Author: Mark Gavigan

The Sneaker Bot Dilemma: Driving Sales Without Churning Users

A successful hype sale mustn’t harm the user experience

Mark Gavigan
August 30, 2022

A successful hype sale mustn’t harm the user experience

The aptly named “hype sale” is all the rage in today’s online landscape. The successor to the brick-and-mortar doorbuster, hype sales drive massive traffic and sell out exclusive physical and digital goods in record time.

NFTs. Concert tickets. Collectible cards. Companies can hype up practically anything. Sneakers—yes, that includes Crocs—move the needle like no other.

However, what’s moving that needle is where the problem lies. Footwear hype sales attract millions of bots, mostly scalper bots, that easily beat out the sneakerheads waiting torturously in the online queue. 

Ostensibly, e-commerce companies should be pleased. After all, isn’t the point to sell inventory? But, lost in the drummed-up excitement and revenue spike, is bots’ impact on the user experience (UX). In a bot-eat-bot world, can hype sales drive maximum profits without disappointing sneaker fans?

Bots are here to stay (and wreak havoc)

Between March 3, 2020 and January 2, 2021, scalper bots were responsible for almost 50% of shopping cart requests. The ubiquity of these bots can be tied to their accessibility: finding them is a cinch, and deployment doesn’t require black-hatter expertise.

Sneaker bots dance circles around their human counterparts.

Scalpers have a smorgasbord of bots at their disposal. Scalpers looking to flip sneakers for profit use “All In One” bots (AIO), such as Stellara or Dragon AIO. After procuring an AIO bot on either the dark web or Discord, sometimes for as much as $50K, scalpers can then buy sneakers from more than one website—faster and more intelligently than any single human could.

Scalpers covet bots, including the AIO variety, as much as the exclusive items themselves. Demand is so high, in fact, that sometimes they use a bot to buy a bot, and bots are flipped for thousands of dollars just like the products they help purchase. With the multibillion-dollar reseller market continuing to thrive—thanks in part to the pandemic’s influx of remote entrepreneurialism—the message is clear: bots are here to stay (and infuriate legitimate sneaker buyers).

Hype sale mayhem

If a glamorous new sneaker is up for grabs, bots are guaranteed to show up and wipe out the inventory. This can be brutal on an e-tailer’s server and web resources. Sophisticated bots can even grab sneakers from inventory management systems before they’re available for purchase.

It goes without saying that bot detection and mitigation is crucial. Aside from protecting the hopes and dreams of legitimate sneaker collectors, too many bots could crash a website or app altogether. But an all-out assault on bots isn’t the move: some bots are actually genuine customers trying to outmaneuver the bad bots.

Shoes like the Yeezy 750 Boosts, pictured above, sell out in minutes (if that).

Installing a bot mitigation solution, to separate the good bots from the bad, is a start. Yet, it still doesn’t do much to assuage those real customers who don’t have the luxury of a bot—those bot-less sneaker aficionados who lose out and then watch bot-assisted purchasers gloat on social media afterwards.

These customers are likely to churn, and they could drag a brand’s reputation through the dirt on their way out. If a company’s plan is to alleviate its bot problem—without damaging its brand image and UX—it might be time to focus on the humans.

Banking on trust

Maximizing hype sale profits while appeasing bot-less customers is, admittedly, a tough nut to crack. A blanket approach to neutralizing bots will also affect the good bots, and nets a less spectacular financial outcome. Meanwhile, a lax strategy that lets too many bots in might severely compromise UX and cause reputational harm.

We don’t have a silver-bullet solution to this problem (no one does), but we have an idea: focus on trust, not risk.

Assuming an e-tailer has a bot mitigation platform in place, it behooves the merchant to then verify the users in the waiting room and ensure the legitimate human customers are granted preferential treatment. This means moving them up the queue, ahead of bots, and drastically improving their chances of achieving sneakerhead nirvana.

This, of course, requires a stockpile of real-time identity intelligence that uses trust signals—geography, device ID, etc.—to seamlessly authenticate customers. Big shoes to fill. But Deduce is up for it.

Our Identity Network, the largest real-time identity graph for fraud in the US, spans more than 500 million unique user profiles and over 1.4 billion daily activities from 150,000+ websites and apps. If trust is indeed the key to balancing hype sale success with a seamless UX, there’s no better compliment to a bot mitigation solution.

Want to learn more about how Deduce prioritizes trust to facilitate the user experience? Contact us today.

Related Content

Identity Fraud is Up 109%. Can You Protect Users Without Adding Friction?

Good news: Increased security and a seamless UX aren’t mutually exclusive

Mark Gavigan
August 19, 2022

Good news: Increased security and a seamless UX aren’t mutually exclusive

A recent payment intelligence report from Fraugster unearthed plenty of unsettling stats from the past year: online fraud accounted for about $80 billion in losses; false positives negated $14 billion worth of legitimate transactions; and gaming fraud increased by an all-time high of 32%.

