This week, two of us spent a couple of days in Washington, D.C. attending the Gartner Security Summit. I have been working with the Gartner analysts in their Identity Access Management (IAM) team for three years now, so it’s always nice to catch up with some old friends, like Avivah Litan, and trade notes with the industry thought leaders.
Fraud is not slowing
Big news this year! Fraud, and especially online fraud, is going up and to the right. This fact shouldn’t surprise anyone given the fast and continued growth of online commerce, payments, and lending. We can all rest assured that the many types of online transactions and the fraud that follows them will be growing rapidly for a decade and more.
Gartner layering methodology continues to be relevant
The Gartner fraud analysts, led by Tricia Phillips and Jonathan Care, continue to recommend a layered approach* to identity verification and fraud detection. There simply is no “silver bullet” solution out there that does it all.
Layer 1: Endpoint detection
Layer 2: Behavioral analytics
Layer 3: User centric data
Layer 4: Link analysis
The Whitepages Identity Graph includes name, email, phone, address, and business data as nodes that fit tightly into Layer 3 of the framework. The graph structure enables us to create linkages between those data elements and allows our customers and machine learning partners to perform their own link analysis that’s strongly championed in Layer 4. Bottom line – we are believers in their framework, less because our products align to it so tightly, but more so due to the success we see from customers in the marketplace using it.
Machine learning needs to apply to a solution
The industry has been leaning heavily on the “machine learning” buzzword for a couple of years now. But the Gartner leadership was talking about the fact that machine learning in itself is just an analytical framework. In order to be useful to customers in fraud and risk, the machine learning framework needs to be applied in a specific way that provides a solution to customers. We have many customers and partners applying machine learning to fraud. In our experience, the companies with the most discipline applying it to a specific solution find the most success in the market.
More focus on the customer experience
Relative to past years, I heard far more discussion about the tradeoff of tightening down on fraud too hard, which inevitably means a poor customer experience for many good customers. Many of the industry’s metrics rely on fraud detection, but increasingly attention is shifting towards trying to measure good customer insult rates. They talked about stepping up authentication only when the business case demands it (larger or riskier transactions), and authenticating with items ranging from behavior and voice recognition to metadata, while avoiding more passwords.
My third year at the Gartner Security Conference is in the books, and I would count it successful. More next year.
*Gartner, Absolute Identity Proofing is Dead; Use Dynamic Identity Assessment Instead, A. Litan, 15 Nov 2015
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.