Light Dark
June 27, 2018 By Angelika Steinacker 3 min read
Fraud Protection
Identity & Access

Consumers today are becoming increasingly concerned about data security and privacy as a result of the countless breaches that have made news headlines over the past few years. The need for establishing digital trust is on the rise.

In response to this growing demand for digital trust, many companies have made efforts to improve the user experience while also enhancing security, data privacy and fraud detection, especially in light of the General Data Protection Regulation (GDPR).

These initiatives stem from the business need to meet consumers’ expectations — but what about the consumers themselves? How can they decide whether a company is deserving of their digital trust?

Digital Trust Hinges on Transparency

Transparency is a critical factor that consumers consider when establishing digital trust with a company. This usually translates to honesty and openness about business operations in general, especially when it comes to security and privacy. Companies must keep consumers informed on a regular basis — not just in the aftermath of a data breach.

How can organizations create this transparency when not everyone is a security or data privacy specialist? The GDPR accounts for transparency in Article 22, which details the “right of explanation.” But as The New York Times noted in November 2017, this only applies to data handled by machine algorithms.

Moreover, the GDPR does not offer guidance for communicating these rights in terms consumers can easily understand. As a result, the above definition of transparency needs to be revised for clarity and comprehensibility.

Why Establishing Digital Trust Is Critical

In Germany, consumer organization Stiftung Warentest tests goods, such as washing machines and telephone contracts, and offers dashboards with scores based on a defined set of criteria. In December 2017, the company tested wearable devices and downgraded all but one of the products it examined due to lack of transparency regarding how the vendors handle customers’ personal data.

In his book, “Data for the People,” big data expert Andreas Weigend stressed that consumers possess the right to both access their data and inspect data refineries. The latter includes the right to see a data safety audit; privacy efficiency rating; and return-on-data score.

A dashboard with a rating scheme could make it easier for consumers to understand and compare companies based on the security and privacy they provide. Of course, such a dashboard should include the criteria outlined by the GDPR and any other data privacy regulations to which the company is subject. It should also consider the company’s contract and cooperation with consumers, as well as its past record of dealing with security incidents.

Below are some additional points for consumers to consider when establishing digital trust with a company, according to Weigend:

  • Cyber resilience: International Standards Organization (ISO) 27000 is a good starting point, but the results must be translated into a comparable score that consumers can easily understand.
  • Privacy efficiency: How can consumers measure whether their personal data is being used unnecessarily? A paper authored by researchers from Microsoft and the University of Pennsylvania described the promise of “differential privacy,” which is designed to ensure that consumers “will not be affected, adversely or otherwise, by allowing your data to be used in any study or analysis.”
  • Return on data: This refers to the value the consumer receives in exchange for his or her personal data.

Infusing Data Privacy Into the Digital Experience

The implementation of and adherence to the framework described above must be a joint effort between business, security and privacy representatives. Each criterion represents another step toward creating the transparent digital experience customers have come to demand.

By making it as easy as possible for consumers to establish digital trust, organizations in all sectors across the globe can put themselves in a better position to stay on the right side of data privacy regulations and maintain successful and secure relationships with customers for years to come.

Download the white paper: Accelerating Growth and Digital Adoption With Seamless Identity Trust

 |  |  |  |  |  | 
Angelika Steinacker
CTO for Identity & Access Management, IBM Security Europe

More from Fraud Protection
October 30, 2023

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

August 23, 2023

Remote access detection in 2023: Unmasking invisible fraud

3 min read - In the ever-evolving fraud landscape, fraudsters have shifted their tactics from using third-party devices to on-device fraud. Now, users face the rising threat of fraud involving remote access tools (RATs), while banks and fraud detection vendors struggle with new challenges in detecting this invisible threat. Let’s examine the modus operandi of fraudsters, prevalence rates across different regions, classic detection methods and Trusteer’s innovative approach to RAT detection through behavioral analysis. A rising threat As Fraud detection methods become more and…

August 17, 2023

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature