Online Identity Fraud: It’s not just about credit cards

Whether it’s your credit cards or your loyalty programs, simple and seamless customer transactions are key, but how do you make sure they’re secure?

“Hello Mr. Marti, this is Christine with ABC Credit Card Company. We have noticed some unusual purchases on your account.”

Have you received this call?  I have three times, and in each case I was the victim of fraud. And when you hear the term “identity fraud” – you immediately think “credit card fraud.”However, there are many ways to commit online fraud and consumer loyalty programs are one of the latest targets.

In the past two years, we have seen a wave of attacks aimed at loyalty programs. The airlines were hit hard with United and American Airlines and British Airways, all announcing breaches. Hilton also had its loyalty program hacked. More recently, Kohls experienced a breach. In each of these cases, hackers compromised the users’ accounts by stealing their credentials and then logging into the loyalty program site with them.

Loyalty program breaches not only result in financial losses for the business, they also may result in lost customers – the opposite of what a loyalty program is intended to do. According to a recent study, 85 percent of respondents claimed they would take their business elsewhere if their favorite retailer experienced a data breach.

Fighting online identity fraud

As organizations address the security of their loyalty program sites and apps, they can look to the payment card industry for best practices and lessons learned in combating online identity fraud.

The credit card industry has long been a target for fraud and has deployed an array of technologies to fight it, especially for online purchases. But they also learned that increased security can also lead to transaction abandonment and lost revenue when too much friction was introduced into the process.

In fact, approximately 13 percent of all abandoned shopping carts is due to friction caused by securing the credit card transaction.

To address the friction problem, the credit card industry discovered that combining risk analytics and user behavioral profiling to the authentication and authorization process could significantly reduce the abandonment rate. One credit card issuer found that adding CA Risk Analytics to its CA 3D Secure solution, CA Transaction Manager, reduced the abandonment rate to under one percent and saved over $3 million dollars in the first three months of implementation.

And this approach also works for other types of transactions. One customer implemented CA Risk Authentication to block hackers attempting to authenticate with stolen login credentials. They found that almost one percent of all logins were fraudulent.

This may not sound like a lot, but that customer is processing about 2.7 million logins per month, which equates to almost 27,000 fraudulent logins per month. Imagine the impact to the user’s experience if they added increased security (e.g., out-of-band SMS) to every login.

By applying risk analysis and user behavioral profiling, they minimized the number of transactions that required step-up authentication, and thereby minimized the amount of friction to their legitimate customers.

Balancing security with convenience for a positive customer experience

In the end, protecting against online identity fraud boils down to balancing two things – security and a positive customer experience to reduce customer abandonment.

How much do you value consumer user experience? To help you answer this question, ask yourself:

  1. Are you worried about hackers authenticating to your mobile and web apps with stolen customer login credentials?
  2. If you were to implement your ideal authentication mechanism, how would it impact the user experience?
  3. How easy or hard is it for your users to switch to a competitor’s products and services?


If the impact to user experience and the risk of customer attrition is small, then maybe any stronger authentication credential is fine. But if you value both, then the time right for contextual, risk-based authentication.

Find out more about how contextual authentication can help verify a user’s identity without getting in the way. For more information, check out our new YouTube Video.

As product marketing manager in CA’s Security business, Rob is responsible for messaging, positioning, and…


Modern Software Factory Hub

Your source for the tips, tools and insights to power your digital transformation.
Read more >
Hitting the Agile Wall: How to Overcome Transformation FatigueTim Mitra Blends Art and (Computer) Science at TD BankT-Mobile's Agile Challenge: Changing Corporate Culture from Within