Identity Theft Prevention on Cyber Monday
By Greg Smith
As companies brace themselves for the recently added holiday known to American shoppers as Cyber Monday, they should be aware of the potential security threats looming with the activity centered around the largest online shopping day of the year.
Traditionally, consumers have flocked to brick-and-mortar shopping malls on Black Friday, the day after Thanksgiving, to commence their holiday shopping. Although Black Friday is still considered to be the official start of holiday shopping season a new shopping holiday has emerged. Cyber Monday, a term officially coined in 2005 by the National Retail Federation’s Shop.com to describe the first Monday after Black Friday, has become just as popular as its predecessor for consumers looking for great deals on holiday gifts.
A 2012 Holiday Readiness Survey conducted by SOASTA found that 92% of Americans plan to shop for the holiday season. Of those holiday shoppers, more of them plan to shop online than at brick-and-mortar stores (75% and 69%, respectively). Another 75% want companies to create a specific Cyber Monday website that can handle millions of people shopping for the holidays at once.
With the ever-growing popularity of Cyber Monday, retailers engaging in e-commerce should be aware of greater risks such as unnecessary processing queries and identity theft. When it comes to the security of online transactions, there are typically four ways that companies validate customers’ identity information when completing an online purchase transaction.
The first validation method is through a customer’s address. Customers’ addresses can be verified, but companies face the difficulty of dealing with inconsistent information within a number of different fields in an address listing. For example, a customer might have the word street abbreviated as “St.” instead of being written out. The process of accurately aligning all of the information contained within a customer’s address with the exact term a company may use to verify the information can be a daunting task, and is not the most effective method for validation.
Credit card validation
Companies that choose to validate customer identity information for an online sales transaction via a customer’s credit card number face potential challenges. When processing a transaction, the credit card number is typically one of the last pieces of information collected from a customer at the POS. For this reason, it is better to validate customers’ identities with information they have provided earlier in the sales process than it is to run the sale with an incorrect credit card number.
In the case where a credit card charge is attempted and it is invalidated, the company trying to process the card still has to pay the credit card company a fee for the transaction. Retail companies pay credit card companies for processing credit cards whether it works or it does not work. This can be an expensive way to determine if the customer and credit card number are valid and is typically not the preferred method of customer identity validation.
Social Security number validation
Companies can also use a customer’s Social Security number to verify their identity matches their payment information, but this segment of data has traditionally been one of the most difficult validation methods. Social Security numbers are very easy to falsify because the numbers are not readily available and there is no way to look them up unless one has access to government records.
Phone number validation
A company can also verify customer information using the customer’s telephone number. This has proven to be one of the best ways to validate information for an online sale. This segment of information is typically not forged because phone numbers can easily be validated by almost anyone, simply by calling the number. The only drawback is that physically calling a phone number requires a great deal of time and man power, making it a slow and expensive process.
This is where companies, such as Accudata Technologies, can help online retailers lower some of the risks and fees associated with online purchases. Accudata’s automated service quickly validates a phone number, reducing the time and money wasted on less accurate, labor-intensive data validation services or, even worse, on bad leads.
Accudata can validate telephone numbers in real time, literally as users enter their information into online forms. To put the speed of validation into perspective, the information is verified in the same amount of time that it takes to make a phone call, which typically occurs in two to three seconds. This serves as a great deterrent to inaccurate or false information.
Starting with a landline, Voice over IP or wireless number, Accudata can confirm that the number entered by the consumer is operational and is correctly registered as of the previous 24 hours. The phone number is also linked to a variety of information sources about the customer that can be useful for validation. For example, a retailer can check if the last name, city or state associated with the phone number matches the information on the credit card. Retailers can also verify other types of information such as whether the number is a wireless or landline account. The more information a retailer may need, the more information they can get relative to a phone number.
As more and more people continue to forego a traditional landline and depend solely on their wireless phone, it is becomingly increasingly important for companies to validate the information tied to these numbers. This becomes even more critical given the frequency with which mobile numbers change from user to user. Accudata’s “AccuSure” service can validate that the wireless numbers on file are still registered to the individual the company is trying to reach.
In the end, obtaining and using the customer’s phone number provides a safe and reliable first step for the identity validation process and a simple means to add security during online purchase transactions on Cyber Monday. The option is inexpensive compared with other alternatives, and is a great way for companies to improve the efficiency and safety of their sales processes while avoiding online fraud.
Greg Smith is the chairman, president and CEO of Accudata Technologies, which provides flexible access to data validation through innovative approaches to data transmission. The company serves as an access hub for validating information associated with traditional, mobile and IP-based telephone numbers. Its validation services include translating information between diverse protocols such as SS7, PSTN and IP via a patented process in order to access local number portability and line information databases (LIDBs), Calling Name (CNAM) databases, billing name and address information, Internet lead validation and the aforementioned bankcard transaction verifications.