However, the most sobering takeaway from the report might be the ongoing surge of identity fraud and its various forms. A nefarious hydra of account takeover (ATO), credential stuffing, and synthetic identity fraud—which saw a 109% increase—is outwitting cybersecurity defenses left and right.

This is a head-scratcher for B2C companies, specifically CXOs, CMOs, CISOs and their security teams. Users are more wary of fraud than ever, yet 85 percent of them dislike companies with identity verification issues. How do you bolster fraud prevention efforts without compromising the user experience (UX)?

Rest assured, we are doom-slayers, not doomsayers. Below, we’ll dive a bit deeper into ATO, credential stuffing, and synthetic identity fraud, then show you how top-notch fraud prevention and seamless UX can indeed play on the same team.

Synthetic identity fraud (+109%)

Considering synthetic identity fraud is firmly on the Federal Reserve’s radar, its 109% YoY increase makes sense. Only two years ago, in 2020, synthetic identity fraud cost financial institutions $20 billion.

Synthetic identity fraud occurs when bad actors combine legitimate emails, phone numbers, and other personal info from disparate identities to create a bogus “Frankenstein identity” capable of circumventing customer verification. Parents of newborns with recently minted social security numbers should be extra vigilant because those fresh SSNs are a gold mine for fraudsters. 

The most frustrating aspect of synthetic identity fraud is its elusiveness: identifying the Dr. Frankenstein behind a Frankenstein identity is incredibly difficult. Synthetic fraudsters are also more patient, often taking out smaller loans and paying bills on time to remain incognito.

Account takeover (+52%)

Account takeover, when fraudsters use stolen customer credentials to hijack an account and purchase goods, jumped 52% from last year. This is due in part to an uptick in card-not-present (CNP) transactions, e.g., transactions made online or over the phone that don’t make use of the EMV chip present in debit and credit cards.

Once an account is taken over, the possibilities are endlessly disastrous. In 2021, the three most likely post-ATO activities were making fraudulent purchases; extracting money from person-to-person apps, such as PayPal or Venmo; and editing account info in case a future transaction prompted a verification request. Another unhappy result of ATO, loyalty point theft, is on the rise, mainly due to the downturn in travel and leisure during COVID-19. 

It goes without saying that account takeover victims—and customer support teams—don’t look back on the experience with glee. According to Javelin Research, ATO attacks can cost customers more than $290. Customers also spend 15+ hours undoing the wreckage.

Credential stuffing (+45%)

Credential stuffing, an identity fraud tactic that’s essentially a malicious game of trial-and-error, grew 45% from the previous year. With the final quarter of 2022 closing in fast, B2C businesses and their users must be on guard as credential stuffing attacks rise 10x amid the holiday shopping fracas.

Similar to account takeover and synthetic identity fraud, the credentials that aid these attacks often derive from security breaches. Leaked usernames, passwords, social security numbers and the like get peddled on the dark web for as much as $15K and as little as a few dollars. Per IBM, around 30,000 account credentials were sold on the dark web in 2021—in some cases, sellers even offer 1-2 week refunds if buyers can’t access the promised account.

Have your cake, eat your cake

For those keeping score at home, synthetic identity fraud, account takeover, and credential stuffing attacks: not fun. But they aren’t invulnerable either, and, even better, you can wipe them out while still maintaining a frictionless UX.

The trick to stopping this troika of identity fraud is neutralizing the perps before they can strike. This, of course, requires a hefty chunk of real-time identity intelligence, which in turn unlocks a Trusted User Experience—the perfect balance of airtight security and a seamless customer journey. The Trusted User Experience also encompasses continuous authentication. Akin to shopping on Amazon, continuously verified users aren’t bombarded with authentication challenges that lead to abandoned shopping carts and potentially churn. If a user’s identity operates within its usual parameters, they won’t need to log in upon revisiting a site or app.

On the security side, real-time identity intelligence preempts identity fraudsters who have access to behemoth data sets. The average fraud prevention solution—tools that depend on static, historical data alone (names, emails, physical addresses, SSNs)—can’t compete with these bad actors, as most of this data is already up for grabs on the dark web. If businesses want to protect their finances and reputations, a massive stockpile of real-time, dynamic data (user activity, IP address, device, geography, etc.) and the resulting risk and trust signals is the way.

Thanks to the Deduce Identity Network and its MAMAA-like hoard of dynamic, real-time identity intelligence, creating a secure yet seamless UX is easier done than said.

Our Identity Network is the largest real-time identity graph for fraud in the US. It gathers more than 500 million unique user profiles and over 1.4 billion daily activities from 150,000+ websites and apps. This data continues to grow by the minute, delivering a Trusted User Experience that preemptively recognizes legitimate users and bad actors in equal measure.

Want to have your Trusted User Experience cake and eat it, too? Contact us today and get started in just a few hours.

