Personalization at scale seems like an oxymoron — like having a party with millions of your friends. But at its best, e-commerce personalization anonymously drives conversions.
How can retailers balance customer personalization with privacy? We asked payments and security professionals that question.
Personalizing e-commerce shopping drives sales. Maintaining privacy is a challenge.
A balancing act
Robin Anderson, vice president of open banking company Tribe Payments, has seen e-commerce personalization evolve from simple tracking and recommendation systems to sophisticated, artificial intelligence-driven experiences, and she believes all commerce channels, from online to in-person, will become more personalized.
“Hyper-personalization is a trend in payments, but the flip side of that is privacy,” he says. “It’s not just about the data you collect and leverage to drive engagement, but also the mechanisms by which consumers can recall that data later. It’s a real balancing act, and I don’t think anyone has solved it yet, but you’re certainly seeing a lot of rapid innovation happening.”
compliance
Sandra Tobler, co-founder and chief customer officer at authentication platform Futurae, said complying with privacy regulations, which vary by region, is crucial for e-commerce merchants.
“Privacy guidelines such as Europe’s GDPR and PSD2 have a significant impact on e-commerce merchants, requiring them to handle customer data more carefully and transparently,” she said. “Complying with these regulations is essential to avoid costly fines and build customer trust.”
Tobler recommends using advanced authentication to verify legitimate customers. Multi-factor authentication, biometrics, and behavioral analytics can help protect customers’ accounts, build trust, and reduce churn. Advanced solutions use data collected during authentication to tailor security measures for each user. A key aspect of this approach is continuous authentication, which evaluates user behavior and context throughout the shopping journey.
“When a user is shopping from a familiar location and device, the system allows them to continue with minimal friction. However, if the system detects an unusual location or device, it may prompt for additional authentication steps to ensure security. Recognizing returning customers and allowing them to move forward with their shopping journey without repeated prompts creates a smoother experience, improving customer satisfaction and loyalty.”
It is also important to separate non-sensitive data, such as behavioral patterns, geolocation, and devices, from sensitive data, such as credit card numbers and other personally identifiable information.
“Isolating sensitive data helps minimize the amount of personal information processed during authentication and helps comply with privacy regulations,” she said. “End-to-end encryption of sensitive data, such as credit card numbers and personally identifiable information, protects the original data even if it is intercepted.”
Sensitive Data
Jason Howard, CEO of identity authentication provider Caf, agreed that collecting only the information needed for a particular transaction is fundamental to regulatory compliance.
“Many jurisdictions around the world have enacted consumer data privacy laws, and violating these regulatory laws can be costly. That’s why we recommend collecting information from users incrementally and only when necessary. Such an approach will result in a better customer experience, less abandonment, and faster time to revenue.”
Howard further noted that decentralized identity solutions enable secure and transparent transactions without relying on intermediaries or data storage. These solutions simplify the authentication process, eliminating the need for customers to repeatedly verify themselves when accessing different platforms.
“Strong biometric authentication gives merchants confidence that users are who they say they are. Biometrics helps protect users from identity theft, impersonation and account takeover attacks.”
Howard added that embedded commerce (selling products through external channels) is creating new revenue channels and opportunities for attackers. Fraudsters exploit the refund process within embedded payment systems in a variety of ways, including requesting refunds for products or services that were never purchased or falsely claiming that goods received were defective.
E-commerce companies need technology to detect such behavior. Behavioral analytics can identify suspicious patterns and fraudulent activity. AI models can discover patterns in large data sets that were previously undetected. AI can also detect manipulated images or documents.
Check-out
Peter Karpas, CEO of customized checkout provider Bold Commerce, points out that personalization has so far not come to fruition in the checkout experience.
“Personalization in e-commerce is about the experience, rather than who the specific customer is,” he says. “For example, a shopper who lives 20 miles from a store should be offered a checkout with pickup and delivery options, but a shopper who lives further away should only see delivery.”
Rather than creating millions of unique customer experiences, Karpas suggested brands customize shopper behaviors and segments — for example, a checkout could have two or three versions depending on the segment.
“Retailers are realizing that checkout personalization isn’t the same as everything else,” he said. “They’re realizing that it has a disproportionate impact on conversions, average order value and customer lifetime value.”
