Your customers’ expectations for their experiences with your brand are rising rapidly. The conventional way to establish and maintain assurance about their identities can’t keep up. Insight from your fraud department can.
In my last post, I wrote that ‘the conventional practice of issuing and managing user accounts and credentials is becoming optional.’ To appreciate what will take the place of that practice, you have to understand the old, linear model of identity assurance.
The identity proofing or compliance team set the level of assurance necessary to trust a visitor’s identity. This filtered the pool of account holders for the user authentication and fraud detection teams. By the time an account came to the fraud department’s attention, identity proofing was long over.
Under this model, teams working in fraud or authentication could trust the initial identity assigned to the user.
In this linear path through identity assurance, each siloed team was responsible for calibrating its own level of friction for users. The team responsible for building market share might be a little more lenient. The fraud team might comparatively be strict.
Silos threaten security.
Due to stolen, synthetic and rented identities, even the inaugural step of identity assurance is under attack. The dynamic nature of security requires the right level of authentication for the current level of risk at any time during the user session.
If that balance weren’t delicate enough, it must be maintained within the acceptable limits of users’ rising expectations for a smoother experience from the moment they create an account.
Combined, these trends are upending the typical identity assurance process, and making the assumptions I’ve described not only obsolete, but dangerous to the organization.
Fortunately, the fraud department already monitors a trove of signals in real time that can help at account creation, at login, and after login. (What sorts of signals? I’ll describe them in my next post.)
Identity assurance is no longer a sequence, it’s a continuum.
Today’s volatile threat vectors have rendered obsolete the legacy ‘one and done’ approach. You need to be able to continuously assess the level of trust that you can assign to a specific identity, to the riskiness of each step in the current transaction, to the risk signals present in that session, and to the reputation of the device involved.
In this world, fraud professionals can’t make assumptions about the accounts they review. That’s the price for providing a better user experience. But it also presents an opportunity.
It’s now the obligation of IAM and fraud leaders to understand the ongoing process of assigning and validating trust in users’ identities: what's been done, where your risk signals and assurance information come from, and how those signals are applied.
Sound like a lot of work? Well, I did mention ‘opportunity’ a moment ago. Continuous identity assurance allows for dynamic decisioning so that friction is added only when appropriate and minimized when it isn’t.
If you know you can trust a user, then you can lower the barrier for them. If you detect signals indicating increased risk, then you re-authenticate or use stronger authentication methods.
In this new model, insight from fraud feeds into the other parts of the identity-assurance cycle continuously, not retroactively. It requires a whole new set of real-time, on-demand signals. Fortunately, these signals have long been a cornerstone of online fraud detection.
Introducing Gartner’s Trusted Identity Capabilities Model.
If this idea sounds appealing, you may be wondering how to put it into practice. How can you make sense of all the variables in such a sensitive part of your business, and make the right decisions to navigate from the old model (based on assumptions) to the new model (based on continuous assurance).
Glad you asked.
Gartner explored this question through the lens of its Trusted Identity Capabilities Model in its new report, “Take a New Approach to Establishing and Sustaining Trust in Digital Identities.”
This model defines the six complementary criteria for identifying and aligning the capabilities you need to continuously validate a level of confidence in a visitor’s claimed identity. Get your copy of the report for Gartner’s guidance on the transition to continuous identity assurance.
It’s an exciting time to work in fraud detection.
Businesses can’t afford to let their fraud departments continue to operate in the background. They need to leverage the kind of analytics and signals that a modern fraud-detection stack generates in real time.
For more insight into fraud’s rising importance to continuous identity assurance, register for our webinars, where we’ll continue this conversation.