When Covid-19 hit, most businesses rushed to shift to digital as a matter of survival. Unfortunately, bad actors saw this as an opportunity, and phishing attacks — a tactic for stealing user data — were up 667% in the first month of the pandemic. This trend underscores that the rapid move to digital comes with a massive new responsibility: verifying and protecting customer identity. While the pandemic was a catalyst, the new digital-first world is here to stay, and it's time for businesses to accept this new normal and put the proper systems in place to protect the privacy and security of their users.
Some businesses might balk at this and think they're covered with passwords and security questions, but this is no longer the case. With every new service and transaction conducted online — from employee onboarding to real estate or healthcare transactions — consumers face more risk than ever.
The harsh new reality is that the threats and challenges with online operations are evolving more rapidly than most businesses can keep up with. Here are just some of the challenges businesses need to think about as they move and maintain their operations online:
1. Combating new and evolving fraud techniques
The rate of fraud is accelerating — there's a new victim of identity theft every 2 seconds — and it's only getting more sophisticated with new technologies like deepfakes. Recently, impersonators created a viral video depicting Tom Cruise and mimicked Brad Pitt's voice on the audio-only social network Clubhouse. While these instances may seem innocuous, the potential is worrisome.
Fraud techniques like deepfakes can be used to scam businesses and consumers out of money and gain access to sensitive information such as SSNs or credit card numbers. When these types of attacks happen, it often erodes consumers' trust in services they're using, financially impacting businesses — 36% of the cost of a data breach comes from lost business due to lack of trust.
2. Complying with data privacy regulation
New laws protecting personal information are being passed or have been passed in states including California, Washington, Illinois and Virginia, and data privacy is also receiving attention at the federal level.
As businesses collect data on their employees and customers, they need to take a look at their internal processes — evaluating how data is collected and ensuring their vendors are complying with the most recent regulations — to ensure they remain compliant. Managing this data and Data Subject Access Requests (DSARs) are heavy lifts and put an increased amount of liability on businesses, so it’s crucial to start now.
3. Meeting consumer expectations
Lastly, while navigating these challenges, companies also need to manage the increased demand and expectations of consumers or risk losing business. In order to build loyalty with consumers, businesses need to offer a seamless user experience across both web and mobile while implementing trust and safety when it comes to user data. Consumers want to be able to access telemedicine appointments instantaneously, know the content they're consuming on social media isn't from bots, feel confident that their data is protected and ensure no one can take over their account and transfer their funds out.
How to solve these challenges
While each business has different needs, there are a few steps they can take to combat these challenges.
1. Implement identity verification
Fortunately for most businesses and their customers, identity verification (IDV) systems can help with these challenges. By verifying that customers are who they say they are, many IDV systems today can help companies fight fraud and meet compliance requirements, whether it be KYC, AML, or others.
The challenge lies in finding the right IDV solution. To stay ahead of new threats and fraud techniques, businesses should also look for an adaptable system that leverages multiple signals so they can get a more holistic view of their customers.
On the compliance front, IDV providers should give businesses full control over customer data, allowing them to easily set up automated rules to retain and redact PII so they're able to comply with any regulations they fall under.
Businesses should look for an IDV solution that allows them to customize the verification process specific to their needs no matter the use case, individual or stage in the customer lifecycle. For example, a neobank might allow a recent immigrant to verify their identity a different way if they don't have an SSN, and it might set up extra security measures if someone wants to make a large withdrawal versus just log into their account. With tailored identity verification, businesses can not only maximize conversions but also offer the best user experience.
2. Train employees
The stakes are high for any organization that handles data for customers based in places like California, Virginia and Europe, where regulations are more stringent. One of the best ways to ensure compliance with data privacy regulations is to provide a comprehensive privacy awareness program to employees.
These programs should include best practices for protecting and managing data, guidance around complying with privacy policies and tips on how to recognize scams and report security incidents. Additionally, companies should limit who has access to sensitive data, using the principle of least privilege to ensure data is only accessible to those who need it.
3. Vet vendors
When it comes to storing data, risk comes not only from your own company's practices but also from the vendors you use. Businesses need to properly vet vendors, making sure they have a dedicated security team and a proactive security roadmap with regular penetration tests. Additionally, they need to ensure the vendor is willing and able to share information regarding past security incidents and on an ongoing basis.
While the acceleration into a digital-first economy can be challenging for many businesses, it also unlocks many new opportunities for customer growth. By investing in identity verification, employee training and vendor vetting, businesses will not only reduce fraud and compliance risk but also attract and retain more customers.
This article was originally published on Forbes.