Related Content

What Every CXO Needs: More Identity Intelligence

How to balance the teeter-totter of security and personalization

Mark Gavigan
August 15, 2022

How to balance the teeter-totter of security and personalization

In 2020, Gartner found that almost 90% of businesses had a Chief Experience Officer (CXO) or equivalent role—roughly a 25% jump from 2017. Translation: a safe, seamless, and personalized user experience (UX) is no longer a nice-to-have.

Creating a user experience that checks all of those boxes is easier said than done. Siloed working environments, which hamstring collaboration between CXOs, CMOs—who sometimes manage CX initiatives—and security teams, don’t help. But a lack of identity intelligence is the foremost obstacle standing between CXOs and UX utopia.

What is identity intelligence? How do you obtain it and put it to use? You’ll find answers to these questions below, as well as examples of how identity intelligence boosts personalization and cybersecurity efforts.

Identity intelligence: the panacea

Unlike behavioral biometrics, which measure a user’s physical and cognitive traits for verification, identity intelligence relies on massive datasets, derived from scaled-out networks, that comprise insights on how legitimate users interact online.

Identity intelligence, when it’s done right (i.e., in real-time), is the most formidable defense against the growing threat of synthetic identity fraud. Synthetic “Frankenstein identities” composed of stolen emails, social security numbers, and other personal info don’t stand a chance against the preemptive nature of identity intelligence and its litany of comprehensive behavioral activity.

Powered by machine learning, real-time identity intelligence grows smarter with each interaction and spots fishy accounts before they can inflict harm. Understanding trusted user identities by tracking normal online behavior over time—versus identities that act in a fraudulent manner—is a crucial tool for security teams and subsequently CXOs looking to unlock a Trusted User Experience.

Trust is a must

Airtight security is foundational to any delightful user experience. B2C companies are more wary of fraud than ever before. Consumers, in lieu of identity fraud growing 109% last year, are equally fearful of fraudsters and desire a UX that doesn’t skimp on security. But convenience is coveted, too, and a Trusted User Experience—what every CXO should aspire to—is the ticket to a customer journey that is both secure and frictionless.

The Trusted User Experience facilitates both the account creation and returning customer journeys. Account creation often requires the customer to verify their email address or phone number by receiving an email to click on or a text message containing a one-time passcode (OTP). This is textbook friction. Trusted users, verified by an identity network and behavioral intelligence, can skip this step and head straight to their targeted content. 

Balancing security and convenience is also made easier through continuous authentication, which signifies a massive step towards a secure, passwordless future. 

Continuous authentication staves off authentication challenges that hinder UX (and revenue). According to the FIDO Alliance, 60% of online shopping sessions are abandoned by existing customers due to authentication challenges, which also run the risk of churn and reputational damage downstream. Once a trusted customer is authenticated, they can be issued a logged-in session extension that is continuously monitored as they traverse the online universe. Assuming their identity continues to operate normally, they’ll remain logged in when they return to the site or app issuing a session extension. Remember the last time you had to log in to Amazon? Probably not. That’s continuous authentication at work.

Verifying users instantaneously by keying in on the person and their device, and repeatedly authenticating them throughout a session, are hallmarks of real-time identity intelligence. The personalization piece of identity intelligence also plays a key role in facilitating UX.

Taking it personally

Modern users want to be safe online. They also want to be pampered and treated like they use your app every day, even if it’s their first time. In short, they want to be treated as individuals—not as a collective of consumers. 

Identity intelligence activates this level of personalization. Real-time trust signals such as geolocation, combined with a user’s behavioral intelligence, enable CXOs and other CX stakeholders to deliver a highly tailored experience that’s relevant to customers and ultimately more profitable for businesses.

Data privacy, of course, factors into the personalization discussion, so tapping into real-time identity intelligence from privacy-compliant networks is also important. However, a recent Experian report suggests the rise of a more forthcoming user: 57% of consumers are open to sharing data in service of stronger security, and 63% believe data sharing is worthwhile (up from 51% last year).

How to supercharge UX with identity intelligence

Have a hankering for Trusted User Experiences? Creating a seamless, secure, and personalized UX is easier than you might think.

The first step is to make sure you have a Customer Identity Access Management (CIAM) platform in place, such as Auth0, Okta, ForgeRock, PingIdentity, Strivacity, etc. A CIAM platform is where trust and risk decisions are made at the point of user authentication. The risk engine and orchestration aspects of a CIAM are what act on identity intelligence, and many of these platforms feature marketplaces with no-code implementation for partner solutions that expedite setup.

Even the leading CIAMs require a healthy diet of Grade-A, real-time identity intelligence to authenticate effectively. That’s where Deduce comes in.

