- Payment & Fraud Editorials
Date: 30 Nov -0001 Location: Delegates:
-
Ai Editorial: Data infrastructure – key to balancing CX and fraud prevention
RITESH 2 (30)
RITESH 2 (26)
#ATPS - Time to “play by own rules” to facilitate genuine orders
Ai Editorial: Biometric authentication – keeping it safe from hackers
Ai Editorial: Are acquirers becoming stronger allies for merchants?
Ai Editorial: Stepping up card payment conversion via deeper introspection
Ai Editorial: Why uncovering patterns of fraud with one approach won't work?
Ai Editorial: Payments - a fascinating discipline to follow in 2020
Ai Editorial: Establishing a proactive data protection mechanism
29th February, 2020
Ai Editorial: Astute infrastructure that facilitates capturing of real-time data and processing the same with minimal latency is key to setting up an apt risk assessment for legitimacy of transactions, writes Ai’s Ritesh Gupta
A key factor in sharpening a merchant’s fraud risk assessment for transactions relates to data infrastructure and its scalability. E-commerce players need to excel in this area, and ensure all of it is streamlined so that the experience of a travel shopper isn’t hindered. It is about conducting the check for the legitimacy in a fraction of a second, so that the evaluation doesn’t adversely delay the transaction/ payment. Travel merchants must be adept at probing and investigating data in real-time to sense fraudulent transactions or any other anomalous activity.
Fraud detection specialists acknowledge challenges associated with the performance of digital assets and the significance of a scalable application.
Some aspects that must be considered before looking at the infrastructure that support real-time fraud detection:
- Scaling is a bi-directional process: systems must scale up to meet increased demand and scale down when demand is low, as highlighted by SecuredTouch. Count on the proficiency of microservice workloads when it comes to scaling and automating. The team at SecuredTouch chose to scale horizontally by replicating services across the cluster, or scale vertically by adding new nodes.
- Evaluate budget: While stepping up the performance is important, one shouldn’t forget that initiatives like switching from HDDs to SSDs, adding intermediate caches etc. also tend to increase costs significantly, according to SecuredTouch.
- Processing data in real-time tends to be expensive and computationally intensive, so it’s critical to ensure the fields that are required in real-time are utilized for that objective, but the others are not. Also, here we are looking a real-time or near real-time processing. Then comes the methodological choice, and for this entities have to rely on the sort of data, its volume and the database.
Key infrastructure-related areas for fraud detection
The turnaround comes from having the capability to analyze data via cloud-scale data ingestion and real-time analytics. To garner and examine a huge magnitude of transaction data calls for a vigorous database component for storage and management. Plus, a large-scale distributed computing component for running algorithms is also mandatory.
Also, from infrastructure perspective, one has to do away with managing individual servers.
Streaming data requires a data architecture that can handle rapid input and on-time output with efficient data processing. At the core of the entire exercise is to bank on a query established in advance and the objective is to alter the input stream and evaluate it based on a fraudulent-transaction algorithm. And in case there is anomaly detection, the same is conveyed to the output interface.
Some of the infrastructure-related requirements when it comes to ingestion, storage, processing, and analytics :
- A major component is a real-time streaming platform and event ingestion offering, adept at processing a big volume of events per second.
- Another aspect is having the ability to pulling out relevant details from data streams to identify meaningful pattern and relation.
- Focusing on stringent security, for instance, how to deploy and manage cloud set up.
Key metrics, according to SecuredTouch, in this context are the time taken for a service to receive and respond to a request, and the time it takes to communicate with the end user.
In the whole exercise, the decisions that are related to right-sizing data, data processing method, the chosen database etc. are extremely important.
Keen on exploring fraud prevention and payment-related issues?
Check-out Ai’s conferences scheduled for 2020: https://lnkd.in/fE7UK_T
8th October, 2020
Fraud prevention specialists are delving into what sort of novel buying patterns are emerging as they look to foil fraudsters’ plans for fraudulent transactions.
