Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Customers in the Crosshairs

Andy March
September 15, 2019

Customers in the Crosshairs

As users now expect more from the organisations they interact with online managing the identity of your customers is becoming much more complex. Password dumps, multiple devices and poor MFA adoption put pressure on security and development teams. All the time your competition is waiting in the wings to offer an alternative if your offering doesn't meet the customer's expectations.

Join Andy in a session where he discusses the threats to your customers, the impact those threats can have on your organisation and how to build a customer identity which not only protects your customers but provides a better user experience.

What attendees will learn:
- How to model the risks and impacts of a customer account compromise.
- How to drive registration with progressive profiling.
- Choosing multi-factor options which users love.
- Techniques for monitoring emerging account threats.

Andy March

September 15, 2019
Tweet

More Decks by Andy March

Other Decks in Technology

Transcript

  1. 10+ years working in secure systems Hi! Technical Product Manager

    at Okta Software Developer (.NET / Java / JS) @andymarch
  2. Username/password PII Transaction History Linked Payment Information Redeemable tokens Initiate

    transaction Failed login limits IP blacklists Captcha Credentials Mitigations Identity Resources
  3. ? id: 123456789 email: [email protected] id: 123456789 email: [email protected] address:

    123 Fake Street id: 123456789 email: [email protected] address: 123 Fake Street loyaltyid: 098765
  4. Email address Manage Contact Preferences Credentials Mitigations Identity Resources id:

    123456789 email: [email protected] Manage Existing Order Manage Address address: 123 Fake Street Email address/Password password: supersecret
  5. US Adults with an account Facebook: 69% LinkedIn: 28% Twitter:

    23% Reddit: 18% Source: pewresearch.org/internet/fact-sheet/social-media Social media usage by age 18-29: 84% 30-49: 81% 50-64: 73% 65+: 45%
  6. Email address/Password Manage Contact Preferences Credentials Mitigations Identity Resources id:

    123456789 email: [email protected] Manage Existing Order Manage Address address: 123 Fake Street password: supersecret loyaltyid: 098765 Redeem Loyalty Points + MFA
  7. Who is the user? What is the application? Where is

    the user? What is the action? Does it match their normal usage? User supplied context Service inferred context
  8. Email address/Password Manage Contact Preferences Credentials Mitigations Identity Resources id:

    123456789 email: [email protected] Manage Existing Order Manage Address address: 123 Fake Street password: supersecret New device New location Contact support
  9. Email address/password Manage Contact Preferences Credentials Mitigations Identity Resources id:

    123456789 email: [email protected] Manage Existing Order Manage Address address: 123 Fake Street password: supersecret New device New location Contact support MFA Passed
  10. React to change Know your users, know your risk Collect

    only what you need when you need it Strongly authenticate your users, but only when it is required Summary