From biometrics to identity verification, and from artificial intelligence to systems designed to protect the banking system, 2020 will see further strides made by sophisticated technologies. To understand these developments better, Digital Journal spoke with Jumio CEO, Robert Prigge and Jumio CTO, Labhesh Patel.
Prigge and Patel present their key technologies, in response to the main changes and challenges that have been reported in Digital Journal’s technology pages over the past year.
Deepfake technology will raise the bar even higher for online identity verification and security methods
Robert Prigge: With a reported 50 percent of consumers using the same credentials across multiple accounts, automated account takeover attacks will continue to run rampant in 2020. As the industry abandons outdated authentication methods that are easily susceptible to fraud, like SMS-based 2FA and knowledge-based authentication , and turn to more advanced, biometric-based authentication methods as a secure alternative, the rise of deepfake technology will become a larger concern. A deepfake superimposes existing video footage or photographs of a face onto a source head and body using advanced neural network powered AI – and are relatively easy to create. In 2020, we will see an increase in deepfake technology being weaponized for fraud as biometric-based authentication solutions are widely adopted. Even more concerning is that many digital identity verification solutions are unable to detect and prevent deepfakes, bots and sophisticated spoofing attacks.
In order to stay ahead of the rapidly evolving fraud curve, companies will need to make sure they are implementing an advanced biometric authentication solution equipped with a certified liveliness detection. As criminals use more sophisticated attack methods, having the ability to detect when photos, videos, bots or even realistic 3D masks are used instead of actual selfies to create online accounts and ensure the actual user is physically present during the transaction will be critical.
Regulations must advance past addressing the authenticity of the online users to stop the growing fraud epidemic
Prigge: U.S. organizations spent the better part of 2019 preparing for the implementation of the California Consumer Privacy Act, the strictest data privacy law in the U.S., which will go into effect Jan. 1, 2020. And in 2020 we will see the regulatory environment continue to shift to address aspects of the growing fraud and data breach epidemic. Specifically, taking aim at the authenticity of the internet and the ability to discern if someone is real, and/or who they say they are when operating online in a variety of use cases – from shopping, to tweeting, to sharing videos. But these laws have significant shortcomings for protecting online digital identity.
Last year California implemented the BOT Disclosure Law, making it illegal for a bot to operate as a human, specifying it “unlawful for any person to use a bot to communicate or interact with another person in California online with the intent to mislead the other person with its artificial identity.” In June 2019, the DEEPFAKES Accountability Act was introduced. If passed, it would require that creators of false videos to label them as such or face up to five years in prison.
While both the BOT Disclosure Law and DEEPFAKES Accountability Act acknowledge that bots and deepfakes pose serious threats to democracy and can be used for digital propaganda, they don’t acknowledge or penalize the other underlying fraud concerns. For example, the biggest problem with the DEEPFAKES Accountability Act is that it doesn’t address scenarios where the cybercriminal is creating deepfakes to perpetrate identity theft or bypass traditional biometric authentication. In these scenarios, a cybercriminal isn’t going to divulge that he is about to perpetrate a crime by being re-encoded for distribution on Instagram or YouTube (e.g., assuming the identity of a legitimate user) to the very organization they’re looking to defraud.
While regulations are continuing to move in the right direction, they are still behind the pace of innovation and aren’t properly capturing how these emerging technologies can be used for online fraud.
Cybercriminals will target highly regulated industries that have higher potential payouts
Prigge: It is reported that social security numbers are sold on the dark web for $1 and credit card information can be sold for up to $110. But Experian reports full medical records can command up to $1,000 because they’re an identity thief’s dream: date of birth, place of birth, credit card details, Social Security number, address, and emails. Because of this, fraudsters will extend beyond the common account takeover attacks we often see in the news and go after more lucrative industries like SMBs, healthcare, financial services, government agencies, higher education and energy. Many of these industries lack the IT resources and skills to adequately defend their organizations against sophisticated attacks and represent ripe targets in terms of the type of data that can be compromised. Once compromised, the data can be weaponized by cyber criminals to impersonate just about anyone – making them high profile targets for fraudsters.
Biometrics, Digital Identity and Trust
Biometric-based identity proofing and authentication will continue to be adopted in highly regulated industries to assure a person’s digital identity matches their real identity.
