The launch of EMV chip cards in the U.S. in the early 2000s had much of the hoped-for effect: By 2017, both Mastercard and Visa had reported that counterfeit fraud was more than halved.
That’s one of the happier stories in the turbulent digital identity wars. It’s not all good news.
Despite their success, the use of EMV cards with no required PIN codes has left a door unlocked for crooks. Worse by far are the massive consumer data breaches that continue flooding the Dark Web with fresh identities for sale – over four billion consumer records were exposed in the first half of 2019 – with no end in sight.
Consumers are hardly alone in this. The heightened risk to merchants and issuers is being keenly felt – someone pays when cybercrooks succeed, and it’s often the retailer.
In this weird environment, where Dark Web desperados now “bundle” stolen records so that cybercrooks have a seamless (though utterly illicit) shopping experience, new methods are required. The PYMNTS January 2020 Digital Identity Tracker examines the issues, as well as advances in mobile biometric security, “deepfake” detection and more.
A Crowded Field of Fakery
By summer 2019, people were no longer fazed by headlines screaming about data breaches. With everyone from Facebook to Quest Diagnostic Labs losing hundreds of thousands of consumer records in a conga line of hacks, most people went numb to it, waiting to see if they were affected and what their financial institution (FI) intended to do about it.
Among those not tuning it out is the National Retail Federation (NRF), which has complained about the EMV-PIN weakness and the liability issues it creates for NRF members. The trade group wants unified card security standards in the U.S., and it’s happening, albeit slowly.
EMV cards and other anti-fraud measures have had a major impact on fraud behavior. This has led to the rise of synthetic identity fraud, where hackers go to elaborate lengths to create fake people by stitching together the stolen details of real ones, then opening card accounts at scale and patiently draining those that go undetected just long enough to gain trust.
Into the fray comes new technology like “liveness detection” that supercharges facial recognition biometrics, making selfie scams and the like increasingly difficult. A world leader in Identity-as-a-Service (Iaas) and OCR document recognition, tech firm Jumio collaborated on the Digital Identity Tracker, and has made strides in combining machine learning and live human experts to verify credentials and increase confidence across the card authorization networks.
There’s another side of the digital identity story that’s more about freedom than fraud. Awareness of the extent of identity scams and the solutions that resulted can be used for another purpose: providing credentials to the estimated 1.1 billion people on earth without any form of ID.
Lack of ID (or proper ID) is stopping folks from getting basic services including food, shelter and healthcare. Proposed open-source digital ID systems would help alleviate the problem.
This dovetails with national identity schemes that are popping up all over the world as nations make a major push for digital ID, which governments see as both efficient and affordable. Accelerated domestically by new laws like the California Consumer Privacy Act (CCPA), digital identity is moving into the spotlight, and 2020 is shaping up as a true ID inflection point.