by Cindy White - CMO at Mitek
Fresh off of Mitek’s new white paper on biometrics and bias, CMO Cindy White continues the conversation about how multimodal biometric authentication fights fraud.
In case you missed it, Mitek recently released a forward-thinking white paper entitled Biometrics and bias: the science of inclusivity. It centers on Multimodal Biometric Authentication (MBA), specifically addressing how banks can use Mitek’s inclusive MBA technology to provide unbiased, convenient, and passwordless user protection.
The white paper is based on a recent conversation I had with fellow Mitek colleague Stephen Ritter, Chief Technology Officer, and Alexey Khitrov, CEO and co-founder, ID R&D. As with all the best types of conversations, ours ran lengthy and in depth. While the white paper gives a high-level overview of MBA’s fraud-fighting attributes, this article takes a deeper dive into how MBA combats deepfakes, scams, and other forms of financial fraud.
Cindy: How is fraud perpetrated through a breach of biometric security measures?
Alexey: Fraudsters are so creative. There’s a lot of innovation on the part of the bad actors, such as access control, account takeover scams, opening fake accounts through different channels, even deepfake video.
Lots of biometric fraud can be perpetrated using data that is readily available and accessible to criminals. For example, my image is on LinkedIn or Facebook, and my voice on YouTube. It’s fairly easy to create a fake ID that uses my image and voice, and then use that ID with my biometric data to open bank accounts for activities like laundering money, or opening large numbers of new accounts at telco providers to steal phones.
More sophisticated fraud teams and criminals might try their hand at creating really convincing and realistic deepfake videos. Actor and comedian Miles Fisher made headlines with his TikTok series of Tom Cruise deepfake videos, showcasing how convincing these attempts can be.
Stephen: My view on fraud is similar to a cyberattack. What’s happening with deepfakes is analogous to the “long con” approach that cyber attackers attempt through social engineering. These criminals have the ability to convince someone in a person-to-person scenario, pretending to be a system administrator who forgot a password or an accounts payable clerk needing bank account information to send a wire transfer.
With social engineering, there’s always been a big concern about protecting the human side of your organization. Fraudsters know how to create a very convincing email, for example, so people have to be trained to spot social engineering attacks and avoid clicking on links from unknown sources. Fortunately, the amount of skill required to pull off an effective social engineering fraud attack is at a very high level because there are so many factors involved. The cybercriminal has got to be a very good con artist.
The challenge that deepfakes pose is that they allow fraudsters to automate social engineering attacks in such a way where advanced skills are no longer required by the con artist. All they need to do to create a deepfake is download a software development kit and build their own face and voice biometrics. Mind you, the criminal still has to research the mannerisms of the person they’re attempting to impersonate in order to be convincing.
These tools are able to create a deepfake version in real-time. That is, the fraudster can be on camera while, simultaneously, the software transforms their face and voice into the person they are trying to impersonate. This type of technology gives fraudsters the ability to launch their attacks at scale. Just one person is able to probe the vulnerabilities of thousands of companies at the same time.
Cindy: In our white paper, we talk about how Mitek’s MBA solution lets “the good guys in,” i.e., Increases inclusivity by reducing bias. How about keeping “the bad guys (fraudsters) out?” What are the features/capabilities that detect and thwart potential fraud?
Stephen: The most important thing – and the reason why Mitek is a great fit with ID R&D’s technology – is that biometrics on their own are useless without very good anti-spoofing. One of the most effective forms of anti-spoofing is liveness detection. You can’t really be sure that the biometric sample is from the original owner if the biometric isn’t paired with best-in-class liveness detection. So, fraud prevention around biometric authentication really has its foundation in liveness detection.
We can also take it a step further. Once we start looking at all of these authentication events, we can understand the behavioral biometric behind them. Over time, as opposed to a single authentication happening at a point in time, we can spot the behavioral trends associated with fraud in that event stream.
Alexey: I agree. The number-one protection against deepfakes is liveness detection. ID R&D’s face liveness detection can easily tell if it’s not a real, living human face. Any attempt using a screen from another device, physical print out, or even a high-end silicone mask will not pass the system.
But the real benefit of Multimodal Biometric Authentication is that when we get face and voice biometric data, we double the opportunity to catch bad actors because the fraudster has to pass through both hurdles, not just one.
Cindy: How does Mitek detect authentication fraud while ensuring a frictionless experience for legitimate users?
Stephen: The beauty of using Mitek solutions to help onboard customers is that you’re not just providing a frictionless, passwordless experience to access their accounts. The benefits go both ways. From that end user, you’re getting a lot of the information you need to create an authentication registry, either for face biometrics, voice biometrics, or both. Mitek’s multimodal onboarding experience enables banks to strengthen their fraud protection through passwordless authentication. This is the foundation of the future of fraud and scam protection.
To learn more about how Mitek’s biometric fraud prevention and authentication capabilities can help your institution deliver inclusive, frictionless security and fraud protection, download our new white paper, Biometrics and bias: the science of inclusivity.