The Deduce Identity Network, the largest real-time identity graph for fraud in the US, is a legitimate user’s best friend and a fraudster’s worst enemy. Powered by more than 500 million unique user profiles and over 1.4 billion daily activities gathered from 150,000+ websites and apps, Deduce’s identity intelligence solution recognizes trusted users accurately and preemptively. Deploy Deduce independently or stack it right on top of your existing anti-fraud infrastructure, seamlessly integrated into leading CIAM platforms, and launch a Trusted User Experience in just a few hours.

Want to see what Deduce’s real-time identity intelligence can do for your customer experience? Contact us today.

Related Content

Want to Stop Fraud & Improve UX? Bots are Only Half the Problem.

Humans can be pretty bad, too

Mark Gavigan
August 7, 2022

Humans can be pretty bad, too

It’s a bot-eat-bot world out there. 77% of cybersecurity incidents are bot-based, and bot management companies, such as Human Technologies and PerimeterX, are merging to outgun malicious robo-fraudsters.

This begs a crucial question: What about humans? Don’t get us wrong—we’re all for short-circuiting those bad bots—but there are still those pesky bad actors you have to worry about, too. (Those bots don’t create themselves, you know.)

Below, we look closer at the bot craze in the current fraud landscape, the downside of solely doubling down on bots, and why differentiating between legitimate and illegitimate humans is just as important.

Bot-y slammed

Human Technologies and PerimeterX joining forces, as well as Thoma Bravo’s acquisition of Ping Identity, underlies a consolidation trend that’s emerged over the past few months. Irrespective of industry, some of these mergers are due to plummeting valuations; but, in the case of cybersecurity companies—who enjoyed a record year of funding in 2021—many are partnering because the growing threat of data breaches, exacerbated by the normalization of remote work, is simply too much to handle.

Like Human and PerimeterX, we may see other bot vendors merge before year’s end. It’s understandable given how sophisticated bots have become in a short amount of time. They’ve grown to be disturbingly human-like, adaptable, and subsequently much more difficult to spot, swiping personally identifiable information (PII) off websites, engaging in click fraud to boost ad revenue, and otherwise profiting from other shady tactics.

Bots are scary, indeed. So are their seedy human counterparts. Companies enlisting a fraud prevention solution need to understand that stopping bots is only half the battle; neutralizing living, breathing fraudsters—without hindering the user experience (UX)—is the final piece.

Identity intelligence, anyone?

So, you’re on board with putting the clamps on bad bots AND bad humans? Awesome. The next step is to ensure your fraud prevention solution of choice is leveraging the right kind of data, i.e., identity intelligence.

Most anti-fraud tools rely on behavioral biometrics. While it’s effective against bots, it can also cause serious UX issues in the form of false positives. Behavioral biometrics—which monitors behavior such as keystrokes, mouse movement, finger tapping, etc.—will easily trigger a multi-factor authentication (MFA) request if a user deviates from their typical pattern. A drunk or sick user may type or speak unusually (gait analysis); a user with different keyboards at work and at home might be flagged incorrectly (keystroke analysis).

Another flaw of behavioral biometrics is that stockpiling enough personal data to successfully analyze a user’s behavior takes time. A solution centered around identity intelligence, on the other hand, has all of the data it needs in real-time.

It’s time for real-time

If companies want to stop bots and humans alike, real-time identity intelligence is the ticket. Deduce packs more of this data than any other solution, making it a thoroughly accurate standalone or complementary defense system that won’t muck up UX.

Deduce is home to the largest real-time identity graph for online fraud in the US. Its Identity Network leverages more than 500 million unique user profiles and over 1.4 billion daily activities to recognize legitimate users and prevent account takeover—including synthetic identity fraud.

Want to see how Deduce can spot bad bots and humans and help create a Trusted User Experience? Contact us today.

Related Content

Deduce Brings Continuous Authentication to the Masses

Continuous authentication is no longer exclusive to big tech

Mark Gavigan
July 22, 2022

Continuous authentication is no longer exclusive to big tech

Amazon’s Prime Day was last week, the annual free-for-all in which Prime subscribers jostle for exclusive deals. Amazon’s hefty stockpile of data (and identity intelligence) enables shoppers to jump on and off the site or app without having to reauthenticate, boosting their chances of snagging their favorite moisturizer or air fryer.

Thankfully, for companies not in the FAANG Gang, Deduce’s real-time identity intelligence provides the same convenience. This “continuous authentication” feature, which keeps trusted users logged in for 30 days (or longer—this is SecOps configurable), can now create a frictionless customer journey for all B2C companies, even if their CEO doesn’t moonlight as an astronaut. Implementation is just as seamless—without sacrificing security.

Here is why continuous authentication, and frictionless real-time digital identity verification, are central to the consumer journey, what this looks like in action, and how Deduce makes it happen.

It all starts with identity

All consumer journeys start with identity. Verifying users instantly without having them enter their username and password upon each visit goes a long way in facilitating these journeys.