A major concern, as always, is to ensure a fraudster’s attempt shouldn’t go unnoticed, whereas a genuine customer doesn’t end up being denied to pay for a transaction.
Think of evolving purchasing hours, device usage…there are too many variables to consider.
How to tackle the issue then?
Machine learning’s role in fraud detection can’t be undermined but it shouldn’t be forgotten that it takes time to recalibrate. Relying only on transactional data may not work at this juncture.
A human fraud analyst can take charge and control the situation, ensuring a genuine shopper’s experience isn’t hampered. Reviewing transactions manually is equally important. It is imperative to make the most of an automated machine learning system with a rules-based approach.
Cybersource aptly puts it – it is time to let merchants “play by their own rules”. If machine learning needs time to recalibrate to new trends, they can adjust settings themselves in their tools to minimize any negative impact. Analysts can work on business rules to eradicate false positives.
Join experts and explore new trends in payments and fraud at Ai’s Airline & Travel Payment Summit
#ATPS Virtual Conference 2020: 20 - 22 Oct 2020
21st February, 2020
Ai Editorial: Security safeguards and privacy-related initiatives are becoming stronger. Biometric authentication is an interesting tussle, and the industry is looking at negating fraudsters/ hackers’ moves, writes Ai’s Ritesh Gupta
Biometric authentication has numerous applications, and one of them is verifying/ authorizing a transaction.
Among all the options, facial recognition has gained traction because it is non-intrusive, easy to use and fast. It has gained prominence as it is being facilitated by our smartphones.
Since biometric authentication is about recognizing an individual without friction, rather than doing the same via a password or PIN, it stands out for augmenting the user experience with speed, ease of use and option to pay anywhere. But there are aspects that still need to be looked into. Be it for security-related risks, user privacy concerns or fraudulent transactions, repercussions are being probed at this juncture.
Plus, there are industry-related issues as well. For instance, this form of authentication does indicate that a cardholder himself or herself validated a transaction, but if the card network has no provision to use such data as the main proof, then that knowledge is useless.
Concerns
According to Gemalto, the efficacy of facial recognition systems is based on: false acceptance, false rejection and true positive (this describes when an enrolled user is correctly matched to his or her profile. This number should be high.)
As for concerns, artificial intelligence (AI)-based identity fraud is emerging as a serious issue. What is coming under inspection is the efficacy of biometric security measure such as facial recognition. A primary concern that a section of the industry is highlighting is hackers/ fraudsters managing to steal people’s faces. Recognition of one’s voices and face as a way to validate a person’s identity is under scrutiny with the rise of synthetic media and deepfakes. How damaging deepfakes can be, as they can perfectly imitate features of a person. Deepfakes are powered by deep learning AI. The algorithms behind this AI are fed large amounts of data. Eventually, by capitalizing on such data, “deepfake” videos manipulate audio and video using AI to make it appear as though someone did or said something they didn’t. It does pose a challenge to validating the legitimacy of information presented online.
As highlighted in one of Ai’s recent articles, initiatives are in the pipeline, focusing on automated deepfake detection. Identity verification specialist, Jumio emphasized that it is “vitally important to embed 3D liveness detection into identity verification and authentication processes”. The company is working on plans to combat advanced spoofing attacks including deepfakes. (It is important to know that not all liveness is created equal and many un-certified liveness detection solutions fall prey to deepfakes). Among the others, Facebook, too, last year was in news for working on a ‘de-identification’ technology to morph a person’s face so that they remain unrecognisable to facial recognition technology. Also, specialists are focusing on a certain kind of machine learning. In this type patterns in image data are spotted. It features a system of artificial neurons that copy the functioning of the human brain.
