The New PII Paradigm: dynamic Personally Identifiable Information (PII) elements

As the world has become increasingly technology and mobile phone-driven, new dynamic PII elements have emerged, such as IP addresses, device IDs, behavior patterns, usage trends, and biometrics. These PII types are fluid (or change frequently), making them less susceptible to compromise than their static PII counterparts. And by examining the relationships between these data elements, they become even more powerful as a tool in digital identity verification.

The new dynamic PII elements fit together like puzzle pieces to create a composite picture of an individual. Device IDs, for instance, can show whether an individual has used a browser to conduct a transaction or log into their bank account. At the same time, behavioral data can provide a historical look back at an individual’s purchases to provide red flags or signal anomalies such as a consumer transacting across dozens of merchants in a day or two.

With dynamic PII, organizations can rely less on static PII as a definitive indicator of a customer’s identity and instead focus on PII patterns to determine risk. Some patterns might include how often a phone number or shipping address is used or the number of times an email address is paired with a specific IP address. By focusing on data patterns instead of precise identification, organizations can more easily spot cases of fraudulent activity while, at the same time, avoid interfering with valid users and causing unnecessary friction in the transaction process.

The Importance of Securing Customer PII

Regardless of the type of PII organizations use, Data Safeguard believes it is crucial that steps are taken to protect such PII data. Customer information is both an asset and a liability. The loss or misuse of customer PII data can result in legal ramifications and cause irreparable damage to customer trust. The protection and handling of customer data should be a critical keystone at the base of every business.?

Some best practices include the following:

·Understand the data sources. To determine how they should protect PII, organizations should first consider where the data is coming from or the data lineage. For instance, a customer’s billing information is much more sensitive than web traffic data and, therefore, will require much more stringent data protection methods.

·Ensure all data serves a clear and distinct purpose. Some data will fulfill short-term purposes (such as technical logs used for debugging purposes), whereas other data will fulfill longer-term purposes (e.g., billing records until the next tax season). Understanding the purpose of the collected PII will help guide decisions about how it should be stored and protected.

·Devalue data no longer in use. It can be tempting for organizations to retain records indefinitely, but data does not stay relevant forever; it will grow stale and diminish in value over time.?

In a world where technology is rapidly advancing, organizations need to consider how they will keep up with the innovative tactics of today’s fraudsters. It is not enough to just create barriers for users that appear remotely fraudulent. Such broad-brush approaches risk alienating modern consumers who demand secure yet seamless experiences. By understanding how PII has evolved, leveraging dynamic elements to evaluate transactions, and prioritizing the protection of PII, businesses can be one step closer to better assessing and mitigating risk and providing enhanced experiences for their customers.