Per a FIDO Alliance report, more than 67% of online shopping carts are abandoned by existing customers due to false positive challenges. Today’s customer is busy, impatient, and short on attention span. They aren’t too thrilled about logging back in for checkout or using a valid credit card and seeing the transaction wrongly declined. Companies feel the hurt of false positives, too. Every triggered multi-factor authentication (MFA) represents a costly trifacta for businesses: lost revenue, reputational damage, and churn, which potentially impacts lifetime customer value.

Delivering a smooth user experience hinges on correctly identifying legitimate customers, instantaneously. Implementing continuous authentication throughout a user’s session keeps them engaged and decreases the likelihood of cart abandonment and/or churn.

The nitty-gritty

So, how does continuous authentication actually work?

We’ve all seen the “Remember Me” box underneath login forms. Depending on the app, ticking this box activates one of two implementations: users only need to enter their password moving forward; or, most conveniently, they’ll bypass login entirely for a period of time.

Some of the trust and risk signals Deduce uses to verify identities.

Continuous authentication, including passwordless login, gives security teams the chills, but Deduce’s behavioral intelligence and real-time risk and trust signals make sure that only legitimate customers, not bad actors, are granted this privilege. After an identity is verified via risk and trust signals across network, device, geography, and activity, a customer can be issued a session extension cookie. Essentially a security token, this extension tells the authentication solution that a user is trustworthy and can be fast-tracked to check-out.

The best part about Deduce’s continuous authentication is that a user’s identity is secure even when they are not using a company’s website. If a user’s credentials are compromised on another site or app within the Deduce Identity Network, their session extension is revoked and they must reauthenticate upon return. Conversely, if the user has authenticated elsewhere on the Deduce Identity Network, that authentication is applied to their identity in real-time and they won’t need to authenticate again on other sites.

Without the required amount of data, however—on par with the likes of Amazon and Google and Apple—continuous authentication and 30+ day session extensions aren’t possible. Unless…

Not your average data stack

Don’t let data limitations get in the way of your continuously authenticated dreams. Deduce’s augmentative solution, fueled by the largest identity graph in the US, layers on top of a company’s existing data stack and effectively levels the playing field.

The Deduce Identity Network packs the identity intelligence needed to pull off continuous authentication and prevent false positive MFA challenges while neutralizing fraudsters, regardless of a company’s size. This network comprises 500M+ unique identity profiles that generate more than 1.4B daily interactions, meaning that Deduce sees the majority of the U.S. population transact in real-time, multiple times per week. As risk data evolves, our identity-backed, machine learning-driven, real-time behavioral intelligence adjusts accordingly.

Legacy identity fraud prevention solutions dependent on static data (name, address, mother’s maiden name, etc.) are no match for today’s fraudsters, and certainly can’t be trusted to power extended login sessions. Static data is more likely to have been compromised by major data breaches and trafficked to cybercriminals on the dark web. Legacy solutions also install their software on websites and apps using JavaScript, far less efficient than Deduce’s no-code integration that integrates within seconds.

With Deduce’s real-time digital identity verification, users bypass manual login for extended periods and enjoy an equally swift account creation process. Businesses and their UX teams, meanwhile, can create a frictionless consumer journey that doesn’t skimp on security, a Trusted User Experience that keeps customers coming back for more.

Related Content

Let’s Get Physical (and Digital): The Path to Speedy ID Verification

The days of sluggish ID verification are over

Mark Gavigan
July 15, 2022

The days of sluggish ID verification are over

Deduce recently completed a comprehensive evaluation for a leading identity verification (IDV) platform. The deep-dive proved what we already knew to be true: uniting digital and physical identities is one of the fastest and most accurate ways of verifying the identity of new customers during the account creation workflow.

Digital and physical familiarity with a user is especially crucial in regulated industries, such as banking. Big banks call upon IDV vendors to verify legitimate users and catch bad actors, but these solutions don’t always have the real-time digital identity intelligence necessary to detect fraud at scale, or the data they rely on during the verification steps may be out of date and lead to false positive declines or costly manual reviews.

Here is a closer look at how Deduce is powering the future of digital identity verification.

It all starts with visibility

The unification of digital and physical identity, or a user’s online footprint and physical location, isn’t possible without a hefty chunk of consumer web data. Deduce’s identity graph, the largest in the US, has this data in droves: 500 million unique identity profiles and 1.4 billion daily online activities sourced from more than 150K websites and apps.

In short, Deduce sees most of the US transactional population multiple times per week. For this particular data study, many of the 69K identity profiles provided had appeared on Deduce’s Identity Network hundreds of times before (shopping, gaming, banking, etc.). Further, more than 80% of the applicants’ emails showed up on Deduce’s network, and nearly 8 out of 10 seen emails were linked to a familiar geography, IP, or network.

Matching a customer’s profile with their observed consumer behavior on Deduce’s network—in real time—gives IDVs, as well as fraud platforms, a significant edge. Coupling this with accurate, and much faster, network and geography verification is the coup de grâce for fraudsters committing identity theft or synthetic identity fraud.

