As a global society we adapted to online banking relatively quickly over the last 3 years, and with the normal hiccups along the way, we are getting accustomed to the convenience and speed that digital solutions provide us. With all of these modern opportunities becoming normal, often times we become complacent and unaware of the fraud that can creep up all around us. Identity theft, imposter scams, phishing and laundering schemes are just a few ways fraudsters are on the attack in 2023, and why being vigilant about protecting our finances is so critical.
It is estimated that fraud caused our global economy over $5.4 trillion in losses in 2021, with Americans losing $5.8 billion to identity theft alone. Staying alert and aware of potential threats, knowing best practices, and implementing the best identity verification solutions to help protect consumers and companies from fraudsters has never been more important.
Coming into the new year, Mitek leaders rallied around the fight against fraudsters and identity theft and provided these important guidelines that businesses should follow to keep their customers safe and happy.
Understand the impact on the customer
by: Cindy White, CMO
It can be easy to forget that each statistic is made from individual victims whose lives have been turned upside down by fraud. Gaining a proper understanding of the issues and their impact on your customers is vital to build a robust plan of action.
According to the 2021 Aftermath Study from the Identity Theft Resource Centre, the impacts on victims are severe. Almost a third (32%) of victims experienced finance-related issues. All of these were contacted by debt collectors, often aggressively, and 83% were turned down for credit or loans – which left many unable to rent an apartment or find housing. In some cases, victims can even turn to criminal activity themselves to stay afloat, exacerbating the issue. Understanding the severity of the impacts on customers provides a good base to act.
Reduce reliance on passwords
By: Mariona Campmany, Digital Identity Lead
Passwords are becoming redundant. Many, if not most, organizations will move away from passwords in the near future, and it is no longer a question of if, but when businesses will reduce their reliance on passwords in favor of new technologies like biometrics.
Passwords are a nuisance to the user and are not an extremely secure option on their own. They have always been used to access an online account, but increasingly are being used as proof of identity, for example when signing a document or making a transaction. In this case, a misuse of that password means that someone can legally sign in your name. Even one-time passwords (OTP) as part of multi-factor authentication (MFA) can be vulnerable, with scammers pressuring victims for codes and SIM swapping attacks.
The move to biometrics
By: Stephen Ritter, CTO
If a cybercriminal obtained a password fraudulently, they had a clear path to steal information or money. Removing this reliance on passwords and still providing the ease of use, speed, and accessible interface that customers demand can be tricky. Going passwordless requires businesses to find the right balance between good security and good user experience – and this is where biometrics come in.
Passwordless authentication based on multi-modal biometrics is the best alternative. Authentication will rely less and less on something you can share by accident or forget, and more on something easy to prove and inimitable. As well as providing higher levels of security, biometrics also improve user experience, with 70% of consumers believing that biometrics are easier and 46% thinking that they are more secure than using passwords or PINs.
Forged identity documents and synthetic identities are also becoming increasingly common; however it is very difficult to steal a verifiable biometric that meets common standards of liveness and authenticity. Multi-modal biometrics prove more secure and more reliable than any other type of identification available in the market today.
By: Chris Briggs, Head of Digital Identity
The first step in making biometrics adoption comfortable for consumers is data transparency. Organizations must be clear on what customer data is being gathered and how it will be used. In addition, they need to provide a method for expressing consent of the use of that biometric, and the right to withdraw that consent at any point in the future.
In Mitek’s recent Reddit AMA, we learned that consumers have little confidence that the government, private businesses, AI, or even friends, are using biometrics appropriately. The trick to closing this trust and confidence gap comes from helping consumers understand their rights – especially those that come from emerging personal information and biometric regulations like the AI Bill of Rights.
With this knowledge, and clear notification from a trusted service provider, consumers can feel confident entrusting their digital security to biometric based authentication solutions. Ultimately, it is the consumer’s choice to use biometrics and they need to be well informed to make the right decision.
Boost customer knowledge of biometrics and identity protection
By: Steve Ritter, CTO
Consumers need to feel confident that biometric authentication does not mean biometric surveillance. It is up to industry leaders and businesses to educate consumers on the difference. After all, businesses must be the first line of defense to protect customers from digital fraud.
Today, the use of biometrics on mobile devices is a process that avoids the hassles of missing coverage, attempted fraud, or remembering passwords, and the consumer uses unique and non-transferable values. Once the person is aware of this, security is guaranteed along with a great user experience. By creating an intuitive, safe, easy to understand, and well-protected biometrics, consumers will want to use them as a better alternative to passwords.
Businesses should also provide consumers with education on how to protect their information and identity online, to further boost their security. Tips like making your home network more secure with strong passwords and encryption, shutting down or locking your work computer when you aren’t around and being careful about clicking hyperlinks in emails are just some easy wins that businesses should share with their customers.
Educate consumers on fraudulent schemes
By: Sanjay Gupta, SVP and MANAGING DIRECTOR
As well as educating consumers on how they can protect their identity and use biometrics for extra security, it is vital that businesses share information on fraudulent schemes that could be a threat.
For example, vishing, or voice phishing, scams are on the rise, where fraudsters use voice calls to steal information or convince the consumer to allow them access to their funds. They impersonate banks or governmental organizations, holding just enough personal information about the consumer to convince them that there is something wrong with their account, and dupe them into providing account information.
Fraudsters also use consumer information for account takeover (ATO) schemes. They call support centers, pretending to be the customer to try and take over the account. However, in these cases, if the consumer had voice biometrics set up then they could thwart this type of attack.
Remember that fraudsters never stop looking for ways to adopt new technologies and use them to their illicit advantage. Businesses need to keep this in mind when planning their defenses and help their customers protect their identity and data. Moving to a biometric-first strategy and educating customers on the benefits of this will be the best way to protect them from fraud.