Anyone can be a victim of fraud.
The surge in online banking has brought great convenience and speed to consumers but has opened them up to more opportunities to be defrauded in the process. From identity theft and imposter scams to phishing and laundering schemes, we must now be on constant alert to protect our finances.
Fraud is estimated to cost UK society around $5.3 billion each year and in 2021 alone, Americans lost $5.8 billion to identity theft. In the current climate with the cost-of-living crisis and a looming global recession, it has never been so important to protect consumers and companies from fraudsters.
As part of these efforts, executives at Mitek have provided these important steps that businesses should follow in the new year to keep their customers safe.
Understand the impact on the customer – By: Cindy White, CMO
It can be easy to forget that each statistic is made from individual victims whose lives have been turned upside down by fraud. Gaining a proper understanding of the issues and their impact on your customers is vital to build a robust plan of action.
According to the 2021 Aftermath Study from the Identity Theft Resource Centre, the impacts on victims are severe. Almost a third (32%) of victims experienced finance-related issues. All of these were contacted by debt collectors, often aggressively, and 83% were turned down for credit or loans – which left many unable to rent an apartment or find housing. In some cases, victims can even turn to criminal activity themselves to stay afloat, exacerbating the issue. Understanding the severity of the impacts on customers provides a good base to act.
Reduce reliance on passwords – By: Mariona Campmany, Digital Identity Lead
Passwords are becoming redundant. Many, if not most, organisations will move away from passwords in the near future, and it is no longer a question of if, but when businesses will reduce their reliance on passwords in favour of new technologies like biometrics.
Passwords are a nuisance to the user and are not an extremely secure option on their own. They have always been used to access an online account, but increasingly are being used as proof of identity, for example when signing a document or making a transaction. In this case, a misuse of that password means that someone can legally sign in your name. Even one-time passwords (OTP) as part of multi-factor authentication (MFA) can be vulnerable, with scammers pressuring victims for codes and SIM swapping attacks.
The move to biometrics – By: Steve Ritter, CTO
If a cybercriminal obtained a password fraudulently, they had a clear path to steal information or money. Removing this reliance on passwords and still providing the ease of use, speed, and accessible interface that customers demand can be tricky. Going passwordless requires businesses to find the right balance between good security and good user experience – and this is where biometrics come in.
Passwordless authentication based on multi-modal biometrics is the best alternative. Authentication will rely less and less on something you can share by accident or forget, and more on something easy to prove and inimitable. As well as providing higher levels of security, biometrics also improve user experience, with 70% of consumers believing that biometrics are easier and 46% thinking that they are more secure than using passwords or PINs.
Forged identity documents and synthetic identities are also becoming increasingly common; however it is very difficult to steal a verifiable biometric that meets common standards of liveness and authenticity. Multi-modal biometrics prove more secure and more reliable than any other type of identification available in the market today.
Be transparent – By: Chris Briggs, Head of Digital Identity
The first step in making biometrics adoption comfortable for consumers is data transparency. Organisations must be clear on what customer data is being gathered and how it will be used. In addition, they need to provide a method for expressing consent of the use of that biometric, and the right to withdraw that consent at any point in the future.
In Mitek’s recent Reddit AMA, we learned that consumers have little confidence that the government, private businesses, AI, or even friends, are using biometrics appropriately. The trick to closing this trust and confidence gap comes from helping consumers understand their rights – especially those that come from emerging personal information and biometric regulations like the AI Bill of Rights.
With this knowledge, and clear notification from a trusted service provider, consumers can feel confident entrusting their digital security to biometric based authentication solutions. Ultimately, it is the consumer’s choice to use biometrics and they need to be well informed to make the right decision.
Boost customer knowledge of biometrics and identity protection – By: Steve Ritter, CTO
Consumers need to feel confident that biometric authentication does not mean biometric surveillance. It is up to industry leaders and businesses to educate consumers on the difference. After all, businesses must be the first line of defence to protect customers from digital fraud.
Today, the use of biometrics on mobile devices is a process that avoids the hassles of missing coverage, attempted fraud, or remembering passwords, and the consumer uses unique and non-transferable values. Once the person is aware of this, security is guaranteed along with a great user experience. By creating an intuitive, safe, easy to understand, and well-protected biometrics, consumers will want to use them as a better alternative to passwords.
Businesses should also provide consumers with education on how to protect their information and identity online, to further boost their security. Tips like making your home network more secure with strong passwords and encryption, shutting down or locking your work computer when you aren’t around and being careful about clicking hyperlinks in emails are just some easy wins that businesses should share with their customers.
Educate consumers on fraudulent schemes – By: Sanjay Gupta, SVP and MD
As well as educating consumers on how they can protect their identity and use biometrics for extra security, it is vital that businesses share information on fraudulent schemes that could be a threat.
For example, vishing, or voice phishing, scams are on the rise, where fraudsters use voice calls to steal information or convince the consumer to allow them access to their funds. They impersonate banks or governmental organisations, holding just enough personal information about the consumer to convince them that there is something wrong with their account, and dupe them into providing account information.
Fraudsters also use consumer information for account takeover (ATO) schemes. They call support centres, pretending to be the customer to try and take over the account. However, in these cases, if the consumer had voice biometrics set up then they could thwart this type of attack.
Remember that fraudsters never stop looking for ways to adopt new technologies and use them to their illicit advantage. Businesses need to keep this in mind when planning their defences and help their customers protect their identity and data. Moving to a biometric-first strategy and educating customers on the benefits of this will be the best way to protect them from fraud.