Kroger elevates fraud measures after online account creation explodes 

Covid-19 forced cautious shoppers to buy groceries online for the first time — and now there’s no turning back for most consumers and retailers. After experiencing its own surge in online account creations since the pandemic took hold, supermarket giant Kroger knew it needed to seriously improve its e-commerce fraud protections. 

Realizing that its developers were short on experience in the identity space, Kroger’s software engineering team opted to implement Microsoft Azure Active Directory B2C as a third-party software-as-a-service customer IAM solution. This decision freed up the company’s developers to concentrate on what they do best: innovating with features that drive revenue, explained Senior Software Engineering Manager Karthik Kotha, during a breakout session and a one-on-one interview with SC Media at the 2023 Identiverse conference in Las Vegas. 

Building on one’s own identity architecture “requires a lot of identity talent and expertise, Kotha told SC Media. “We could invest in that area or we could invest in something else. it was just a value call at the end of the day.” 

Since overhauling its CIAM architecture, the grocer has cut down on risk associated with new account fraud and takeover fraud, explained Kotha. Key additions have included email verification, MFA, behavioral biometrics and risk scoring, and conditional access policies. 

Kroger’s CIAM project appears to have moved along nicely without any significant stalling. But the same couldn’t be said for the hotel elevator Kotha rode in the wee hours of the morning prior to his Identiverse presentation. “This is when you just hope that that [emergency] call button actually works,” he noted. See the full interview, embedded within this article, to find out what happened when Kotha got stuck, and how this predicament is actually a good lesson for cybersecurity professionals in how to prepare for errors or breakdowns that can negatively impact the customer user experience. 

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.