Companies like Apple acknowledge that much of our digital lives are stored on their devices, and it's important to protect that information . While technology in these devices can automatically alter modifications in one’s appearance, such as wearing cosmetic makeup or growing facial hair, the industry is also looking at areas like not unlocking with a sleeping face. Also, these companies are using smarter technologies. For instance, Apple has highlighted that the camera of its devices captures accurate face data by projecting and analyzing over 30,000 invisible dots to create a depth map of face and also captures an infrared image of face. Also, each time a user unlocks their device, the camera identifies by securing precise depth data and an infrared image. This information is matched against the saved mathematical version to verify.
Earlier this year, Apple asserted that a random person looking at a user’s iPhone or iPad Pro and unlocking it using Face ID is approximately 1 in 1,000,000 with a single enrolled appearance. For more, read here.
Keen on exploring fraud prevention, data privacy and protection issues?
Check-out Ai’s conferences scheduled for 2020: https://lnkd.in/fE7UK_T
18th February, 2020
Ai Editorial: Travel merchants, including airlines, are expecting their respective acquiring banks to contribute more than just processing payments, writes Ai’s Ritesh Gupta
Travel merchants, including airlines, have to focus on several aspects in order to streamline their cross-border payment acceptance.
Of utmost important is the shopper experience - from letting a travel shopper pay via their preferred payment method to ensuring their checkout experience isn’t disturbed with a unified approach to curbing fraud and disturbing even those transactions that shouldn’t be checked for authentication. Other than stepping up the authorization rate, businesses also need to keep the overall transaction fees in check. Plus, they need to prepare for better business decisions based on astute payments data, for instance, comprehending why transactions are being approved or declined with global coverage and granular reporting.
The role of the acquirer
The introduction of invisible payments or one-click transactions are experiences shoppers are increasingly getting used to, and every business needs to find ways to incorporate the same. And accordingly, the onus is on various stakeholders, including the acquirer, to chip in and facilitate the same for travel merchants. The entity, also known as the acquiring bank, is the financial institution that maintains the merchant’s bank account. It passes the merchant’s transactions along to the applicable issuing banks to receive payment. For airlines, hotels, OTAs etc., especially those operating in various countries, factors such as adding local payment options, too, are key to sustaining the desired conversion rate. It doesn’t come as a surprise when acquirers are being expected to support all payments types through all channels.
And the acquirer is also expected to contribute in other areas. A core of area of expertise is managing processing of cross-border payments in an adept manner. An established acquirer is expected to contribute in terms of “local acquiring” and bring down the rate of bank declines. And they key lies in working with only a few, or maybe one acquirer even for multiple markets. This tends to make reconciliation less complex for travel merchants. Another area is the settlement aspect. Also, the ecosystem has witnessed certain players doing away with the blended pricing model. There are benefits, for instance, when the interchange fees goes down, the overall costs also go down. There is now more transparency in terms of the cost of the processing, what is charged for the interchange, the processing cost etc. As for the future, one can only expect an increased level of standardization on a European level and globally, too.
As for dealing with card payment conversion, there are ongoing improvements that merchants are looking for. For instance, credit card decline codes are not standardized; they differ from one payment gateway to the next. Details pertaining to why a payment tends to get rejected can be provided by an acquirer and this in turn can boost the conversion rate. Even though the rejection or response codes offered by acquirers may appear dauntingly technical, it’s extremely useful to understand what they mean.
Travel merchants are assessing the prowess of payment analytics and evaluating key metrics pertaining to the overall payment flow. Primarily, the focus is on the associated cost with each transaction, the rate of authorization, and the chargeback ratio. Delving deeper, payment specialists are counting on analytics for assessment of the risk profile, the relevance and performance of the acquirer, fee for alternative payment solutions etc. It is worth following how data and algorithms are shaping up to contribute both in terms of cost reduction and revenue optimization.
An acquirer is also expected to respond to the regulatory requirements. For instance, the PSD2 Strong Customer Authentication (SCA) migration completion deadline for online payments in Europe continues to be a weighty issue, with concerns about the preparedness and compliance still coming to the fore. Again, acquirers (and other stakeholders have to support EMV 3DS 2.1 and 2.2 by the end of this year) need to enable merchants prepare for the same and contribute in terms of the overall authorization success. Another area that is worth following is how this regulation is going to impact multisided platforms, or marketplace businesses, and some other areas such as licensing.
