September 15, 2020
When was the last time you provided your mother’s maiden name to prove your identity to access an online account? Probably not that long ago. This type of online identity verification, known as knowledge-based authentication, is little more than a speed bump to the modern fraudster. More modern methods, such as SMS-based two-factor authentication, also have their own set of vulnerabilities that today's cybercriminals can exploit.
Simple social media searches can reveal the answers to supposed secret questions used by KBA solutions, and the 4- and 6-digit codes from SMS-based 2FA can be intercepted. Because cybercrime and the dark web have evolved and become far more sophisticated, traditional forms of authentication that were once effective can no longer reliably ensure that the person logging into their online account is the actual account owner.
In many cases, fraudsters don’t even need to check out your social media accounts or intercept your text verification code for your personal information—they often already have it. This is because of massive data breaches that have sent millions of sets of personal data spilling into the ether.
Data breaches happen on a near-daily basis and include global names like Yahoo!, Facebook, Quora, and Marriott/Starwood.
Even in the GDPR era, these breaches are coming at a rapid-fire pace, and it’s therefore vital that we move away from traditional identity verification methods. This is where facial biometrics need to be considered as a safe and secure alternative for accessing accounts and verifying certain transactions or activities online.
None of the traditional identity verification methods come without weakness, and the risks are far more widespread than you think—including methods you might have considered sophisticated not so long ago. This is indicative of the speed of tech innovation and the evolving nature of online fraud, which underlines the current lack of innovative security methods.
Password-based logins are problematic because passwords are easily forgotten and inherently insecure. Out-of-Band or SMS-based 2FA also continues to be a common form of authentication. Still hackers can easily intercept the 4- and 6-digit SMS codes via the SS7 telecommunication protocol network or phishing attacks.
Token-based authentication is also failing to meet the mark as a modern form of verification. An obvious drawback is that tokens must be carried at all times and are non-transferable—a characteristic that’s outdated in today’s user experience-focused world. There is also the simple weak point that tokens or fobs can be lost or stolen, presenting a further argument for more secure methods, such as biometric authentication.
Despite this, biometrics are not necessarily a silver bullet solution. Innovative fraudsters are now capable of deploying spoofing techniques, sophisticated enough to beat many kinds of biometric security once deemed robust. However, liveness detection in tandem with facial biometrics is presenting a very real solution to the problem, and with the help of Apple’s Face ID, millions of people are more familiar and comfortable with the process of using your face as a security measure.
The sun may be setting on the wide range of traditional verification methods that no longer cut it, but this doesn’t leave us alone in the dark. Providers of innovative identity proofing and authentication are bringing about a step-change for businesses across the industrial spectrum. Using AI, machine learning, and other industry-leading technologies, the identity of the user accessing the associated account can be linked—this is a glimpse into the future of online identity verification.
This powerful technology is available today, and it’s reliable and fast enough to eliminate variables that would once have skewed results and enabled hackers to gain access. For example, weight loss & weight gain, wearing glasses, or the loss or growth of facial hair have previously been changing factors that have disrupted less sophisticated tools.
The technology’s power to restore confidence, safety, and successfully analyze variables are not the only trailblazing characteristics. It will also clear a path for innovation across a range of industries. To bring this to life, it could allow you to confirm your identity in a range of situations where necessary, from checking in to a hotel room you’d booked or unlocking the keys to a car you had rented using just your selfie. It even unlocks the possibility of doing away with passwords altogether. In terms of evolution, the process will take a few mere seconds to complete and will require nothing more than a smartphone, relegating the need to remember tens or hundreds of passwords to a thing of the past.
The vital need for this security enhancement is being realized by leading companies from industries like financial services, healthcare, travel, entertainment, and gaming. Modern businesses are understanding that in light of cybercrime, the dark web, and the global nature of online fraud, they need to dispense with traditional, insecure, and unreliable authentication methods and adopt modern biometric-based methods.