Equifax’s data breach has been dubbed as the worst hack to date, exposing personal information of virtually half of the American population. In other words, almost 45% of the country’s population may become a target for fraudsters and identity thieves. PII including SSN and driver's license numbers have been leaked in this breach; personal data that has traditionally been the foundation of impersonation and other types of identity fraud.
Market experts warn that one of the consequences of this data breach could be a spike in identity theft and account takeover. A study by Javelin draws the correlation between data breaches and an increased risk of fraud, warning that those whose personal data was compromised in a breach have a greater than one-in-four chance to be the victim of identity theft resulting in fraud in the year following the hack.
Knowledge-based authentication (KBA) methods such as security questions and passwords have suffered a major blow as result of the Equifax’s hack. Both businesses and regulators will now review their approach to secure yet convenient ways of confirming that the people they deal with are indeed who they say they are. This is even more acute for organizations operating in the digital channel, as KBA methods are clearly not enough to verify the identity of people we deal online.
The confluence of factors has all stakeholders agreeing that today it's more important than ever to regain and maintain trust in the digital channel. Both consumers and organizations deserve to have a high level of assurance that the people they are dealing with online are who they say they are. Providing this confidence can be achieved through the implementation of robust identity verification methods based on multiple factors of authentication such as identity documents ('what you have') and selfies and other biometrics ('who you are'.)
In short, the big lesson everyone seems agreeable to is that this will happen again. At Mitek we firmly believe that the Equifax data breach marks a point of inflection, a catalyst for organizations and policymakers to join forces and work on regulations that foster more secure and convenient identity verification processes.
Fortunately, risk-based approaches built on a solid identity verification component are already accepted by organizations and regulators alike as the best way to prevent and mitigate losses such as those caused by the Equifax data breach.
Implementing stronger identity verification mechanisms in a cost-efficient and user-friendly manner is possible thanks to the convenience and choice offered by digital technology and the speed and accuracy brought in by artificial intelligence and machine learning. Javelin’s white paper Looking Beyond KBA urges financial institutions and other organizations operating online to address the three pillars of successful and secure digital transactions and customer onboarding: customer experience, regulatory compliance, and evolving fraud risks. This research just adds to what the Equifax data breach has proven just once again: tools such as static or dynamic KBA, IP geolocation, and device recognition play a vital role in preventing fraud but have a blind spot for certain customers.