As data privacy laws are becoming more common and more strict, many businesses are finding that the increased privacy comes at the expense of true data security. Depending on the compliance laws that you have to follow, you may find that utilizing fraud prevention services is not especially effective. Being unable to track customers, while ostensibly desirable, can inhibit legitimate fraud detection cookies and prevent effective fraud filtering.
While there isn’t much you can do about this without violating compliance law, you can protect the data willingly provided by customers. Focus on personal data security, and you may be able to balance privacy with fraud prevention.
Data Privacy is on the Rise
Europe implemented the General Data Protection Regulation (GDPR) in 2018 to prevent personal information from being traced to consumers and to minimize data collection. Similarly, the California Consumer Privacy Act (CCPA), which also became effective in 2018, gives Californians the right to control their data, and a later amendment put stricter requirements for data collection and sale on companies.
Many companies use consumer data to inform sales goals, product development, and targeted advertising. Unfortunately, many companies also buy and sell consumer data. Between this practice and rising numbers of security incidents, consumer data has not been particularly secure or private. Governments have become concerned, and these regulations are designed to protect data, particularly private and identifying information.
Government initiatives aside, companies are feeling pressure from customers to keep data private. Companies that experience data breaches are increasingly facing litigation from affected customers, and some are increasingly pivoting to a security-first posture to keep customers happy. Facebook, for example, having suffered following its Cambridge Analytica debacle, has begun emphasizing privacy as a priority. Apple and Google have echoed these pro-privacy sentiments.
The Downsides of Data Privacy
Although data privacy is needed to prevent attacks, too much privacy can actually make security more difficult. If you were to make a purchase online, you would go to a retailer’s website, add your items to your cart, and then go to checkout. Once at checkout, you’re probably going to use the autofill option to put in your name and address. When it’s time to pay, you may put in your credit card details or select the PayPal button.
It all seems very straightforward, but there are a number of components that keep this interaction secure enough that you feel comfortable typing out personal information and your credit card number. Primarily, fraud prevention services working on these websites use cookies to monitor your online footprint and ensure that you aren’t committing fraud. This is a problem for Europe and California as the GDPR and the CCPA have restricted third-party cookies that are not integral to the functioning of the website.
Fraud prevention services have recently encountered a second obstacle. Due to the steep fines levied by these privacy laws for selling consumer data, many companies have stopped sharing information about customers altogether. This has made it much more challenging to detect fraud as the identities of known bad actors are being shared much less often.
These factors are making it more difficult to isolate fraudulent traffic from normal traffic. This has financial consequences for businesses, which are finding it more challenging to effectively filter traffic and are losing customers because of it. Whether a customer’s payment method is denied or his ability to access website pages is affected, sales are decreasing in part due to customer frustration. At the same time, fraudulent transactions are not being blocked as effectively, leading to chargebacks and lost revenue.
Balancing Data Privacy and Fraud Risks
Obviously, you don’t want all of your data to be floating around cyberspace. Data privacy is important, but the need for it must be balanced with the need for strong anti-fraud solutions for the smoothest, most secure online experience. To keep your customers without sacrificing data privacy law compliance, consider using automated data discovery.
Rather than relying on cookies, data discovery focuses on identifying and correctly classifying the consumer data that you already have. Personal information that the customer willingly shares with you needs to be carefully protected, even if you don’t have much control over their online fingerprint. However, the most important thing for your organization is legal compliance, so you should focus on minimizing your risk of a security incident and self-auditing to confirm that there is no misfiled sensitive data.
Hopefully, privacy laws will evolve to have exceptions for fraud detection services; however, for now, the emphasis is on maximum privacy. Protecting your applications and databases with security solutions like firewalls and data discovery and classification can help you prevent a breach. Monitor access logs for your data and traffic patterns to your site or application to detect suspicious activity. You might not be able to profile and catch a fraudster, but you can use your data privacy tools to help keep the attacker out of your sensitive information.