Lately we’ve seen a lot of news stories about the National Security Agency’s program for tracking phone records, Internet searches and Facebook pages. Politicians on both sides of the aisle have decried and supported the practice, constitutionalists are debating over the legalities, and American citizens are either praising Edward Snowden’s courage or want him tried for treason.
No matter which side of the issue you come down on, one thing to remember is not all online tracking is bad – especially when it comes to protecting you and your business.
I’m talking specifically about tracking information on the Internet as it relates to cybercrime, fraud and securing the online ecosystem for consumers.
A couple of years ago legislation started to appear in various states known as “do not track” laws. These policies wanted to leave it up to consumers to determine whether or not they wanted to be tracked. Then the federal government stepped in and saw this as a consumer privacy issue. It was quite a soapbox issue for politicians to beat their chests and talk about the evils of big business invading the privacy and personal information of consumers.
I have no doubt that some companies use personally identifiable information in ways that would make consumers cringe. However, the problem is a double-edged sword. If consumers determine what information, if any, can be reviewed during their online transaction, then criminals can, too.
When making a purchase, or conducting almost any type of business online, hundreds of pieces of data are available for review by retailers and financial institutions alike. These can include the location of the device you are using, billing and shipping information, time and date stamp, account numbers, email address, browser type, and dozens of other settings that identify you specifically. This digital fingerprint gives the retailer or financial institution enough information about you to confidently and securely complete a transaction.
When a criminals use ill-gotten financial information, like a stolen credit card, they will do everything they can to mask who they really are to appear as the actual owners. Let’s look at an example of how this works and what’s at stake.
A fraudster, using a credit card stolen from someone in the U.S., begins shopping at an electronics retailer. He fills up the shopping cart with lots of cool gadgets, puts in the credit card number, security code and billing address. However, instead of having the purchase shipped to the card owner’s home, he puts in another shipping address for delivery. Not unusual to have things shipped to an address other than the billing address, so everything looks fine, right?
Using techniques such as the digital fingerprint, it takes just milliseconds for the retailer to see that the fraudster is not in the U.S., but is sitting in Vietnam hiding behind cyber walls such as rented IP addresses. The browser on his machine is set to Vietnamese as the language, shows a time and date stamp that do not match the locations given in the order page online, and he has made 17 purchases in the last 30 minutes, using the same card. All of a sudden the purchase doesn’t look so good.
Without the digital tracking abilities used by millions of retailers and financial institutions around the world, stopping this type of simple fraud would be nearly impossible.
Reputable retailers and financial institution will disclose in their privacy statements what information they will review and whether or not they will use personally identifiable information for anything other than security of payments and consumer protection.
If you’ve ever completed a transaction online, checked a bank account or purchased a new pair of shoes, you have benefited from tracking technology. Turn it off, and the criminals win.