Account Protection: Balancing Security and Customer Friction

Securing online accounts is a very challenging problem. There has been a significant rise in fraud during the pandemic, leaving companies exposed to grave financial and legal risks. How do you know which sign-ins are bots or bad acting humans? If you clean up identities and drastically reduce the number of accounts that are reported to investors, what will that do to a company's valuation? This presentation will show how the U.S. grocery giant Kroger implemented defense-in-depth best practices using multiple vendor-based and custom built solutions to protect more than 75 million accounts. You will get a peek at how we answered questions like: How do you stop credential stuffing attacks, ATOs, and coupon abuse? Is identity proofing valuable for grocery e-commerce accounts? Do we use a vendor for risk scoring or do we create in-house machine learning models? Where and when should we add targeted friction? How do we guide unsophisticated users to enroll in MFA?