The traditional merchant-acquirer model has evolved, and today’s payment facilitator model has made the chain a lot more fragmented. For instance, certain entities are an extension of the acquiring bank and provide merchant processing services on the acquirer’s behalf. As for the external factors, it is worth following how acquirers, post the merger activity, are going to respond to the rising competition.
Keen on exploring fraud prevention and payment-related issues?
Check-out Ai’s conferences scheduled for 2020: https://lnkd.in/fE7UK_T
3rd Februrary, 2020
Ai Editorial: Dealing with credit card decline codes is a daunting task. Ai’s Ritesh Gupta explores how a deeper analysis of these codes and collaborative approach can help in payment authorization.
Evaluating ways to improve upon approval rates for online card payments is always high on the agenda of travel merchants.
Independently travel e-commerce players are looking at ways to seamlessly authenticate users across the omnichannel customer journey. The role of cloud-based intelligence, backed by artificialintelligence and machinelearning, is coming to the fore. Assessment of both risk pointers and positive identity indicators is the way to go. This way travel merchants can better comprehend the context of a shopper, their behavior, and their score in terms of digitalidentity trust and risk. Other than ensuring that a legitimate shopper shouldn’t suffer owing to a wrong decline of a card, travel merchants also need to be in control of processing costs as well as focus on fraud prevention. There is no secret sauce for all this in the payment landscape, but crafting an astute authorization strategy is an ongoing effort that demands continuous introspection. Working with other stakeholders holds key here.
When it comes to authorization and acquiring for more than one market or cross-border transactions, a merchant can assess options such as working with a payment services provider, setting up a local legal entity and entering into merchant agreements with local acquiring banks etc.
Coming to grips with soft and hard declines
Technically, credit card rejection happens when a card payment cannot be processed and the transaction is declined by the payment gateway, the processor, or the bank issuing the money. A credit card decline code is a message issued in response to a request for authorization during a transaction.
It is here dealing with the travel shopper in an apt way – via a simple and transparent communication – can help.
According to Chargebacks911, the issue is credit card decline codes are not standardized; they differ from one payment gateway to the next. They also tend to be rather unclear, as this helps in shielding the cardholder’s privacy and avoid giving away sensitive information in the event of a genuine fraud attack. Details pertaining to why a payment tends to get rejected can be provided by an acquirer and this in turn can boost the conversion rate. As Ingenico points out, even though the rejection or response codes offered by acquirers may appear dauntingly technical, it’s extremely useful to understand what they mean.
Adyen recommends that profile of each transaction needs to be considered based on its amount, if it’s recurring, local regulations, issuers' authentication preferences, your relationship to your shopper, and more.
Some declines may be the direct result of the cardholder's actions while others are the result of external factors. The most important distinction is between “hard” and “soft” declines. A hard decline happens when the issuing bank or processor denies the processing of the transaction and retrying the card won’t help at all. Hard declines are not recoverable at the time of the transaction. Whereas soft declines are generally a temporary issue. Retrying the provided payment method information may be successful. One way to deal with such scenario is to automatically route selected failed transactions to a secondary acquirer for a “retry”. This can increase authorization with virtually no impact on the customer experience, asserts Ingenico. Essentially merchants need to constantly explore ways to salvage such situations. A partner should be adept at analysis of past declines, transparent data, ongoing analysis of global transaction types etc. Also, developments like PSD2 are all about more carefully processing and managing data, including payment transactions.
PSD2 SCA 2020 - how to go about it as a travel merchant?
Not just merchants
And it’s not just merchants, but even other stakeholders, including card schemes and issuers, too, are focusing on sorting some common issues that tend to block transactions that simply should not have failed in the first place.