The dynamic duo: digital & physical identity

The combo of digital and physical familiarity, plus Deduce’s real-time behavioral analysis, neutralizes the threat of identity fraud. Crucially, it also protects legitimate customers from the drudgery of manual review. Imagine applying for a bank account or time-sensitive loan that you need approved in hours, even minutes, and not hearing back for days.

In the case of a bank account application, for example, an applicant’s first and last name is typically cross-referenced with their current address. However, if they recently moved, this would likely result in a false positive for identity fraud—and a subsequent manual review—as many consumer databases take weeks to update. Deduce mitigates such an error by checking the applicant’s email against trust signals such as IP and device ID to confirm a user’s location, returning another trust signal known as “Familiar Geo.”

This is great news for any regulated industry, where regulatory compliance requires them to Know Your Customer (KYC). Dodging manual reviews cuts labor costs (~$100 per review), shortens time to approval, and stops customers from jumping ship.

The IDV evolution is here

Digital and physical familiarity coupled with malicious activity detection is a sure-fire path to customer delight and fraudster chagrin. With Deduce’s trust and risk signals, IDVs and fraud platforms can sniff out email chicanery and identity fraud while facilitating the customer journey and curtailing chargeback risk. Even customers with little to no credit history, or thin file applicants, such as students, can be more accurately identified.

For regulated industries in particular, knowing where a customer is goes a long way in determining who a customer is. Deduce’s robust layer of trust has all of the information IDVs need—well before the verification process takes place.

Want to see how Deduce can expedite your identity verification? Contact us today and get up and running in no time.

Related Content

Building Consumer Trust: 3 Trends On the Rise

Experian report shows users are more aware—and wary—of fraud

Mark Gavigan
July 7, 2022

Experian report shows users are more aware—and wary—of fraud

Experian’s annual Global Identity and Fraud Report highlights the emergence of a new digital user persona. This savvy online consumer appreciates a seamless customer experience (CX), but, above all else, prioritizes their safety. 

The report contains plenty of interesting tidbits related to business and consumer sentiment around fraud. The data begs an important question: can frictionless CX and Grade-A security play on the same team, or are they mutually exclusive?

Below you’ll find the answer to that question, plus some additional findings that caught our eye.

Fraud concern is through the roof

Businesses across the board have never been more worried about fraud. 70% of the companies surveyed in Experian’s report named fraud as their number-one concern—an all-time high. Notably, retail banking ranked as the least trustworthy vertical in regards to fraud risk, with credit card issuers not far behind.

The complexity and ubiquity of fraudsters is an obvious stressor for companies. However, with consumer fraud losses reaching $5.8 billion in 2021—up 70%—execs also know that today’s user is hip to the increase in fraud risk. Globally, over 50% of users have experienced fraud or know a victim personally. Consumers’ chief security concern is identity theft, which usurped credit card theft.

Earning trust from safety-first users is paramount. Otherwise companies will quickly feel a churning sensation.

Users aren’t cutting down on screen time

Consumers are more fraud-averse than ever before, but they aren’t spending less time or money online. Quite the opposite.

Experian’s data shows that online purchases have ticked up in recent months, including a boost in users from older age groups such as 40-54 (48%) and 55-64 (32%). Half of those surveyed plan to ratchet up their online spending over the next three months.

Active as they are, many respondents value security and privacy over the ease of a personalized online experience. This is especially true of those in the Baby Boomer (95%) and Gen X demographics (85%). Still, consumers express a desire to be repeatedly authenticated during an online session, though only one-third of them believe businesses are up to the task.

It behooves companies, then, to bolster their security defenses, while delivering a seamless customer journey.

Balancing security & convenience

A smooth, anxiety-free customer journey is built on trust. Given consumers’ growing online activity and security concerns, apps that protect them—without muddying up the customer experience—will be at the top of their list.

It’s a delicate balance, one that requires myriad data to effectively neutralize synthetic fraud, credential stuffing attacks, and all of the other tactics deployed by bad actors. Consumers, too, seem to know what it takes: 57% of them are open to sharing data in service of stronger security, and 63% believe data sharing is worthwhile (up from 51% last year). 

These are encouraging stats, but enlisting a fraud prevention solution that has its own stockpile of identity intelligence on tap is a much easier route.

Deduce proves that airtight cybersecurity without friction isn’t fiction, thanks to our Identity Network that pulls from over 500 million anonymized user profiles, 150,000+ websites and apps, and more than 1.4 billion daily activities. In fact, Deduce sees the majority of the transactional US population multiple times per week. Deduce’s real-time identity intelligence preempts fraud before it happens and ensures users aren’t wrongly identified as bad actors. This dramatically reduces false positives during account creation and expedites authentication for returning customers—both common sources of churn.

