Stuart Dobbie, SVP of Innovation, Callsign
The rapid evolution of technology is arguably one of mankind’s greatest feats. But as today’s consumers demand more privacy, businesses must find ways to adapt safely.
For many years, marketers and data specialists enjoyed the benefits of third-party cookies in facilitating personalised experiences to their customers. However, the age of third-party cookies is set to come to an end as tech giants such as Google have announced their phase out. Although Google has now delayed this until 2024, change is very much on its way.
This announcement follows similar moves already made by Firefox and Safari. It’s clear that users are demanding greater privacy including more control over how their data is used. This is a change that businesses need to plan for now, to ensure they do not risk losing out on customer growth.
But as tech giants have reacted by preventing third-party tracking on the internet, customer online security also stands to suffer potential ramifications. This piece will discuss how the eradication of cookies can become harmful to consumers if the security implications are ignored by businesses, and how new technologies may provide the answer.
While the cookie crumbles…
For some time, third-party cookies have been the most significant way for sales and marketing teams to understand who users on their websites are, their interests, location, demographic, and what experiences they need. But this is all set to change considering Google Chrome accounts for more than half (65.3%) of all global web traffic.
In today’s digital-first society, this shift is understandably concerning for businesses who depend on third-party cookies to convert target customers and provide them with exceptional online experiences. Unfortunately, 41% of marketers believe their biggest challenge, once third-party cookies are a thing of the past, will be their inability to track the right data.
Yet the focus can’t only be on the loss of data because the death of third-party cookies won’t just impact businesses – it will also jeopardise the security of consumers by leaving them more susceptible to fraud. It’s therefore also important to consider what can be done to keep consumers safe from cyberattacks and digital identity theft.
The privacy versus security dilemma
While many may see the end of third-party cookies as good for consumer privacy (which it is because they track users online and allow them to be more easily targeted), there are security pitfalls that will need to be navigated to protect existing security solutions.
All browser storage mechanisms – and this goes beyond just cookies to include caches and local storage areas – are now completely segregated for every website. Alongside this, Apple has introduced an auto-deletion functionality to anything stored in your browser by a website automatically if you didn’t return to that website within seven days, in a continued attempt to increase privacy for consumers.
Moreover, Chromium (Google Chrome, Microsoft Edge, Opera) is about to introduce more privacy controls to “freeze” user-agent strings – which include browser names, versions, and operating system names – in October this year. Again, this is to provide privacy to users and stop the identification of their device.
However, the privacy settings installed by these companies don’t inform users of any of the security implications resulting from their decision. This points to a growing need for a strategy that considers security alongside privacy. For example, cookie alternatives with privacy by design, which involves asking users if they wish to allow a specific website to remember their device in the future.
If the security implications aren’t considered carefully, the user could be inadvertently disengaging the very mechanisms designed to protect them and their identity when they change their privacy settings – or when a company changes their settings for them.
Time for a new method to authenticating identity
The loss of third-party cookies causes challenges across all sectors, and this includes the advertising space with revenue and targeted marketing becoming a new challenge to overcome. The alternatives being offered to marketing have equally not been well considered. Google’s failure to find a working alternative to third party cookies is evident with the delays to phasing them out.
Alternative solutions attempt to group people together based on their interests; for example, whether they have searched for ‘bikes’ or ‘musical instruments’. Companies claim that this removes the individual tracking aspect. However, they have come under the same criticism as third-party cookies, because at scale they allow for correlation, identification and tracking of users via their interests.
It is evident that killing the cookie without killing the market is an ongoing revenue concern. With the changes already made by Firefox and Safari and the impending ones by Google, it’s a wakeup call for businesses to consider alternative methods other than cookies for their authentication journeys.
One way this can be done is by using behavioural biometrics. This method of online security can identify a user through a simple swipe, mouse movement or device angle – with great accuracy – by considering millions of contextual data points to verify if the user is genuine. Layering this intelligence with multiple data sources such as threat detection, location analysis device fingerprinting means there isn’t a single point of failure in the authentication process.
In addition to this, while behavioural biometrics looks for characteristics of genuine users, it can also recognise typical fraudster behaviours encountered previously – for example, simultaneous login attempts on multiple devices.
Behavioural biometrics also works from a privacy angle as it doesn’t use personally identifiable information (PII) to identify a user. Unlike cookies, this type of technology can understand who someone is without infringing on their privacy.
There’s a clear opportunity to implement new technologies across businesses and organisations shouldn’t be complacent when it comes to the end of third-party cookies. Instead, they should look at innovative ways to eliminate the need to prioritise privacy over security when there are existing methods that allow them to offer consumers both.