Prigge: The global market for mobile biometrics is forecast to grow at an impressive 31.14 percent CAGR, adding $28.45 billion per year in incremental growth between 2018 and 2023, despite the CAGR decelerating by 22 percent in the period. The growth forecasts in the latest set of market analyst reports that indicate widespread adoption of biometrics technology: 22 percent for mobile biometrics, 22 percent for 3D sensors, and 19 percent for healthcare biometrics. Facial authentication is impacting the physical security market, cloud-based subscription services are becoming more popular for security, and the Pentagon is expected to remain a source of opportunity for companies offering advanced authentication technologies. Although we are still in the early stages of biometric-based identity proofing and authentication, its development will serve as a viable solution for the growing fraud epidemic. Previous methods of identify verification, like pinging credit bureaus, knowledge-based authentication, and even SMS-based two-factor authentication are no longer viable, reliable or secure means of authentication (and don’t provide a high level of identity assurance). Biometric authentication, on the other hand, is significantly more secure, reliable, and delivers a much higher level of assurance.
Healthcare
The healthcare industry will heavily invest in fraud prevention strategies as cybercriminals zone in on more lucrative breach targets.
Prigge: The healthcare industry has long been the number one target of cyberattacks, exposing tens of millions of customers’ identities around the world, costing more than $1 billion USD in losses. Moreover, the number of exposed records more than doubled year-over-year, from about 5.1 million records in 2017 to 13.2 million records in in 2018. And yet, only 33 percent of the industry has taken the preventative measure of protecting themselves properly. Considering the rise in healthcare fraud and ransomware, as well as the industry’s shift towards self-service and telemedicine, it will be more important than ever to know your patient is who they say they are in order to avoid catastrophic impact. Diligence around KYP (know your patient) initiatives will be at the forefront of all healthcare interactions as a first line of defense against high value fraud attempts and a means of ensuring patient safety and trust.
Mobile biometrics
Facial authentication goes mainstream.
Prigge: There’s been a healthy degree of confusion between facial recognition and facial authentication, but the underlying technologies are often very different and designed to address different use cases. For consumers and businesses alike, facial authentication is a win-win. Unlike facial recognition systems which are often performed without the user’s consent, facial authentication is permission-based and provides high levels of security and assurance to a user while letting them seamlessly access their own accounts or devices. The elegance of facial authentication is that the user does not need to be subjected to the entire identity proofing process — they just need to take a new selfie when then log into their favorite app or perform some high-risk transaction (e.g., wire transfer or password reset). In 2020, we anticipate that c facial authentication will continue to grow in popularity and continue to be used as a trusted technology for identity verification.
AI and Automation / Finance and Banking
AI and automation will have a profound impact on fraud prevention in the financial services space.
Labhesh Patel: Customer experience and fraud detection will go hand in hand in the finance industry, especially as Millennials are 2.5 times more likely than Baby Boomers and 1.5 times more likely than Gen Xers to switch banks. Machine Learning and AI will serve a dual function in financial services and banking. Not only will AI help speed up and improve the verification and accuracy of new customer onboarding, it will also provide a reliable means of continued identity authentication for each subsequent customer login in order to thwart sophisticated attacks.
AI can quickly scan, analyze and confirm an individual’s online identify in a matter of seconds by simply capturing a selfie of the customer, comparing it to the initial onboarding photo of a government-issued ID document (e.g., driver’s license or passport) and then running it through an algorithm to detect any suspicious activity or digital tampering (Photoshop fakes). Because this process is historically faster than relying on human detection, fiserves implementing an AI-based digital identity verification solution in 2020 will experience a dramatic improvement in fraud prevention while also maintaining high customer conversation rates through a more frictionless, repeatable customer experience.
Digital identity solutions will help financial service organizations and banks meet a variety of regulatory demands in 2020 while also maintaining strong customer relationships.
Regulations like KYC (know your customer) and AML (anti money laundering) have created necessary but sometimes lengthy processes for banking and financial service organizations, resulting in a compromised customer experience (the average customer onboard process takes an average of 26 days to complete). In order to meet comprehensive regulatory needs while also prioritizing customer experience, the financial industry must deploy more sophisticated means of identity verification and ongoing authentication in 2020. Options like biometrics with certified liveness detection will allow the industry to quickly identify customer identity, protect against deepfake attacks and other fraudulent activity, ease of use for customers and better cross-platform portability, creating a new standard for customer onboarding and continued identity authentication.
