{{ searchResult.published_at | date:'d MMMM yyyy' }}

Loading ...
Loading ...

Enter a search term such as “mobile analytics” or browse our content using the filters above.

No_results

That’s not only a poor Scrabble score but we also couldn’t find any results matching “”.
Check your spelling or try broadening your search.

Logo_distressed

Sorry about this, there is a problem with our search at the moment.
Please try again later.

When we tell businesses that getting to know their customers is vital, it’s not just so that they can provide the best possible customer experience for them.

Getting to know your customers is most crucial when it comes to helping businesses identify enemies disguised as customers.

Fraud is becoming increasingly widespread since the dawn of ecommerce and as it becomes more and more sophisticated, we need greater visibility to fight malicious activity on our websites.

Fraudsters’ warfare is based on deception, but the same data-led ideas that help us improve customer experience can be turned to unravelling fraud and disputes. So here are my top tips for any business facing a potential data breach:

1. Use behavioural analytics to detect suspicious customer activity

Behavioural analytics have become a vital part of meeting growing expectations of customer experience. Businesses are now able to collect and analyse vast amounts of information on why customers may have abandoned a transaction, what types of content make customers buy or convert, and how visitors behave on different devices.

Analysing this data can help them understand customer behaviour and improve the quality of experiences across devices and channels.

But, capturing and preserving online customer interactions also enables detection of fraudulent activity either in real time or post mortem.

For example, if a business spots from previous interactions that a customer frequently orders products using different card numbers, email addresses or delivery addresses and promptly returns them, they can delve deeper into the customer’s order history and account information to investigate.

Once detected, suspected fraudsters can be automatically blocked access from site access, and goods can be prevented from leaving the warehouse until further investigation.

2. Take advantage of advanced forensic software tools that will help you replay website user sessions through the eyes the potential fraudster

Forensic investigations can explore the whole stream of data traffic, look for unusual behaviour or patterns in account numbers, IP addresses and email addresses, credit cards numbers and the items purchased. Ideally, security researchers will be able to replay malicious site visits through the eyes of the enemy.

3. Act quickly to understand the full impact of the breach

Once a breach is discovered, businesses must act quickly to understand and be able to report on the potential full impact. Which accounts were breached? What personally identifiable information was displayed – and to whom?

Often, fraudsters do things that are not transactional in nature – i.e. there are no data changes on the backend. So, what is the harm? If personal data was obtained, this can be very dangerous because it may be used in subsequent attacks.

4. Notify the affected parties while causing minimal disruption to the brand’s reputation

When an attack succeeds, businesses must also notify all affected parties. However, remedial action can be even more damaging.

If the company doesn’t know what information was disclosed, then it has to notify its entire user base, which can be very public, embarrassing, and expensive.

The cost of each letter as well as the typical remedial credit protection subscriptions for customers soon ramp up.

Along with the loss of priceless reputation in an era when venting on social media is rife, this can have a huge impact on a business’ bottom line.

5. Continue using tools to identify potential data breaches in near real time

Identifying and understanding fraudulent activity before it gets out of hand is never easy, but businesses now have the tools they need to help them monitor all customer activity and replay customer sessions instantly as and when needed.

By keeping a constant record of what is happening on your site, the scope of data breach remediation can be contained to the truly affected parties to avoid unnecessary publicity that will be a detriment to the brand.

For more information on this topic, read our posts on 'Why Cyber Security Matters' and 'Why cyber security is about people, not technology'.

Avatar-blank-50x50

Published 29 May, 2014 by Bill Loller

Bill Loller is Vice President, Mobile at IBM and a contributor to Econsultancy. 

5 more posts from this author

Comments (1)

Pete Austin

Pete Austin, CTO at Fresh Relevance

Good post. I agree with your suggestions. But please can readers think twice before blocking fraudsters, because once you've spotted them they are harmless and the more evidence that you can gather about their methods the better - whether or not you choose to go to the police.

I'd also like to add that businesses don't need advanced forensic software tools to monitor user behavior - real time marketing systems such as that from my company lets you do much the same thing. The tools that you are already using are better than specialist tools that you've not bought yet.

My company (and probably other real time marketing systems) provide real-time reports on user behavior for support purposes, because it's very useful when a customer has a problem if you can see what they *really* did. We delete the detailed data quite quickly to protect privacy - unlike security firms I assume - but we have been able to investigate suspicious activity for our clients on several occasions.
http://www.triggeredmessaging.com/real-time-marketing/convert

One request, re: "Fraud is becoming increasingly widespread since the dawn of ecommerce". Do you have a link to the figures?

As a reality check, I checked rates of credit care fraud, which is not the only type but I suspect maybe the biggest. In the UK, that reportedly peaked around 2008 and has fallen since by about 30%. See: http://www.financialfraudaction.org.uk/Publications/#/8/

about 2 years ago

Comment
No-profile-pic
Save or Cancel
Daily_pulse_signup_wide

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Daily Pulse newsletter. Each weekday, you ll receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.