As consumers become more accustomed to interacting with their service providers via mobile and online channels, security becomes a top concern for telecom, utility and pay TV companies. Moreover, personally identifiable information (PII) is often necessary to establish service, evaluate credit risk, and determine deposit requirements. With so much data at stake, taking progressive steps to protect your customers' data can help prevent losses and damage to your company's reputation.
When you are ready to add more security to protect sensitive customer data, how do you decide what is best? Forrester’s Andras Cser says, “Forrester sees more and more IT security professionals moving away from hardware-based two-factor authentication tokens toward risk-based authentication for customer access, as well as enterprise user access."
A risk-based system allows security to be applied across the board, but not at the same level for every user, every time. A user logging in from a secure corporate location usually presents less risk than one coming in from an out-of-town internet coffee shop. A user adding information to an online form presents one set of risks, but someone trying to access PII presents a higher level of risk.
Progressive authentication is our term for using an integrated set of tools for situation-based authentication of users seeking access to enterprise networks, data, and applications. Progressive authentication is a powerful way to solve the problems that Forrester recognizes as inherent in traditional authentication measures:
- Fragmented, haphazard approaches to identity authentication across multiple systems and multiple user groups
- Exorbitant costs of traditional hard token and card-based authentication measures
- Tardy, out-of-sync compliance efforts for multiple applications
- Lack of resources to implement tighter security controls
- Repeated breaches of supposedly iron-clad authentication approaches
Consumer data is a valuable commodity for tech-savvy fraudsters that recycle pieces of a consumer's identity to create fictitious or synthetic IDs. These synthetic IDs are then sold to other fraudsters or used to fraudulently acquire services. To help reduce your exposure, consider a progressive approach to protecting customer data.