Traditional companies are stepping up their efforts in the wake of increasing competition from alternative form of payments plus new developments that are fueling emergence of fintech digital payment specialists. For instance, it is being acknowledged that as a vital link in the payment chain issuers need to share relevant details regarding why the transaction has been declined. Many tend to supply response codes that are ambiguous and tough to comprehend. And in certain cases such codes cannot be interpreted at all. Effective fraud prevention and detection requires real-time collaboration and data sharing. In fact, with a collaborative approach where data on fraudulent and suspicious transactions is shared (and keeping it anonymous, too, where required), details are out on new fraud attempts no matter where they first appear. But all of this demands a diligent effort. For instance, considering the case of passing SCA or Strong Customer Authentication messages through complex transaction flow in the travel e-commerce sector.
It is imperative for merchants to work collectively internally (fraud and risk management, customer service, operations, technology and product management teams) to optimize authorization and fraud strategies, and work with various external stakeholders as well for the same.
Keen on exploring fraud prevention and payment-related issues?
Check-out Ai’s conferences scheduled for 2020: https://lnkd.in/fE7UK_T
23rd January, 2020
A study, by Sift, has shared that fraudsters are moving freely from one fraud type to another. With data breaches, it is easy for hackers and fraudsters to gain additional information and plan other types of fraud beyond payment fraud.
A unified or a blanket approach to dealing with various types of frauds that exist in the e-commerce sector isn't going to work anymore.
The travel e-commerce sector, being a lucrative proposition for fraudsters, remains a prime target. Fraudsters are always looking at new methods to discover an enterprise's vulnerabilities. So travel merchants not only need to be vigilant of the types of fraud but also be prepared to deal with them discretely.
Fraudsters are becoming better at what they do. They are increasingly going after more than one type of fraud. Plus, fraudsters commit fraud in more than one industry. According to an analysis by Sift, fraudsters are moving freely from one fraud type to another.
As for the types of fraud, the list includes payment-related fraud (unauthorized payment transactions, featuring stolen credit cards, debit cards etc.); new account or fake account (created by a fake identity, a fraudster or bot signing up for an account using another person’s real identity/credentials) and account takeover (a genuine user creates an account, and a fraudster later gains access to it and uses it for fraud). Sift also referred to fake content and fraudsters abuse promotions by redeeming coupons multiple times, or by creating fake accounts to redeem additional promotional offers.
Looking beyond payment-related fraud
The latest analysis, based on the team's study of over 34,000 sites and apps in Sift’s customer base, with "data breaches making users’ credentials readily available on the dark web, it’s easy for bad actors to obtain additional information and attempt other types of fraud beyond payment fraud".
Some of the other key findings:
- Highlighting the way fraudsters continue to move ahead and pose new threats, the study indicated that various verticals are targeted concurrently. And whether those verticals are connected or not, doesn't matter. While digital e-commerce is the industry most plagued with fraud, fraudsters move fluidly from one industry to another, attempting multiple types of fraud. Fraud is not linear, but rather an interconnected web.
- 78% of fraudsters who start in digital e-commerce are also likely to commit fraud in another industry.
- 86% of fraudsters commit fraud in more than one industry.
- In the list of the "fraudiest" industries, the travel sector is at the third spot. The top two sectors are digital e-commerce and physical e-commerce.
With such cross-industry focus of fraudsters, it is must for stakeholders to find out how the culprits find ways to hide or execute malicious tactics. Merchants and fraud prevention specialists acknowledge the significance of the same. For instance, spoofing has become more commonplace. Fraud is more complex than ever, and the only way to battle it out with fraudsters is to comprehend the perpetually evolving fraud landscape.
Keen on exploring fraud prevention and payment-related issues?
