Technologies designed to authenticate identities are being introduced around the world to replace cumbersome procedures involving usernames, passwords and paper-based identification documents. Biometrics, such as facial recognition, fingerprint and iris scans, and voice recognition technologies, are increasingly being used in everything from accessing devices and financial accounts to airport check-in and security processes.
As technology removes the human element from authentication efforts, the potential for data breaches and fraud increases. Governments worldwide have enacted laws aimed at protecting how consumer data is gathered, processed and used. These new regulations will consume corporate boards and add to the workload of executives with compliance challenges that include vetting new hires, avoiding regulatory fines, fraud risk mitigation and maintaining customer trust.
One 2021 survey of corporate compliance officers found that 78% of them expect an increase in regulatory demands in the coming year.
This month, PYMNTS Intelligence looks at the ways regulators are putting pressure on corporate entities to comply with legislation designed to protect consumers’ data.
Compliance Versus Consumer Trust
Consumers demand new technology that offers convenience and speed when accessing financial accounts, and a growing body of evidence shows they are willing to trust biometrics to identify themselves for faster service. A survey revealed a dramatic increase in consumers’ comfort level with sharing biometric identifiers since 2020, primarily because of their experiences during the pandemic. While fingerprints remained the biometric identifier that consumers felt most comfortable sharing, their comfort with facial, voice, hand and iris scans was up sharply, with 44% at ease with sharing facial scans.
Consumers may be warming to the idea of biometrics, but valid concerns about the technology remain. Data breaches were a top worry for 69% of consumers in another survey, followed by 62% who said an invasion of privacy was a concern. Identity theft is on the rise, and the number of United States adults affected by traditional identity fraud grew to 15 million victims in 2021, up by more than half from 2020. The losses from these incidents jumped 79% year over year to $24 billion in 2021.
The passage of biometric privacy laws designed to govern the collection and storage of consumer data, therefore, is increasing commensurately. The European Union’s General Data Protection Regulation (GDPR) of 2018 is one example, and in 2020, California amended its California Consumer Privacy Act (CCPA), becoming the first U.S. state to pass a law requiring companies to give consumers more control over how their data is collected and used. Approximately 90% of U.S. companies are currently not in compliance with the CCPA, which is due to take full effect in 2023, along with similar laws in at least four other states.
In addition to costing businesses potential customers, lack of compliance can erode current customers’ trust. A KPMG report indicated that 64% of businesses were seeing more and more suppliers and customers demanding proof of compliance with privacy regulations. PYMNTS’ research showed that security and convenience were the top items consumers considered before trusting a business, brand or website.
Noncompliance can lead to steep fines against companies that experience attacks that lead to data theft and fraud. The KPMG study found that 71% of companies surveyed experienced fraud, and more than half paid fines due to unmitigated compliance issues. Most expected risks and regulatory requirements to grow in the next five years in several areas, yet less than one-third said their organizations followed best practices regarding compliance.
Solutions to Facilitate Compliance
Corporate leaders need to focus on achieving compliance if they hope to avoid penalties and erosion of public trust. A survey of compliance personnel found that efforts were focusing on the areas of internal compliance assessments, employee awareness training and managing third-party compliance. Approximately 19% of organizations used dedicated compliance management software, and many still used tools such as spreadsheets, which are not scalable and cannot track third-party compliance. The survey indicated that many organizations will likely shift to automated solutions that use artificial intelligence (AI) to track compliance automatically.
Organizations could adopt electronic identity verification (eIDV) solutions that use public and private data sources to match individuals based on personal criteria. Companies and financial institutions (FIs) under pressure to do away with traditional paper-based verification methods will need to replace these methods with trustworthy digital alternatives. Some 42% of consumers have stopped applying for digital accounts because of cumbersome authentication processes, according to one 2021 report. That can mean lost revenue, as the report found that one dollar spent on eIDV can be worth $412 in customer lifetime value.
Companies that expect customers to trust them with their personal data need to ensure they do all they can to protect them. In the end, customers will reward them with continued business while the digital marketplace becomes safer for all involved.