As data silos continue to break down and digital commerce sales skyrocket, cybersecurity promises to take center stage. According to a report from PwC, half of all U.K. companies have fallen victim to fraud over the last two years. While the financial impact of fraud has been widely documented, there are plenty of other costs to consider as well. More than 75 percent of U.K. organizations that have experienced fraud believe it has negatively affected business relations as well as employee morale.
To help combat cybercrime, companies within the U.K. are making every effort to comply with new regulations – including an updated Payment Services Directive (PSD2) and General Data Protection Regulation (GDPR). By making financial records more widely available, increasing transparency and introducing stronger protections of consumer data, regulations stand to encourage data sharing between businesses without exposing consumers to fraud.
Recent news, however, suggests American businesses aren’t as prepared for the changing regulatory landscape. On the very first day GDPR went into effect, Facebook and Google were accused of violating a provision on consumer consent. U.S. banks and digital businesses still have a long way to go toward striking the right balance between security and customer satisfaction. By following in the footsteps of U.K. companies that have embraced new regulations, U.S. companies can craft a customer experience that is both seamless and secure.
Implement trusted identities
Data breaches are all too common. Only a few months after data from more than 5 million Lord & Taylor, Saks Fifth Avenue and Saks OFF 5th customers was compromised, marketing firm Exactis inadvertently left personal records of over 340 million U.S. citizens and businesses exposed on a public server. Data from the 2017 Verizon breach report showed that 81 percent of breaches involve passwords. Businesses looking to buck this trend are turning toward a more secure approach including two factor authentication. The challenge however is that 2FA typically causes user inconvenience and so the goal becomes increasing security while providing a better UX than passwords.
Capable of removing some of the difficulty associated with other security methods such as passwords, trusted identities make for a more convenient and secure experience. Consumers who once struggled to remember the answers to their own security questions can instead use a trusted identity on their phone or smart watch to quickly access applications and give consent for transactions and approvals. Another promising approach for trusted identities is an embedded virtual smart card on the user’s device. Better yet, security standards don’t take a dip. Trusted identities can be tracked and verified, and also help set the stage for a frictionless and secure experience.
Stay proactive
While U.S. regulations may not mirror those within the U.K., it’s only a matter of time until the progressive ideas behind PSD2 and GDPR make their way across the pond. For example, open banking – which is driven by PSD2 compliance – is about more than just greater transparency around how banks share consumer data. U.S. banks and businesses aiming to get ahead of the curve should be mindful of the impact open banking can have on open APIs. As consumer data is made more accessible, open APIs will become more commonplace, and even expected. The result? Increased opportunities for third parties to build applications and services.
In addition to keeping an eye on open banking, digital businesses would also be wise to reevaluate their policies surrounding personally identifiable information (PII). In Europe, PII belongs to the customer – not a bank or company as is often the case in the U.S. These changing attitudes regarding data ownership are indicative of the need for action among banks and businesses. By allowing consumers to opt out of data collection and asking for permission to use data, companies can gain a leg up on the competition.
Although regulations have driven much of the change outlined within the U.K., the same may not hold true in the U.S. Businesses should remain conscious of consumer preferences and industry cooperation. While regulation carries plenty of weight, those two factors promise to play an equally important role in determining whether greater consumer control, privacy and flexibility make their way into the market.
U.K. companies are quickly embracing new regulations – and for good reason. A steady increase in fraud over the past few years has left U.K. businesses scrambling to minimize potential losses. That same sense of urgency, however, isn’t as evident within the U.S. where companies are often afraid that they will have to sacrifice usability for security. However, by bringing aboard trusted identities and introducing the control, transparency and security customers are looking for, U.S. banks and digital businesses can gain the same competitive edge their U.K. counterparts already enjoy without having to compromise.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.