Check-out Ai’s conferences scheduled for 2020: https://lnkd.in/fE7UK_T
21st January, 2020
Ai Editorial: Travel merchants are prioritising speed, trust and security when it comes to the payments-related experience. This, along with balancing CX and fraud prevention, and responding to regulatory requirements, are some of the priorities for 2020, writes Ai's Ritesh Gupta
There are several prevailing trends that today make payments a fascinating discipline to follow. Merchants and other stakeholders are keenly following the evolving payment economics, new standards set up to govern the flow of money, what's paving way for cost reduction and revenue optimization, dealing with fraud attacks etc.
For travel e-commerce players, their main priority is to simplify the checkout experience. Cart abandonment remains an issue, and losing out on a conversion is a huge painpoint. In addition, to this there are several other aspects.
The list is as follows:
· Letting travel shoppers being in control: A recent study commissioned by PayPal to evaluate key trends related to mobile shopping habits and merchant readiness indicated that merchants must offer mobile optimized experiences if they are interested in attracting and maintaining younger consumers, such as GenZ and GenY. According to Amadeus, 24% of travelers still abandon their purchase because there are too many steps in the checkout experience.
In a recent blog post, Jeremy Dyball, Head of Commercial, Payments, Amadeus, mentioned that with the rapid pace of payments innovation, "a number of advances from simplified foreign exchange, to a raft of new payment methods and easily accessible instant credit are combining to make a smooth and hassle-free payment experience tantalizingly close". According to him, it's time to embrace the new era of frictionless airline payments.
· Balancing CX and fraud prevention: Security and trust are significant considerations in consumers’ mobile purchasing decisions. Globally, 51% of consumer respondents would be less likely to engage with mobile commerce due to security concerns, according to the same PayPal study.
As LexisNexis Risk Solutions highlights, a frictionless customer journey “doesn’t equate to an absolutely friction-free experience. It’s about having the right type of friction, with the right action, at the right time. You have to figure out where and what that is”. From a shopper’s perspective, friction could be any feature or requirement that hinders their path through the sales funnel. It could be a compulsory registration, wearing form-filling and time-consuming authentication processes. For a seamless and secure experience, airlines need to embrace dynamic friction.
As Sift’s Trust and Safety Architect, Kevin Lee points out; merchants can’t get away with their airport screening approach. Travel e-commerce players have to ensure trusted shoppers or consumers can sidestep added authentication, while potentially risky users undergo that further screening. Since there is so much of data from customers via the app usage, device usage etc. there is a need to use behavioural fiction or behavioural dynamics looking at the signals to identify normal behaviour for an authentic shopper on an app or an online platform. And then being in a position to spot an anomaly where certain behaviour doesn’t seem to be normal. Then only there is a need to introduce certain friction or additional check in the shopping process.
Highlighting e-commerce fraud trends in 2020, Riskified asserts that realistically, merchants can address fraud by leveraging the best fraud management solution: one that evolves to adapt to the latest attack vectors, with technology that can both register and analyze the vast amount of e-commerce data flows.
· Payment flow: Other than counting on data for spotting fraudulent transactions or anomaly in behaviour, travel merchants are assessing the prowess of payment analytics and evaluating key metrics pertaining to the overall payment flow. Primarily, the focus is on the associated cost with each transaction, the rate of authorization, and the chargeback ratio. Delving deeper, payment specialists are counting on analytics for assessment of the risk profile, the relevance and performance of the acquirer, fee for alternative payment solutions etc. It is worth following how data and algorithms are shaping up to contribute both in terms of cost reduction and revenue optimization.
· Regulatory environment: Regulations like PSD2 are paving way for new services and faster payments. PSD2 or the payment services directive in Europe is being associated with a major change in payments and data protection, and it is expected to fundamentally change the value chain. "PSD2 is opening up the (payment) industry, and breaking the monopoly of certain players on accepting payments," Simon Eve, Head of Travel, Trustly, told Ai in an interview last year.
The SCA requirements were originally planned for the 14th of September last year (with new migration completion deadline being 31st December 2020), but still concerns pertaining to PSD2 making online shopping more difficult and the same negatively impacting cart abandonment rates in the initial years of implementation are being highlighted.
