Cybercriminals are looking for every opportunity possible to acquire your user data. Ongoing data breaches continue to expose usernames, passwords, payment information, health records and other personal information on the dark web, enabling fraudsters to log into user accounts and commit account takeover fraud.
In today’s digital age, personal data is never safe.
In 2020 and beyond, we’ll continue to see enterprises realize that traditional authentication methods such as SMS-based 2FA and knowledge-based authentication can no longer be trusted to protect online accounts, because passwords and security questions can be easily bypassed or guessed with readily available information.
Increasingly, enterprises across all industries will move toward biometric authentication to ensure a user’s digital identity matches their real-world identity – keeping data secure and out of the hands of fraudsters. Below are five specific trends and predictions around identity verification.
1. Deepfakes will raise the bar even higher for online identity verification and security methods
With 50% of consumers using the same credentials across multiple accounts, automated account takeover attacks will continue to run rampant in 2020. As organizations increasingly turn to more advanced, biometric-based authentication methods, the rise of deepfake technology will become a larger concern.
A deepfake superimposes existing video footage or photographs of a face onto a source head and body using advanced neural network powered AI – and is relatively easy to create. In 2020, we will see an increase in deepfake technology being weaponized for online fraud as biometric-based authentication solutions become more widely adopted. Even more concerning is that many digital identity verification solutions are unable to detect and prevent deepfakes, bots and sophisticated spoofing attacks.
In order to fight fraud, companies will need to make sure they are implementing an advanced biometric authentication solution equipped with a certified liveness detection. As criminals use more sophisticated attack methods, having the ability to detect when photos, videos, bots and realistic 3D masks are used instead of actual selfies to verify that the actual user is physically present during a transaction will be critical. It’s becoming increasingly important to deploy certified 3D liveness detection methods. Uncertified methods rely on “tells,” such as blinks, nods and other verification prompts, which can be spoofed by deepfakes. Instead, modern enterprises need to adopt certified liveness detection methods that have been approved as global biometric standards.
2. Regulations must advance past addressing the authenticity of the online users to stop the growing fraud epidemic
In 2020 we will see the regulatory environment continue to shift to address aspects of the growing fraud and data breach epidemic. Specifically, taking aim at the ability to discern if someone is real and/or who they say they are when operating online in a variety of use cases, from shopping to tweeting and sharing videos. But these laws have significant shortcomings for protecting online digital identity.
Last year California implemented the BOT Disclosure Law, making it illegal “for any person to use a bot to communicate or interact with another person in California online with the intent to mislead the other person with its artificial identity.” In June 2019, Rep. Yvette Clark (D-NY) introduced the DEEPFAKES Accountability Act. If passed, it would require the creators of false videos to label them as such or face up to five years in prison.
While both the BOT Disclosure Law and DEEPFAKES Accountability Act acknowledge that bots and deepfakes pose serious threats to democracy, they don’t acknowledge or penalize the other underlying fraud concerns. For example, the DEEPFAKES Accountability Act doesn’t address scenarios where the cybercriminal is creating deepfakes to perpetrate identity theft or bypass traditional biometric authentication.
While regulations are continuing to move in the right direction, they are still behind the pace of innovation and aren’t properly capturing how these emerging technologies can be used for online fraud.
3. Cybercriminals will target highly regulated industries with higher potential payouts
It has been widely reported that Social Security numbers are sold on the dark web for $1, but full medical records can command up to $1,000 because they’re an identity thief’s dream: date of birth, place of birth, credit card details, Social Security number, address and emails. Because of this, fraudsters will start targeting more lucrative industries like SMBs, healthcare, financial services, government agencies, higher education and energy. Many of these industries lack the IT resources and skills to adequately defend their organizations against sophisticated attacks and represent ripe targets in terms of the type of data that can be compromised and ultimately weaponized by cybercriminals to impersonate just about anyone.
4. Biometric-based identity proofing and authentication will continue to be adopted in highly regulated industries
Although we are still in the early stages of biometric-based identity proofing and authentication, its development will serve as a viable solution for the growing fraud epidemic. Previous methods of identity verification, like pinging credit bureaus, knowledge-based authentication, and even SMS-based two-factor authentication are no longer viable, reliable or secure means of authentication (and don’t provide a high level of identity assurance). Biometric authentication, on the other hand, is significantly more secure, reliable and delivers much higher levels of assurance.
5. Facial authentication goes mainstream
There’s been a healthy degree of confusion between facial recognition and facial authentication, but the underlying technologies and use cases are often very different. For consumers and businesses alike, facial authentication is a win-win. Unlike facial recognition systems which are often performed without the user’s consent, facial authentication is permission-based and provides high levels of security and
assurance to a user while letting them seamlessly access their own accounts or devices. The elegance of facial authentication is that the user does not need to be subjected to the entire identity proofing process — they just need to take a new selfie when they log into their favorite app or perform a high-risk transaction like a wire transfer. In 2020, we anticipate that facial authentication will continue to grow in popularity and continue to be used as a trusted technology for identity verification.