How To Collaborate When Fighting Fraud: Go Providerless
Fraud fighters know collaboration is a powerful weapon. Collaboration means catching attack trends and compromised data early on, while providing a seamless experience for known good users. But typically, companies are forced to work alone, and criminals know it — and they use it. They plan attacks across multiple sites simultaneously and often focus on specific industries, taking full advantage of the fact that their targets work in silos.
Why Collaboration is King When Fighting Fraud
Fraud prevention professionals want to collaborate. Fraud teams want to collaborate.
Fraud professionals are always willing to share best practices and explain new tricks, tools or techniques. There are numerous forums, social groups and conferences for exactly that. But when no one shares data, they can only take fraud fighting so far.
Companies need to know which users and details are legitimate, compromised or fraudulent. This makes access to information beyond a company’s own data absolutely vital. Until now that’s meant working with data providers who aggregate (and resell) data and the knowledge it provides.
E-commerce, and the modern online economy, wouldn’t be where it is today without these data aggregators. Of course, industrialization wouldn’t have happened without burning fossil fuels. That doesn’t mean we shouldn’t revisit the choice of fuel we use. And the new oil, they say, is data.
There’s good reason to revisit the provider approach. These data aggregators come with side effects including, but not limited to:
- Old, Stale Data. Data providers aren’t incentivised to keep their datasets clean and up to date. On the contrary: they want to boast as many data points as possible. Moreover, providers only see a small part of a user’s activity. But old or incomplete data is a risk when fraudsters move at the speed of bots and good users regularly update payment information, addresses, etc. Fraud teams need fresh information they can rely on.
- Data Exposed to a Third Party. In order to verify data, companies have to share it with their providers, resulting in data proliferation — and in third party data breaches like Equifax. This approach is insensitive to the concerns of today’s consumers, who value their data privacy. And it’s not fair; in addition to charging for data queries, data providers then go on to sell their customers’ precious data.
- Being Locked In. Once you start providing data to a data provider, it’s hard to stop. You become dependent on the relationship. This is especially true if companies in a single industry intentionally use the same provider to create an informal network.
Ideally, companies could work together without the side effects. They could cut out the middleman of a data provider (or several) and instead collaborate peer-to-peer. They’d go providerless.
Why Companies Should Consider Going Providerless
Providerless is the next step in the evolution of collaboration. Working peer-to-peer, as opposed to through a provider, has distinct advantages:
- First Party Data: Fresh, Reliable, and Holistic. Users give companies new information all the time. They update addresses, payment methods etc. That’s the great advantage of first party data — it’s always fresh. Working peer-to-peer, using exclusively first party data, makes identity verification more accurate.
- Streamlined User Journey. Good users won’t need to jump through hoops to prove their identities as other companies can vouch for them.
- Catch New Attacks Quickly. Fraudsters attempting to use stolen details against more than one business will show up on a peer network quickly, making the attack visible and easy to stop early on.
- No Data Exposed to Third Parties. As no data is ever shared with an aggregator, your customers’ data is never exposed in someone else’s breach. Given that a Ponemon study found that 56% of respondents had been affected by a third-party data breach, this is a change that needs to happen — soon.
These advantages have become clear to many industry veterans, influencers and experts, who have started moving towards possible implementations of providerless fraud prevention.
Many of these rely on blockchain, which can be a persuasive technological solution for a number of problems. However, blockchain-based providerless solutions run into difficulty with identity verification, partly because they require network members to share data on a ledger.
Identiq: A Private Providerless Solution
Identiq has created a providerless network that enables companies to collaborate with their peers without sharing any sensitive data whatsoever. Unlike with blockchain — and, of course, contrary to the provider model — no private data is shared, transferred or copied. Each company retains its own data.
As sensitive data is never shared, but can still be validated, companies can now check data points they simply couldn’t before. Information such as credit card ownership or bank account details. This peer-to-peer network uniquely enables its members to verify data that can’t be validated anywhere else.
Of course, it’s also much better for data privacy, protecting the company now and future-proofing against legislative change. And there are no strings attached; if a company leaves the network, their data leaves with them.
Consider Going Providerless
Providerless fraud prevention solutions have access to fresher, more accurate first party data and current fraud trends. A private providerless solution combines this with the ability to verify completely new elements, like payment information. It’s also far better for data privacy.
That means both best practice and better results. So next time you’re evaluating the latest fraud tools out there, go providerless.