· Technology and digital commerce: Emergence of new technology or devices along with Internet connectivity means the need for payments to be processed automatically is already there. Overall, there is a need to keep an eye on options available for completing a transaction. So be it for things of IoT, which essentially refers to any kind of device, appliance or vehicle that can connect to the Internet, or the role of cloud services, merchants need to explore the emerging commerce features in a proactive manner. At the same it is vital to ensure that measures are in place for basic security and authentication.
Keen on exploring fraud prevention and payment-related issues?
Check-out Ai’s conferences scheduled for 2020: https://lnkd.in/fE7UK_T
17th January, 2020
Ai Editorial: Data security and privacy-related initiatives are now a priority, and travel merchants have to embrace proactive and appropriate tools for the entire organization, writes Ai’s Ritesh Gupta
It is imperative for organizations to capitalize on personal data, and at the same time address concerns pertaining to privacy and misuse of such data.
So if on one hand, travel merchants are sharpening their initiatives associated with collecting, sharing, analyzing and processing data, on the other it has to be ensured that data is secure and complies with the latest data privacy regulations. The arena continues to evolve with relatively new regulations, including the General Data Protection Regulation (GDPR), which came into force in May 2018, and the California Consumer Privacy Act (CCPA).
Some crucial topics that are being discussed are how to protect data at the source level, how to avoid heavy data exfiltration, what does constant modernization of data operations entail etc. Also, what are the requirements of privacy laws- opt-in and opt-out options?
Gearing up for data privacy challenges
Certain areas that demand attention are:
- Data governance: As IBM Analytics recommended in a presentation at one of Ai’s conferences in the past, working out a robust data governance tool is must. Profiling each data to answer who, what, where, when and how, and to make this metadata available is fundamental. Basically, for each data, you need to understand what is the data all about, who owns it, where did it originates, where is it kept, when did it get there, and how is it processed. Only via such tool, a merchant can deal with vital components such as the "right to be forgotten" article in GDPR since data subjects have the right to request the deletion of their data and not to be contacted again. A registry that provides directory services to point to where customer data resides in different systems in a company is must, too.
Plus, IBM also recommends an operating model – starting with an assessment across governance, people, process, data and security, then finalizing standards that cover governance, training, communication, privacy, data management and security management. Post this, there is provision for detail data discovery and embed standards, procedures, and tools to enhance existing processes. And there is also necessary training to ensure skills transfer. Finally, all relevant business processes and security control are executed.
- Understanding consent requirements: With various privacy laws that exist today, organizations need to comprehend consent requirements. What does consent entail? That’s the first step. For aspects such as the “right-to-be-forgotten” one, companies need to rationalize the entire process, especially considering that data is distributed in several ways and tends to be hosted in cloud-based and on-premises environments. Being in control of what and where (in terms of deployments) data is stored become critical. A privacy-by-default approach to data storage becomes must.
- Protection teams: Organizations also need staff with expert knowledge of data protection law and practices, risk assessment evaluation (data breaches and cyber attacks) etc.
- Sharpening cybersecurity – Security specialists refer to new offerings that are a blend of advanced network, cloud and data security. Focus is on technologies like firewall protection, cloud security and data loss prevention. Also, the blend of encryption everywhere and cloud-native development paves for operations in a transparent and optimized environment designed to provide security that is data-centric rather than point to point.
This approach is becoming a necessity, considering that fact merchants not only need to counter the threat of a breach via a risk-adaptive defense mechanism, but also for ease of operations for any entity operating in the connected digital landscape. Projecting how the cybersecurity strategy is going to shape up in 2020, Forcepoint indicated that the same will move from “indicators of compromise to indicators of behavior” and will focus on comprehending risks that lie within and the importance of preventing data theft no matter the user, device, transfer medium or cloud application.
Keen on exploring data privacy and protection issues?
Check-out Ai’s conferences scheduled for 2020: https://lnkd.in/fE7UK_T