InfoSec Insider

Pairing Privacy and Security with Digital Identities in Retail

Omnichannel views of customers are a competitive edge — but they have to be appropriately implemented.

As today’s customer expectations for digital shopping continue to escalate, many online retailers are leveraging consumers’ unique digital identities to provide a seamless and secure account registration and login process. However, it’s important to recognize the security and privacy implications in implementing such an approach.

Forrester Research found recently that just 35 percent of retailers have the right technology to execute a consistent omnichannel strategy, and only a third (33 percent) have visibility into consumer behavior across channels. This is a problem given that the typical retailer may have multiple web properties with different URLs due to acquisitions and multiple mobile applications, all of which require different user logins. This hinders a smooth omnichannel experience and prevents insights into unified customer data behind the scenes.

This also can block an understanding of what the “same” consumer has consented to in terms of privacy (there are possibly noncompliant inconsistencies in executing the consent instructions because they differ per profile).

Because of this, many retailers are missing opportunities to turn potential shoppers into buyers. Statista found that 75 percent of online shopping orders across all industries were abandoned in 2018 alone. This level of cart abandonment is partly caused by friction in the account registration and login process that can deter new or returning customers from completing transactions.

The real-world implications of failing to gain a 360-degree view of the customer can be seen in former giants like Toys ‘R’ Us, Sears and Brookstone all recently closing or filing for bankruptcy.

On the flip side, a comprehensive digital identity approach enables retailers to combine customer data about buying habits and history across channels, brands and business units, all while securing the appropriate levels of consent. Working with enriched customer profiles can allow online retailers to reduce friction in the buying process, making the most of each customer interaction.

Look no further than Target, Amazon and Walmart for success stories, all of which have been thriving due to each company’s ability to offer a superior omnichannel experience and specifically leverage customers’ digital identity to expedite online’ shopping experiences by reducing the overall time it takes from login to checkout.

Amazon is an excellent example of the power that digital identity can grant an online retailer. Amazon’s “one-click” ordering is an example of how the retailing giant uses what it knows about its customers to reduce the time it takes to complete a transaction. However, this example outlines some of the privacy and security concerns surrounding digital identities.

For instance, if an unauthorized individual obtained access to user accounts, then that nefarious person could make fraudulent purchases across all channels. So, online retailers must implement safeguards to detect anomalous behavior and trigger additional authentication to reduce the risk of suspicious purchases being made. Amazon for instance makes this possible by tracking customers’ behaviors and buying patterns and applying algorithms to determine if behavior (the geography from which a purchase is made, for instance) is consistent.

Also, storing the highly sensitive information associated with digital identities, such as payment card information, login credentials, billing and shipping addresses and so on, can cause privacy concerns from shoppers and place companies at risk of data breaches. Businesses should ensure that they adhere to data privacy laws and regulations, including GDPR in the EU and the soon-to-be-enacted CCPA, and retailers must comply with other security and data protection standards such as SOC2, PCI DSS, ISO27018 and ISO27001.

At the same time, businesses must put privacy and trust-building at the heart of the customer journey by giving them a new level of control over their personal data. This is imperative as PwC found that 87 percent of consumers will take their business elsewhere if they do not trust a company is handling their data responsibly.

Tools that boast features such as customer identity and access management (CIAM) also allow retailers to leverage digital identity by enabling them to connect, protect and respect the preferences of each customer, regardless of the devices, applications or other services customers may use in order to complete a purchase.

By appealing to customers’ specific criteria, retailers will earn their trust, reduce friction along the buying process, and boast increased sales figures by reducing cart abandonment. Using digital identity with the proper supporting tools allows retailers to recognize the added benefits of simultaneously addressing shoppers’ security and privacy concerns, and regulatory compliance.

Eve Maler is vice president of innovation and emerging technology at ForgeRock.

Enjoy additional insights from Threatpost’s InfoSec Insider community by¬†visiting our microsite.


Suggested articles