Customer Retention

Is Personalized Shopping Private?

Personalization at scale seems contradictory, like having a party with several million friends. Yet at its best, ecommerce personalization drives conversions anonymously.

How can merchants balance customer personalization and privacy? I asked that question to payment and security pros.

Female holding a credit card in front of a laptop.

Personalizing ecommerce shopping drives sales. Maintaining privacy is the challenge.

Balancing Act

Robin Anderson, vice president of acquiring products at Tribe Payments, an open banking facilitator, has seen ecommerce personalization evolve from simple tracking and recommendation systems to sophisticated, artificial-intelligence-driven experiences. He believes all commerce channels, from online to in-person, will become more personalized.

“Hyper-personalization is on trend in payments and the flipside, which is privacy,” he said. “It’s not only about the data you capture and leverage to drive engagement; it’s also about the mechanisms to allow consumers to call back that data later. It’s a real balancing act, and I don’t think anyone has quite cracked it yet, but certainly there has been a lot of rapid innovation.”

Compliance

Keeping up with privacy regulations, which vary by region, is critical for ecommerce merchants, stated Sandra Tobler, co-founder and chief customer officer of Futurae, an authentication platform.

“Privacy guidelines such as Europe’s GDPR and PSD2 have a profound impact on ecommerce merchants, requiring them to handle customer data with greater care and transparency,” she said. “Compliance with these regulations is crucial to avoid hefty fines and to build customer trust.”

Tobler recommended using advanced authentication to verify legitimate customers. Multifactor authentication, biometrics, and behavioral analytics can help protect customers’ accounts, build trust, and decrease churn rates. Advanced solutions use data collected during authentication to tailor security measures for each user. A key aspect of this approach, continuous authentication, assesses a user’s behavior and context throughout the shopping journey.

“If users are shopping from a familiar location and device, the system can allow them to proceed with minimal friction. However, if the system detects an unusual location or device, it might prompt for an additional authentication step to ensure security. Recognizing returning customers and allowing them to move through the shopping journey without repeated prompts contributes to a smoother experience, increasing customer satisfaction and loyalty.”

It is also important to separate nonsensitive data, such as behavior patterns, geolocation, and devices, from sensitive, such as credit card numbers and other personally identifiable information.

“Decoupling sensitive data aligns with privacy regulations by minimizing the amount of personal information processed during authentication,” she said. “The end-to-end encryption of sensitive data, such as credit card numbers and personal identification information, protects the original, even if intercepted.”

Sensitive Data

Jason Howard, CEO at Caf, an identity authentication provider, agreed that collecting only required information for specific transactions is foundational to regulatory compliance.

“Many jurisdictions around the globe have created consumer data privacy laws, and running afoul of these regulatory statutes can be costly. That’s why we recommend incrementally collecting information from users only as needed. Such an approach creates a better customer experience, thus leading to less abandonment and quicker time to revenue.”

Howard additionally noted that decentralized identity solutions enable secure and transparent transactions without relying on intermediaries or data storage. These solutions also simplify the authentication process and eliminate the need for repeated verifications when customers access different platforms.

“With robust biometrics, merchants can be assured that users are who they claim. Biometrics help protect against stolen identities, impersonation, and account takeover attacks.”

Embedded commerce — selling products on external channels — has created new revenue channels and opportunities for attackers, Howard added. Fraudsters exploit the refund process within embedded payment systems in various ways, such as requesting refunds for products or services they never purchased or falsely claiming that the goods they received were defective.

Ecommerce companies need technology to detect that behavior. Behavioral analytics can identify suspicious patterns and fraud. AI models can uncover patterns in large datasets that may previously have gone undetected. AI can also detect manipulated images or documents.

Checkouts

Peter Karpas, CEO of Bold Commerce, a customized checkout provider, observed that personalization has thus far stopped short of the checkout experience.

“Personalization in ecommerce is less about who one specific customer is and more about the experience,” he said. “For example, a shopper that lives 20 miles from a store should be offered a checkout with options for pickup and delivery, whereas a shopper farther away should just see shipping.”

Rather than creating millions of unique customer experiences, Karpas suggested that brands tailor shopper journeys and segments. Checkout, for example, could be two or three versions, depending on the segment.

“Retailers realize personalizing checkout isn’t the same as everything else,” he said. “They’re finding it disproportionately impacts conversions, average order value, and customer lifetime value.”

Dale Laszig
Dale Laszig
Bio


x