There is little doubt that digitalization is making our lives easier. Instead of going to a shop or to the bank for every purchase or transfer, we tend do it online or on mobile. However, this simplicity has come at a price: We are now more exposed to digital security risks – and often unaware of who we are dealing with in a digital interaction, especially as a customer’s true digital identity may not always be known at first. In this article, we discuss five cybersecurity tips that can help you to re-establish trust online and ensure a safe and secure online identity verification process for your customers.
Are your customer’s cybersecurity threatened by digital marketplaces fostering anonymous digital interactions?
Digital platforms make it much easier to stay anonymous online. That’s great for digital privacy, but not so good for data security.
In the course of rapid digitization, diverse digital business models have emerged. Both the marketplace economy and the shared economy are examples of this phenomenon. The idea behind it is as follows: unused resources, be it one’s own car, home or other everyday items, are offered for temporary use or sold on digital platforms.
Companies offer digital solutions to make the process as smooth and simple as possible. You simply select the desired object, confirm the intended period of use, and transfer the fee or purchase price. Neither a conversation nor a personal meeting are necessary to conclude a deal.
Digital Security: How can we learn to trust strangers online? What role does online identity verification play?
What sounds pleasant at first, may quickly become a challenge. The problem: personal interaction is simply missing.
People no longer get to know their business partners in person, but instead communicate with strangers. Nowadays, profiles on platforms, user accounts on eCommerce sites or posts on social media – serve as proof of a person’s existence.
But should we really trust this information? What applies to communication between private individuals naturally also matters a great deal for companies.
As the owner of an online shop or platform, how do I know that my users or customers are genuine? The telecommunications and financial services sectors already face far-reaching regulatory requirements in this area with regard to compliance. In other sectors, however, legislation is still in its infancy.
But time is of the essence, and a look at the figures shows that these questions are not trivial. According to a report by Javelin Strategy, identity fraud caused damages of around USD 16.9 billion last year alone.
Yet the problems are manifold and go way beyond mere identity theft. It also happens that users order something without even being able or willing to pay for the item. They provide false identities or addresses and deliberately deceive merchants and other service providers about their age or other characteristics. This is where accurate and streamlined online identity verification plays a role.
How do companies ensure they know each customer’s real identity?
Here are five best-practice cybersecurity tips to consider to ensure a secure verification process:
- Avoid simple single sign-on solutions (SSO) and social logins
- Telephone verification is not a solution for secure identity verification
- Don’t turn your employees into gatekeepers
- Rely on government-certified documents to enhance your digital security
- Use technology as an independent supervisory authority
1. Avoid simple single sign-on solutions (SSO)
and social logins
Single sign-on solutions or social logins, where users log in via their social media profile, are popular with many companies, as they not only reduce the complexity of multiple passwords, but also improve the user experience. But these solutions simply are not trustworthy enough.
Even if the provider’s guidelines state that users must use their real identity, the providers in question can only ensure this to a limited extent. Even if some providers now ask for a telephone number in the course of two-factor authentication, there are simple ways to outsmart these systems. Bots that can be used to create fake email addresses en masse, are widely offered on the Internet
2. Telephone verification is not a solution for secure online identity verification
It is not only telephone numbers that are easily forged today. With the latest technology, it is now also possible to fake even entire conversations. Just recently, Google has demonstrated this impressively with “Duplex”. A voice assistant was able to simulate a fairly credible customer conversation – including the typical filler words such as “hmm”. In combination with corresponding databases on users, knowledge-based authentication (KBA) can thus easily be circumvented.
3. Don’t turn your employees into gatekeepers
Now, one could assume that your employees have an understanding of your customer base. But do they recognize fake profiles and fraudsters by their behavior? Well, that may be the case with crude phishing attempts or scam mailings. But to make an error is human. And the phenomenon of social engineering, which exploits human character traits like helpfulness, trust, fear or respect of authority, is becoming increasingly untrustworthy. So when people succeed in convincing others of something in a face-to-face conversation, just imagine how easy it is in the digital world.
4. Rely on government-certified documents to enhance your digital security
Already being a common practice in the financial sector, the use of official documents for identity verification should be urgently introduced in other sectors as well. Today, official ID documents contain a multitude of security features that are difficult to manipulate, making them predestined for professional authentication. Even though it might not be mandatory for your industry: Verifying users via their ID card or other official documents provides you with a high level of security and reliability. Plus: this one additional security measure imposes hardly any additional effort for you and your customers.
Many companies still avoid the use of ID documents because of the prejudice that this is too great of a hurdle for the user. However, modern verification technologies used by PXL Vision can easily read and extract the data and other security features from documents without heavy user activity being necessary. Official documents can be reliably verified for authenticity within seconds, giving you the assurance that the information belongs to a real person and ensure accurate online identity verification.
5. Use technology as an independent supervisory authority to verify online identity
The safety and security of your customer’s online identity can only be guaranteed with the best technological approach. Many things can be forged today, and both software and people can be fooled. But when it comes to how prone something is to errors, technology is vastly superior to humans, especially when these errors can affect how successful you are in performing accurate online identity verification.
Your employees (no matter how well-trained they are), can make mistakes. They get tired, have conscious or unconscious biases, as well as preferences and personal motives. They can be tricked with social engineering techniques, and their sensory organs can be fooled. A machine, on the other hand, is less prone to such weaknesses and can make decisions in a more neutral manner – and it can do so all around the clock.