We love that more consumers are invested in their online security. With the Deduce Identity Network behind them, B2C companies can treat users to the safe and frictionless experience they deserve.

Want to provide your customers with a seamless and secure online experience? Try Deduce for free today.

Related Content

The Top Priority for B2C CMOs Has Changed. Security Plays a Major Role.

New Gartner report rethinks the marketer’s to-do list

Mark Gavigan
June 23, 2022

New Gartner report rethinks the marketer’s to-do list

According to a recent Gartner report, CMOs have a new priority at the top of their to-do lists—and it isn’t to order more custom flash drives and beer koozies.

The State of Marketing Budget and Strategy 2022, Gartner’s annual survey of enterprise CMOs, indicates that marketing brass are shifting most of their attention to “Customer Acquisition, Retention and Engagement.” As users grow more impatient and wary of fraud, meeting all three of these needs requires an airtight, yet seamless approach to security. It also requires a combined effort from marketing and security teams.

Though still below pre-COVID-19 levels, marketing budgets are, on average, 9.5% higher than last year. Here is why spending on the right security solution is central to attracting, engaging, and keeping users around.

In the beginning…

All customer journeys start with identity, and optimizing the customer experience (CX) starts with account creation.

This means taking a good, hard look at outdated account signup measures such as email verification. At Deduce, we’ve talked to companies signing up millions of new users every month that have churned 10 percent of these accounts because of email verification issues. Further damage awaits downstream, negatively impacting lifetime customer value and brand reputation.

To neutralize fraud—including synthetic fraud—while maintaining an easy-breezy signup process, deploy an antifraud solution that provides real-time trust signals at the account creation stage. For regulated industries, these trust signals can also reduce the cost of customer onboarding.

A churning sensation

Remember those trust signals from two sentences ago? They not only fastrack signup, but alleviate another major customer pain point: false positives.

Once customers are acquired and have created their account, getting blindsided by a false positive upon logging in will often trigger a DEFCON-1 churn reaction. Security solutions bereft of real-time identity data that rely exclusively on behavioral biometrics and device fingerprinting will generate more false positives and smack users with a multi-factor authentication (MFA) alert.

Many users don’t think MFA is worth the increased security. They don’t have time for clicking CAPTCHA squares of traffic lights or authenticating via one-time passcode. And, thanks to SIM swapping, SMS codes aren’t 100-percent secure, let alone user-friendly, anyway.

A delicate balance

If CMOs wish to treat users to a Ritz-Carlton-esque app experience, they’ll need a security solution that’s rock-solid yet frictionless.

Fortunately, Deduce lies at the intersection of CX and security. With a real-time identity network comprising 500 million anonymized user profiles, 150,000+ websites and apps, and over 1.4 billion daily activities, Deduce uses real-time identity intelligence to ensure a user is legit during account creation and beyond, greatly decreasing the likelihood of a false positive MFA trigger. Spoof-proof trust signals—geolocation, new device, time of day, etc.—promise a smooth verification process throughout the customer journey.

The trusted user experience needn’t be a slog. Safe can also mean seamless, and vice versa.

Looking for a CX-traordinary security solution? Try Deduce for free today.

Related Content

Turning the Tables on Restaurant Reservation Fraud

How reservation apps can put fraudsters in a to-go box

Mark Gavigan
May 15, 2022

How reservation apps can put fraudsters in a to-go box

A restaurant reservation can make or break someone’s evening, even someone’s week if they identify as a “foodie.” Fraudsters, of course, are well aware and have found a way to juke reservation apps and naive consumers who mistakenly believe they’re in for the Michelin Star treatment at that hard-to-get-into restaurant.

Sit-down eateries have long been fertile ground for fraud (dine-and-dashing, running the card twice in the back, hacking users through malicious QR codes), but restaurant reservation fraud—akin to ticket scalping—uniquely impacts reservation platforms, restaurants, and their would-be patrons.

Let’s take a closer look at reservation fraud and how to stop bad actors from feasting on reservation apps.

A maître d’s worst nightmare

After scammers land a restaurant reservation—typically at a ritzier establishment—they attempt to sell it on Craigslist, Facebook Marketplace, and other classifieds. The poster withholds vital information from unsuspecting buyers: other folks have purchased the same reservation.

Imagine showing up for your anniversary dinner only to find four other parties have the same reservation—a party of ten with no table and no backup plan.

Craigslist ad for restaurant reservation
A recent Craigslist ad for a restaurant reservation

Duped customers are left with hurt feelings and empty stomachs, but restaurants, many still finding their footing amid the pandemic, suffer lost revenue and the likelihood that neither of these customers will return in the future. In turn, the restaurant blames the reservation app and may seek out a similar platform that isn’t so easily manipulated.

Does such a platform exist? How can reservation apps (and restaurants) turn the tables on bad actors?

