Light Dark
June 27, 2018 By Angelika Steinacker 3 min read
Fraud Protection
Identity & Access

Consumers today are becoming increasingly concerned about data security and privacy as a result of the countless breaches that have made news headlines over the past few years. The need for establishing digital trust is on the rise.

In response to this growing demand for digital trust, many companies have made efforts to improve the user experience while also enhancing security, data privacy and fraud detection, especially in light of the General Data Protection Regulation (GDPR).

These initiatives stem from the business need to meet consumers’ expectations — but what about the consumers themselves? How can they decide whether a company is deserving of their digital trust?

Digital Trust Hinges on Transparency

Transparency is a critical factor that consumers consider when establishing digital trust with a company. This usually translates to honesty and openness about business operations in general, especially when it comes to security and privacy. Companies must keep consumers informed on a regular basis — not just in the aftermath of a data breach.

How can organizations create this transparency when not everyone is a security or data privacy specialist? The GDPR accounts for transparency in Article 22, which details the “right of explanation.” But as The New York Times noted in November 2017, this only applies to data handled by machine algorithms.

Moreover, the GDPR does not offer guidance for communicating these rights in terms consumers can easily understand. As a result, the above definition of transparency needs to be revised for clarity and comprehensibility.

Why Establishing Digital Trust Is Critical

In Germany, consumer organization Stiftung Warentest tests goods, such as washing machines and telephone contracts, and offers dashboards with scores based on a defined set of criteria. In December 2017, the company tested wearable devices and downgraded all but one of the products it examined due to lack of transparency regarding how the vendors handle customers’ personal data.

In his book, “Data for the People,” big data expert Andreas Weigend stressed that consumers possess the right to both access their data and inspect data refineries. The latter includes the right to see a data safety audit; privacy efficiency rating; and return-on-data score.

A dashboard with a rating scheme could make it easier for consumers to understand and compare companies based on the security and privacy they provide. Of course, such a dashboard should include the criteria outlined by the GDPR and any other data privacy regulations to which the company is subject. It should also consider the company’s contract and cooperation with consumers, as well as its past record of dealing with security incidents.

Below are some additional points for consumers to consider when establishing digital trust with a company, according to Weigend:

  • Cyber resilience: International Standards Organization (ISO) 27000 is a good starting point, but the results must be translated into a comparable score that consumers can easily understand.
  • Privacy efficiency: How can consumers measure whether their personal data is being used unnecessarily? A paper authored by researchers from Microsoft and the University of Pennsylvania described the promise of “differential privacy,” which is designed to ensure that consumers “will not be affected, adversely or otherwise, by allowing your data to be used in any study or analysis.”
  • Return on data: This refers to the value the consumer receives in exchange for his or her personal data.

Infusing Data Privacy Into the Digital Experience

The implementation of and adherence to the framework described above must be a joint effort between business, security and privacy representatives. Each criterion represents another step toward creating the transparent digital experience customers have come to demand.

By making it as easy as possible for consumers to establish digital trust, organizations in all sectors across the globe can put themselves in a better position to stay on the right side of data privacy regulations and maintain successful and secure relationships with customers for years to come.

Download the white paper: Accelerating Growth and Digital Adoption With Seamless Identity Trust

 |  |  |  |  |  | 
Angelika Steinacker
CTO for Identity & Access Management, IBM Security Europe

More from Fraud Protection
March 13, 2024

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

March 7, 2024

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

March 5, 2024

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature