ID.me Blog

Here’s Why Your Boss Is Underinvesting in Online Identity Fraud Prevention

You've been subscribed!

When you think of protecting your online identity from theft, how do you frame it?

Do you think of keeping your identity and personal information in a wallet, safely tucked away in your back pocket? Do you envision stashing your ID cards in a locked safety deposit box? Or do you envision a vault protected by a thick door and walls?

All three of these visualizations are mental models, and they’re misleading the way you and your organization think about identity fraud prevention. 

Humans use mental models to visualize abstract concepts and problems in a way we can better understand. Mental models help us look at problems from a new point of view and efficiently come up with solutions. However, fitting some problems into a mental model–like comparing identity fraud prevention to a vault with strong walls and locks–can blind us to the true nature of the threat. 

According to the Harvard Business Review, mental models cloud how decision makers view cybersecurity: 

Some decision makers use the wrong mental models to help them determine how much investment is necessary and where to invest. For example, they may think about cyber defense as a fortification process — if you build strong firewalls, with well-manned turrets, you’ll be able to see the attacker from a mile away. Or they may assume that complying with a security framework like NIST or FISMA is sufficient security —just check all the boxes and you can keep pesky attackers at bay. They may also fail to consider the counterfactual thinking — We didn’t have a breach this year, so we don’t need to ramp up investment — when in reality they probably either got lucky this year or are unaware that a bad actor is lurking in their system, waiting to strike.

The problem, HBR writes, is that mental models convince decision makers that cybersecurity is “a finite problem they can solve” instead of an “ongoing process.” Allocating more resources towards cybersecurity becomes a tough sell when your boss believes the problem is already solved. 

Online identity fraud prevention is one facet of cybersecurity many organizations may believe is already “solved.” How can you reframe identity fraud prevention so your organization will make it a bigger priority? 

– Use an emotional narrative. Instead of relying just on cold metrics, weave an emotional narrative that describes the impact of online identity fraud into your pitch. Make sure your boss understands the steep personal cost that comes with identity theft and why it hurts your organization. 

– Flip the mental model. Every firewall has cracks. HBR writes that you should show your boss how many vulnerabilities your fraud prevention team or service have found and fixed. This is proof that your system is working.   

– Break your own system. Getting hacked is a huge wake-up call. Hack your own system to find weaknesses and then present them to your boss. They will probably be glad you found those weaknesses first before a real hacker did. 

Protect Your Organization from Online Identity Fraud

Online identity fraud costs businesses billions of dollar a year. Learn how businesses can prevent online identity fraud.

Download