As the digital shift continues to keep pace with post-coronavirus shopping behaviors, eCommerce fraud is growing with it. In fact, 22 percent of respondents in a recent TransUnion survey claimed they had “been targeted by digital fraud related to COVID-19.” Biometrics, which measures the physical characteristics of an individual to validate identity, has been touted as a potential fix for that issue, but in reality the jury is still out on its immediate effectiveness.
“The biggest problem in IT is still the basic fact that most companies cannot completely defend their basic security,” says biometrics expert and consultant Mike Cherry. “Even if you have the best biometrics program available, you still need to protect the house and I’m not sure eCommerce companies have done that.”
In other words, a hack is a hack. If eCommerce doesn’t have basic security no biometrics technology in the world can protect the identity and data of its users. After an eCommerce company makes moves toward protecting its general security, however, biometrics technology has made strides. Consumers know it as the fingerprint or facial recognition on credit cards. But for eCommerce biometrics focuses almost exclusively on validating user identity.
For example, different technologies distinguish user identity in different ways. Passwords, which are easily forgotten or hacked, are the current method and the current spate of fraud shows that they’re generally ineffective. Fingerprints, for example, have been deployed as biometric markers for eCommerce. If a user opts to use them (and not all eCommerce platforms allow this) the system will only allow access to an account with an exact match. Voice recognition has also proven to be effective.
“In comparison to other verification methods, users can easily find microphones for signing in to their accounts rather than paying for fingerprint scanners or iris cameras,” noted a recent blog by biometric technology firm M2SYS. “It is a low-cost security check for website managers as well as consumers.”
But even current fingerprint and voice recognition are at risk of becoming antiquated. BioCatch, a developer of biometrics security technology, raised $145 million in its latest round of funding led by Bain Capital Tech Opportunities. The company’s technology tracks user behavior to determine fraud. According to the company, its technology is used by several financial services companies. The company says it can identify the fake accounts or stolen identities at onboarding using voice recordings.
“BioCatch has quickly established itself as a pioneer in the digital identity space by developing next-generation behavioral biometrics technology that integrates fraud detection and authentication capabilities to protect end-users and their most sensitive transactions. Their technology is highly applicable to other verticals beyond financial services that have the same need to balance fraud and the user experience,” said Dewey Awad, a managing director at Bain Capital Tech Opportunities.
But again, there is no silver bullet for eCommerce fraud.
“There is a misconception that biometric authentication automatically translates into identifying exactly who the user is,” says BiometricUpdate. “In reality, there’s a lot more to identity verification than just being able to match a set of biometrics. One of the biggest issues is the ability to correlate those metrics to a source of real-world identity that has been established and verified by an authority, like the government. That’s where identification verification comes in. While biometric authentication might indicate that a person trying to authenticate has the same biometric markers as the person already in the system, identity verification can help conclusively prove that the person is who they say they are out in the real world.”