Preventing Fraud with Identity Graphing
Fraudsters love it when their victims aren’t paying close attention to the little telltale details that give away their schemes. Even when merchants are trying to be vigilant about fraud and are looking for the signs, it’s easy for isolated, seemingly disconnected clues to evade their notice.
Some cybersecurity experts have found new ways to detect online fraud through the use of identity graphing, a data management technique that marketers have been using to resolve customer identities across devices and platforms. How does identity graphing work, and can merchants use it to identify and prevent fraudulent purchases?
Whether they’re aware of it or not, most online consumers aren’t carefully maintaining a persistent online identity across the various devices, browsers, and networks they might happen to use.
They might have a work computer where they avoid logging in to their personal social media accounts, a home computer that gets shared by multiple family members each with their own accounts, and a smartphone linked to an Apple ID that they don’t use on any other device.
For anyone sifting through the trail of data this hypothetical person leaves in their wake, they might have a hard time determining exactly who, or how many people, created this particular trail of digital breadcrumbs.
The average American household contains at least ten internet-connected devices, and each person therein typically has direct access to four—two desktop computers and two mobile devices. They may not log in the same way on each one, but it is very likely that no matter how they’re getting online, they’re leaving identifying data behind.
For marketers, building a better way to identify visitors enables them to do things like target their messages more effectively and perform more accurate sales attributions.
The same techniques can be used against fraudsters who try to obfuscate their identities or impersonate others.
Either way, the challenge is in putting together scattered data from disparate sources, and it doesn’t help that merchants don’t always centralize all of their data in a way that makes customer identification easier. Identity graphing was devised as a solution to this problem.
What is Identity Graphing?
Identity graphing is the process of creating a database that assembles all of the potentially identifying customer data you can access, for the purpose of resolving that data into discrete customer identities. This allows you to create a single, unified, and complete customer profile.
The data that goes into an identity graph may include usernames, email addresses, phone numbers, device ID, membership card numbers, geolocation, and anything else you’ve harvested that can be used to differentiate one customer from another.
It should synthesize data from every source and database that the merchant has—their CRM, address book, point-of-sale system, social media followers, and so on. In the identity graph, no dataset gets left behind.
Identity graphing may reveal things like a customer logging in to your site from one account on their work computer, and a different account on their smartphone. Or it may show you that two different members of the same household are accessing your site through the same account—but shopping like the very different individuals they are.
The process of making sense of customer identities through all this data is called identity resolution, and it can be done in two different ways:
- Deterministic matching, which uses confirmed, unique identifiers (like a phone number) to connect identities with total certainty.
- Probabilistic matching, which makes inferences from identifiers that are likely, but not certain, to indicate consistent user identity (like IP addresses) to point out possible connections between identities.
Probabilistic matching, though not entirely foolproof, can draw on machine learning and artificial intelligence to infer connections even when the user is taking active steps to mask their identity—as fraudsters often do.
While identity graphing is widely used by some of the biggest tech giants around, there is no standardized model for how it should be done. Third party solutions are available, but some merchants choose to create their own identity graphing databases.
How Can Identity Graphing Detect and Prevent Fraud?
Defending yourself against ecommerce fraud always requires a multilayered approach, but there are many scenarios in which it can be helpful to have better ways to identify and track fraudsters. Here are a few examples of situations in which identity graphing can be an effective defense against fraud:
- Account Takeover
An identity graph makes it simple to tell when the same individual is logging in to multiple accounts, or when all of the identifiers associated with a particular account suddenly change. Identity graphing can enable merchants to automate the process of screening for accounts that may have been compromised by takeover attacks.
- Referral Fraud
Merchants who offer referral rewards may find themselves targeted by fraudsters who quickly organize to qualify for the rewards even though they have no intention of becoming customers in the future. Identity graphing can make it possible to see, for example, if multiple referrals all came in from the same household.
- Synthetic Identity Theft
Increasingly, fraudsters are relying on synthetic, rather than traditional identity theft. This is when they combine personal data from multiple individuals to create a new, nonexistent identity to use. The discrepancies and inconsistencies that can give synthetic identities away are easier to spot with identity graphing.
Identity graphing can also help to differentiate individuals with identical or shared identifiers (such as the same name), which can help prevent false positives from being generated by your anti-fraud filters.
Merchants have to get creative and resourceful when it comes to fighting online fraud—the fraudsters are doing no less on their end.
Any merchant who has begun the process of researching or implementing identity graphing solutions for marketing purposes have a great opportunity to maximize the value of their investment by looking into ways in which they can leverage their identity graph to detect and block fraud.
Just remember that while identity graphing can be a powerful new tool in the fight against fraud, a comprehensive approach is always needed, along with deep analytics to determine the true sources of the fraud and chargebacks that are impacting your revenue.
If you need expert help in figuring out the best way to protect your business, remember that the Gurus are always here for you.