Financial organizations, collection firms, e-tailers, health-care providers, insurance companies, service providers, associations, and gaming sites that offer online accounts share one common problem: ensuring that the online experience of their account holders is safe and secure, according to “Securing the Online Experience,” a report from Aberdeen Group.
Since online fraud continues to rise and consumer confidence is low, organizations are faced with bolstering the security of their customer-facing applications and instilling confidence in their users, says report author Carol Baroudi, Aberdeen research director, IT security.
The best firms increase accounts, online transactions and online transactions per user while also cutting fraud incidents and losses attributable to fraud, according to Aberdeen.
Of the firms sharing those characteristics, 92 percent authenticated users upon creation of the accounts; 84 percent used encryption and 68 percent monitored transactions, according to the report.
“Security perceived as too onerous is ignored – making something too difficult means that people simply won’t do it,” Baroudi said in the report. “Although many security technologies that could conceivably be applied in an online services context have existed for a long time, when the choice of adoption has been put to the accountholder, for the most part convenience has won out.”
Baroudi concludes that the best firms add security solutions that are invisible to the user, and offer easy-to-use security solutions such as hardware tokens that accountholders are demanding, according to the report.
Accountholder education on safe online practices, such as not sharing a password, is another important security element, the report added.
Another critical element of stopping fraud is detecting it in real time, which is facilitated with technologies for real-time analysis and reporting, the report said.
Firms that have yet to achieve best in class status should strive to better measure fraud incidents, add automated anti-fraud directory systems that eliminate transactions with entities that other account providers have recognized as fraudulent, implement authentication upon account initiation and use the Payment Card Industry (PCI) Data Security Standard, the report recommends.