Four ways businesses can rebuild consumers’ digital trust

password manager security
(Image credit: Passwork)

Social media scams continue unabated – platforms are awash with fraudsters due to their lack of accountability when it comes to verification. If you haven’t fallen victim to one yourself, you’ll almost certainly know or someone who has, or have at least seen the swell of stories in the news. 

Digital platforms are proving to be a lucrative hunting ground for fraudsters, who are predominantly targeting young users online. 

The resulting impact is rock bottom levels of consumer trust in social media. It’s no surprise research from Callsign found just 29% of consumers have confidence in social media companies to protect their data.

About the author

Steve O'Malley is General Manager, EMEA at Callsign

It suggests many users feel not enough is being done to make platforms safe, with there still being gaps for criminals to exploit. In April of this year, both Google and Meta pledged to only allow registered financial firms to advertise on their sites. Despite this, these pledges are only voluntary, and cybercriminals have still been able to operate in this space. 

This also doesn’t account for how easy it is for illicit actors to set up fake social profiles, due to the low levels of required verification. These allow criminals to impersonate individuals across a whole range of potential scams. 

All this creates an environment which erodes user trust in these platforms. And the perceived lack of action is only driving consumer trust levels further down. Beyond just social media, for any brand which interacts with consumers online, it’s time to take note.

How to rebuild digital trust from the bottom up

1. Making a mindset shift on digital identity 

Acknowledging the importance of a digital identity will unlock greater trust in online services, from social media to mobile banking. 

Certain organisations don’t verify online identities when users join their platforms, allowing bogus accounts and synthetic identities to be set up for rogue and abusive activity. Other businesses only focus on the first online interaction, such as a log-in to an online account, which means that consequential activity goes unchecked. 

With the digital revolution in full swing, it’s essential for companies to change their approach to confirming identities online. Older models for authentication are currently not fit for purpose and are ripe for exploitation because they are over reliant on one or two weak pathways, rather than layering multiple data points. 

As our online economies continue to grow, it is critical that we change how we truly confirm someone’s identity online and the technology we have today allows us to accurately identify genuine users – ensuring they are who they say they are – and let them get on with their digital lives. 

2. Positively identify 

The approach of positively identifying a genuine user is the only way to ensure true authentication in the digital world. 

Most methods of authentication do not prove that today. A fraudster using genuine credentials such as a username, password or OTP looks like the genuine user they are masquerading us, when all that they’ve proven is that they have the username, password or possession of a stolen device to access a service. Using behavioural biometrics, which are unique muscle memory to everyone proves beyond doubt a person’s identity and is an authenticator that fraudsters cannot mimic. 

3. Take a multi-layered approach 

Companies can now use technology to identify genuine users rather than just identifying potential fraud – but they need to adopt a multi-layered approach. 

Digital identities are created by drawing on thousands of data points unique to an individual user, ranging from their username and password, to where they are using their device, to the speed of typing or swiping of a mobile phone. It builds a rich picture of ‘who’ a person is which can then be used in verification.

Layering contextual data, including device, location and threat detection, along with behavioural biometrics to identify genuine users, means there is less reliance on a small amount of evidence - or a single point of failure. It gives multi factor authentication in minimal steps. 

Over time, organisations can take these factors into account as a way of further reinforcing digital identities, developing their understanding of users’ genuine behaviours as a way of protecting the system. This method goes beyond AI-predicted models which can be open to bias or inaccuracies. 

4. Secure data without invading privacy 

Beyond behavioural identification, the principles of data obfuscation and minimisation also need to be included. This involves masking the sensitive data of users confirming that the person is the right person based on behavioural patterns and not intrusive PII data protecting user privacy. 

And with 59% of global consumers saying they are confident in banks and financial services to operate ethically when it comes to managing, using and protecting consumer data, it’s clear that the foundation for trust is there – organisations now need to take heed and continue building on this. 

They must see the value in digital identity to ensure customers know their data is protected, otherwise digital services will hold us back rather than help drive growth.

Steve O'Malley is General Manager, EMEA at Callsign, and prior to this he held a position as MD, Northern and Western Europe at FICO, where he was with the organisation for nearly 20 years.