Digital ID, with a side of biometrics, is needed to meet new threats

Adoption of digital services has never been greater, advancing payment technology but also creating more risk.

This automation was progressing at pace before the pandemic, but the crisis catalyzed consumers and businesses to adopt digital services faster than even proponents had expected. However, as more of us adopt digital services, the more our digital footprint grows, the more we’re risking our personal details.

Ironically, the technological advancements that accelerated the digitization of banking and commerce have also made it easier for fraudsters, who can use data to socially engineer and manipulate that to their advantage. Crooks can also apply machine learning to beat existing fraud prevention tools.

Without the necessary security it’s much harder for organizations and financial institutions to detect account takeovers, especially because criminals work so quickly. A recent Javelin report found that fraud losses grew 15% in 2019 to $16 billion as criminals shifted focus from card fraud to opening and taking over accounts. Account takeovers were responsible for the highest losses, up an astounding 72% over 2018. Additionally, 32% of fraud victims refuse to return to a merchant where their security was compromised.

It’s more important than ever that financial services providers stay steps ahead in the cat-and-mouse game of fast-evolving fraud schemes and exploits.

If we look at the theory of authentication, a method or combination of methods can be classed as multifactor – and hence, strong – if it employs factors from more than one of these three categories: possession, knowledge, and inherence. A common example is how we unlock our smartphones. We almost never use the device's PIN, instead proving our identity by combining a possession factor (the phone) with an inherence factor (biometrics like fingerprint or face recognition).

Biometrics is also about the way we do things, such as type or hold our phones – rather than what we know (knowledge) or have (possession). AI transforms these characteristic traits into codes that, when combined with machine learning, can be used to verify a person. Machine learning can also “learn” new patterns, which allows them to adapt to a user’s behavior over time or identify fraudsters’ new tactics.

Initially, AI-driven behavioral biometrics technology was used to prevent account takeover fraud. It's now being used for identity-proofing to counteract data breaches and enable risk-based authentication in payment apps.

On its own, of course, biometrics isn’t enough. It must be combined with the right complementary factors. Possession is the obvious choice when wanting to provide robust security with a slick user experience. A mobile phone, laptop or tablet are devices most of us have, and it’s possible to issue a unique certificate to every device. That transforms it into a strong possession factor that helps obstruct synthetic ID creation. Because the certificate is issued to the device, it is never linked to the user and therefore ensures privacy.

With the advances in technology and digitization, and evolving security threats, it’s time for smarter, more robust authentication methods. Biometrics is a powerful weapon in any financial institution’s arsenal. When used together with the right complementary technologies, it has the potential to unleash improvements in security and user experience.