New technologies keep emerging in the fight against fraud — biometrics, for instance — but they are not the only part of pushing back against criminals and preventing them from stealing data and money. The process tied to fraud prevention matters significantly, too.
And that includes combining ID verification and authentication.
That was made clear by Reinhard Hochrieser, director of product management at Jumio, during a recent interview with PYMNTS. He offered a report on the state of digital identity in early 2019. The discussion was bolstered by the recent release of the latest PYMNTS Digital Identity Tracker, which found — among other data points — that 63 percent of consumers have become more concerned with data security and privacy over the last two years.
“Businesses and end users care way more about” security than was the case just a few years ago, Hochrieser told PYMNTS. And the realization is growing, he added, that “what’s been done in the past is not adequate” when it comes to secure onboarding and authentication.
That includes the importance of combining verification and authentication.
Just as the practice of fraud has become what you might reasonably call more holistic — sophisticated global organizations creating what amounts to their own fraud ecosystems — so, too, has much the defense. Instead of treating fraud prevention as a series of discrete tasks conducted by discrete business units, it’s much better — and more seamless — to make the widest use of consumer data and the organization’s fraud expertise, and view the defense effort as a larger whole, a long-term, general process.
That holistic approach also applies to vendors involved in fraud prevention.
“Use a method that combines verification and authentication,” Hochrieser said. Not only that, but try to stick to one vendor, one security services provider, so that the use of multiple companies does not create those gaps and broken links.
Biometric Card Growth
Taking a more holistic approach isn’t the only way to get ahead of criminals, he said. Technologies such as biometrics are increasingly attractive as tactics.
The PYMNTS report found, among other data points, that by 2023, there will be some 579 million biometric payment cards in use. That growth in biometrically-enabled payment cards is being fueled, at least in part, by increasing consumer familiarity with and use of biometric markers in their daily lives. And that includes selfies. “Over the last couple of years, people have become used to providing selfies” for a variety of tasks, Hochrieser said.
The way he and others see it, the use of selfie photos — how they can be compared to facial images on other documents, and now they can provide liveness checks for authentication purposes — stands as an important part of the process toward better digital and mobile security, systems that only do a good job of keeping criminals at bay but provide seamless customer experiences. No bad for a form of digital expression that is deeply associated with, say, the superficialities of reality TV culture and celebrity worship.
The PYMNTs Digital Identity Tracker found that biometric acceptance is indeed growing — along with other forms of consumer awareness when it comes to security.
And that’s not all when it comes to that awareness.
In the U.K., for example, the Digital Identify Tracker found that 38 percent of consumers there would like to use biometric authentication along with government-issued IDs. Some of those percentages can likely be linked to this data point, also part of the PYMNTS report: Since the rollout of the European Union’s General Data Protection Regulation (GDPR) last year, a law designed to strengthen consumer security and privacy, some 60,000 data breaches have been reported in the EU.
And if that’s not enough, consider this: The Digital Identity Tracker found that about 2.2 billion stolen emails and passwords have surfaced online. Criminals can use all that data for a variety of fraudulent tasks, ones that range to the relatively simple to the relatively complex and devious.
But in Hochrieser’s telling, the selfie, along with other biometric tools, promises to play a pivotal role in defending those threats. Not only can a person’s face be compared to the one of the government-issued ID document — such documents being a key to secure onboarding and authentication — but a digital self-portrait taken with a smartphone can provide “liveness” detection, which further proves that the consumer is legitimate.
Hurdles for Security
Easier said than done, of course.
Passwords still dominate, as does the use of email addresses and other basic, easily exploited data in the world of onboarding and ID authentication. Not only that, but too many organizations, according to Hochrieser, tend to separate such processes as onboarding, verification and authentication instead of treating them as a single, long-term, ongoing process. Any broken link in that process, he told PYMNTS, creates “extremely high risk” that criminals can make it past the fraud prevention defenses put up by financial institutions, businesses and other organizations.
Avoiding those broken links, along with combining verification and authentication, are just some of the ways of beating back criminals and preventing fraud. But those tactics are gaining ground and promise to take on larger roles in the coming years in the ongoing struggle against fraud.