Tonight’s special: preemptive fraud detection

Deduce recently partnered with a global restaurant reservation platform to solve its reservation fraud issue. The intelligence, scalability, and preemptive nature of Deduce’s solution was precisely what the app needed to put fraudsters in a doggy bag.

Malleability played a crucial role as well. Deduce created custom risk signals and provided a continuous authentication solution for the app, Improbable Travel, to neutralize phony reservation bookers. If someone in Kansas makes reservations at restaurants in New York, Los Angeles, and New Orleans for the same day, chances are it’s a ruse, doubly so for new accounts. By flagging such cases based on geolocation and account status, and referring them to the reservation app for manual review, Deduce’s tailor-made approach reserved restaurant tables for legitimate customers only.

A recipe for success

Deduce owes its flexibility and real-time fraud detection to its Identity Network comprising 500 million anonymized user profiles, gleaned from over 150,000 websites and apps, and over 1.4 billion daily activities. In fact, Deduce sees the majority of the transactional online U.S. population multiple times per week. It verifies users through risk signals, like Impossible Travel, and trust signals such as familiar device, familiar network, familiar activity, and familiar time of day.

These real-time risk and trust signals work in tandem to spot bad actors long before any malicious behavior can take place. In the case of a restaurant reservation platform, preemptively intercepting fraud is the way to a restaurant and app user’s heart: full tables, satiated appetites, less churn.

Are you starving for an effective first line of defense against account creation fraud and to prevent ATO attacks while reducing friction for legitimate customers? Contact us today and get set up in just a few hours.

Related Content

The Trusted User Experience: A Day in the Life

What does the Deduce Identity Network look like in action?

Mark Gavigan
May 3, 2022

What does the Deduce Identity Network look like in action?

In our previous blog posts we’ve discussed the value of identity intelligence, how data poverty can mix up risk signals, and shown how the Deduce Identity Network can enable a trusted user experience.

But what does our network of 500 million user profiles and 1.4 billion daily online activities actually look like in action?

To help illustrate how Deduce’s trust signals can significantly improve the user experience—and prevent the churn that CEOs loathe—here is a day in the life of a trusted user identity on our network.

Uber—8:17 a.m.

Meet Tom. Tom is a Deduce trusted identity. We don’t know his name is Tom (Deduce defines a profile via email, device, geo, and activity), but we know he won’t be launching a credential stuffing attack any time soon.

It’s a typical work day for Tom, and Deduce’s Familiar Time of Day signal is already pointing to trust. Tom is waiting for an Uber, standing on the curb in front of his house—a new house he and his wife moved into a few weeks ago. The Uber arrives. Tom buttons his blazer, tightens his half-Windsor knot, and heads to the office.

A few minutes later, when Tom decides to check emails on his phone, he realizes the email client logged him out and he can’t remember the right password combination. Given his change of residence, Tom’s new commute path to the office could trigger an MFA (multi-factor authentication) challenge; fortunately, Deduce’s IP Address and Time of Day trust signals identify Tom as a non-malicious user and increase his allotted number of password attempts. He’s in!

Uber—8:50 a.m.

Roughly 30 minutes after boarding the Uber, Tom remembers that his wife asked him to buy plane tickets for a spontaneous Vegas trip next weekend.

Tim is only a few minutes from his office and the ticketing app with the best deal isn’t installed on his phone. Even with just a few weeks of data, Deduce’s Time of Day/Day of Week trust signals—coupled with intel from multiple cell towers—recognize Tom is commuting and expedite the account creation and verification process.

Tom acquires the last-minute tickets with time to spare.

Office—9:27 a.m.

Tom grabs his morning joe and walks to his desk. After texting his wife that they’ll soon be swimming in daiquiris and poker chips, he logs into his office computer and checks his calendar.

Uh oh. A video meeting in three minutes AND it’s on a video conferencing platform he’s never heard of?

No worries. Tom downloads and installs the software then quickly creates an account without having to verify via OTP (one-time passcode). Deduce’s recognition that Tom is actually Tom—it recognizes the IP address and device ID of his work computer at the right time of day—allows him to enter the meeting right on the dot.

Home—6:48 p.m.

Tom and his wife get home from work. They’ve hardly unpacked since moving and navigating the labyrinth of boxes in the kitchen to use the stovetop is unrealistic. Pizza it is.

Tom’s phone is dead, so he grabs his wife’s tablet. He downloads a food delivery app—the same one installed on his phone—and logs in to order their favorite: a medium Hawaiian with extra pineapple.

A user logging in on a new device might trigger an MFA under normal circumstances, but Deduce knows Trusted Tom is accessing the app from his residence on a new, albeit still familiar, network. Deduce also identifies the device ID of the tablet, as Tom’s wife has used it on the network before.

The pineapple-on-pizza debate is contentious, but we can all agree that friction has no place in the user experience.

Want to steer clear of friction and churn? Contact us today to find out how you can treat your customers like trusted users, not bad actors

Related Content