Information is gathered in an e-book that can be downloaded for free.
Cybersecurity and the fight against digital fraud need to gain space for debate, awareness and action. That's why Twilio, a customer engagement platform that drives real-time personalized experiences for today's leading brands, publishes a study in the form of an e-book, The Rising Cost of Fraud, explaining how companies can act to avoid problematic situations that impact themselves and their consumers along their digital and customer service journey.
There is a growing change in the human relations environment, which affects the personal, professional and consumer spheres: the transformation from the physical to the digital environment. This has generated and continues to generate an intense demand for more security in the treatment of digital data. Online fraud is an alarming situation, given the increasing number of companies facing hacker attacks in recent times.
Not every company suffers from fraud, but they all have to face the challenge of dealing with this situation, whether out of reaction or precaution. Fraudsters continue to innovate ways to obtain data and apply scams, both on businesses and consumers. “Twilio is very concerned about this scenario, which is why we've put together some recommendations that help companies deal with these issues,” says Raul Rincon, Vice President LATAM at Twilio.
One of the alternatives presented by the company is the use of APIs for checking data via phone number, including in contact centers, in order to authenticate and authorize users in more secure ways, which can help to greatly reduce the risk of fraud that affects companies and users.
“Everyone locks their houses when they leave. Not everyone understands the importance of a secure password or not logging in from personal accounts on public devices, for example. It is still a recent reality for society, and these people are both employees and customers of companies, so care is not only intended for the big names in the industry”, adds Rincon.
In the business landscape, the surface area of fraud is so vast that no one attack vector takes priority over the other. Information created from data breaches is used to commit fraud, exploit available amounts in digital accounts or take possession of benefits and services offered by companies. In addition, accounts that may seem harmless or useless, as they do not store data or values for monetary acquisitions, serve to increase the spread of fraud.
Consider, hypothetically, a hack into an inactive employee's account at a company (from an email that was not properly closed). This account, if hacked, can be used to trick other employees into giving them access to sensitive data, all from within the company's actual corporate email infrastructure. “Contact centers, for example, are easy targets, mainly because they are a bridge between the company and its customers. Balancing the security that needs to be implemented within these infrastructures, but still being able to create an adequate and valuable customer journey experience, is one of the biggest challenges today”, explains Rincon.
A significant portion of fraud is related to the famous bots. This risk is particularly high for nearly two-thirds of medium and large e-commerce companies. The costs of fraud only increase. Account hacks can cost up to U$ 15K per incident. Customer support teams can spend upwards of U$ 50.00 per event helping their customers regain access to their accounts. This weighs on the annual cost of corporations.
proof of identity
A major challenge lies in associating a real person with their digital manifestation, that is, proving that they exist. Checking a document (such as CPF or RG) during an online registration, for example, can discourage user interaction, impacting the customer journey. To balance the customer's demand for practicality with the company's need for security, it is advisable to allow quick user registrations, but with enough checks to reduce fraud and filter out malicious agents.
To do this, for example, confirmation of identity via e-mail is used. This is a very popular method these days, as email is something people are already wary of. Email is believed to be the best way to get in touch with a person. However, it is almost impossible to determine whether an email is fraudulent or not right off the bat. A newer technology is biometrics, but it is not necessarily better. Having a fingerprint or faces database is an interesting proposition, but that doesn't make this data impenetrable. They can still be stolen, and in that case, you can't just change your fingerprint like you do with a password.
Another verification method includes checking various personal information, as is standard in financial services, for example. In these situations, documents, addresses, etc. This greatly improves the chances of confirming that a person is who they say they are, but there is wear and tear on the user, which can impact the customer journey in a more everyday environment. Despite this, performing this task online is still considered less stressful than in person, which is positive in the customer's perception.
The smart use of phone numbers
Like an email, a phone number is easy to remember, but unlike emails, they are much more difficult and costly to falsify. A number is often unique to an individual, and while you can generate multiple fake email accounts quickly, doing so with phones is more labor-intensive and expensive for fraudsters, something they avoid. Phone numbers themselves carry interesting data. For example, you can tell if a phone number is landline, mobile or VoIP just by the characteristics of the number. The numbers are associated with specific countries and are linked to carriers. This already helps a company to filter fraud, especially using geography.
Android, for example, allows applications to present all the phone numbers associated with the device being used, so that identity can be reliably and automatically verified. When verifying whether a number is fraudulent, companies can also use methods such as sending a unique code, a 4-6 digit token, via SMS to ask the user to enter the number back into the app they want to unlock. This process is almost impossible to automate, which makes it very effective. Another option is to offer the person to receive a voice call, given that some numbers cannot receive SMS, for example.
Although SMS is not above worries, it still has many advantages. According to a 2021 GSMA intelligence study, more than 5.2 billion people send and receive SMS messages on their phones. That's about 65% of the world's population. This strategy can be used through a simplified API, such as Twilio Verify, which developers can easily integrate (activated with just two lines of code).
It is important to remember that, in addition to the use of security APIs integrated into solutions of different sizes and focuses, if your company defines well the identity checkpoints essential to maintain security, there will also be an organic adjustment of customer expectation, which will make him comfortable confirming his identity, as he will expect this at key moments of the journey.
To learn more, download the e-book on here.
