Hackers, Thieves, and High-value Agreements
Disturbing security lapses at Twitter made headlines recently—including news of alleged vulnerabilities that may have opened the door to foreign spying or manipulation, as well as active hacking and disinformation campaigns.
The accusations of whistleblower Peiter “Mudge” Zatko only emphasize the severity of threats that overlook today’s business landscape.
Not that any emphasis is necessary. Twitter is far from alone in facing such threats. Bad actors are ever more sophisticated and well-resourced, which means that businesses everywhere are confronted with security threats on all fronts, from identity fraud to hackers breaching firewalls to nation-state espionage.
According to a recent report published by Aragon Research, titled The Shift to People-Centric Transaction Management, threat levels have never been higher:
[Threats have] increased in frequency and severity, and hackers now work together in organized networks, often utilizing the Dark Web to collaborate … The risk is too great for enterprises to sit back and do nothing.
Welcome to the new, normal environment of digital transaction management (DTM). This is the reality that businesses find themselves in as they race to bring the highest-value customer agreements and transactions online, including account openings and onboardings, loans, and financing contracts.
Businesses run on these agreements. Without secure—and therefore enforceable—agreements, our economy is vulnerable. Couple this potential for vulnerability with increasing customer expectations for secure and frictionless service, and you’d be forgiven for wondering where to begin plugging the gaps.
Pandora’s box is open for business. How does that affect your approach to digital transaction management?
If it were just a matter of containing the bad guys, things would be relatively straightforward, although history shows that even well-resourced organizations don’t always get it right. See Target and their 2013 data breach affecting over 41 million customers. See Google, where user data was stolen from over 1,000 apps on Google Play. And then there’s Twitter.
But now that high-value transactions and agreements are occupying digital space, with their associated legal commitments, they’re subject to a myriad of regulatory rules that increase the complexity of doing business across state and national borders. Cross-border identity verification and data privacy and sovereignty regulations vary from one jurisdiction to the next, complicating compliance efforts even further. And all this is taking place in the context of fragmented on-premise and third-party cloud systems ...
The fact is, enterprises are now operating in a fractured landscape of regulations, processes, and systems. This is precisely the kind of landscape that’s a playground for threats—threats that are both well-practiced and well-resourced.
The good news is that there’s a solution, and in a manner of speaking, it starts and ends with your clients.
End-to-end digital transaction management focuses on the customer
Enterprises have rushed to digitize a lot of high-value processes over the last three years. Now, due to escalating threats, it’s time to re-evaluate the security around their digital agreements, from start to finish.
When you strengthen security at the start of the digital process, you’re building in assurance that you are contracting with verified, legitimate identities, as opposed to a roster of digital agreements and transactions with synthetic or stolen identities. When you strengthen security at the end of the process, you ensure the integrity of the output of the digital transaction, be it a PDF contract or other artifact.
Now, it would be a mistake to believe that customers are happy to disregard what’s behind the security curtain of this end-to-end process. Quite to the contrary. How many business relationships are abandoned because something feels “off” to the customer, whether that’s because they’re receiving a welcome email from an unknown sender domain, or because they don’t recognize a third-party logo in the digital workflow?
Certainly, while customers want and expect anywhere, anytime access, expectations are also being set higher for easy, secure service. Indeed, besides preventing all the bad stuff, great security also makes for a great customer experience. The challenge is infusing secure identification, authentication, and interactions into the digital workflow in a way that doesn’t hamper this experience.
That’s why enterprises need to pivot to a customer-centric approach to DTM, with the goal of improving focus on a secure experience across all digital interactions and transactions. Aragon Research’s Jim Lundy refers to this notion as “people-centric transaction management”:
… A people-centric DTM platform will give enterprises peace of mind when it comes to making sure their data and their customers’ data remain secure, all the while enabling a seamless transaction experience … Not only do enterprises need to be able to trust that the people they are transacting with are who they say they are—their customers also need to be able to trust that a company is who they say they are.
A bi-directional approach to digital transaction management and security
Enterprises must find a way to keep the customer journey simple and make it secure. In the context of best practices around people-centric DTM, Aragon Research recommends a focus on authentication at all stages of the transaction process where it is necessary: “Instead of identity authentication being an afterthought, it is built-in and bi-directional.”
Bi-directionality is a new concept in the world of digital transactions. It means that, as much as a business needs to know who they are dealing with, in today’s threat environment customers also need to know that they are dealing with a legitimate business and not a criminal organization that has spoofed a known brand’s website.
This added layer of protection helps enterprises stay ahead of identity fraud, and that’s part of what we mean by end-to-end security: continuous and ongoing validation that the people involved in a digital agreement or transaction are in fact the legitimate customer, especially in a world where digital attacks, fraud attacks, and cybercrime have become commonplace. Doing that well hinges on hyper-focused attention to identity assurance and authentication from start to finish.
The other part of this end-to-end process is securing high-value digital agreements so that they are enforceable, and so customer trust in your brand is maintained, from initial identification all the way through to tamper-proofed digital transaction artifacts in secure digital storage.
Ultimately, it simply comes down to providing your clients with exactly what they’re asking for, which is an improved digital customer experience.
Bottom line: digital transaction management for today’s operating environment
OneSpan is a security company that offers e-signature workflows for high-value digital agreements and the financial transactions that follow once onboarding and other agreements are in place. That's why we see the upside in the new normal, and that includes the internet’s enormous potential as a world of trusted digital interactions and agreements.
Authentication is the key: validating that a person or business entity is who they say they are – not just at the onset of a digital process, but all throughout the transaction. To do this, enterprises need to set winning conditions for the best security, from end to end, so their clients’ transactions are not left vulnerable to hacking.
Download the Aragon Research report The Shift to People-Centric Transaction Management, for more security insights and recommendations when you’re looking for a digital agreements and e-signature provider.