analysis: Wider data from analysis of the market and threat landscape.

Organisations don’t have to implement every data type into their verification process. Yet, every new segment they do adopt vastly increases their chances of detecting and stopping fraud in progress.

2. Find the balance of a secure and seamless system

Authentication systems must be secure, but they also have to be quick. Customers won’t wait around if you spend more than 10 seconds weighing up their credentials. The process has to be seamless and instantaneous.

Yet, the industry’s approach to authentication has sadly become segmented. There are thousands of point of sale solutions that cover only one part of the verification process. They are rarely joined up and only waste customer’s time and patience.

To turn insight into fast authentication decisions, organisations should consider an end-to-end solution.

When a customer tries to sign in or access a service, an orchestration platform should be set up to collect all the desired data points before sending them to a decision engine. The engine can then analyse the data and evaluate if the entity is the customer they claim to be.

When the process for verification is joined-up and data-driven, passive authentication becomes a reality. The customer enjoys a real-time, seamless experience – no password required – while the decision engine rapidly confirms their identity in the background. This is security and customer satisfaction all in one.

3. Keep on top of trends in cybercrime

Cybercrime is fundamentally adversarial. A lone wolf or criminal outfit will probe every weakness in your verification system and will stop at nothing to breach your defences.

What’s more, these hackers are constantly innovating and adopting new technologies to stay ahead of security measures. Even popular, tried and tested measures like two-factor authentication have already been compromised.

You need to cover all your bases and ensure they have no place to hide, but that means constantly stress-testing and developing your security infrastructure. Crime doesn’t rest, so neither can you.