According to Experian’s Global Identity and Fraud report passwords continue to instill the most confidence in its ability to protect against identity theft and online fraud across all regions. However, businesses and consumers are starting to get more comfortable with advanced authentication methods.
This is to the extent that, 74 percent of consumers have more confidence in a business that uses physical biometrics for security. As more consumers are demanding both security and convenience, a shift is becoming inevitable.
Digital Journal: What are the main cyber-security risks faced by businesses?
David Britton: Businesses are facing all kinds of threats at increased paces. Account takeover, synthetic identity account opening fraud, social engineering, cross-channel attacks, phishing scams, and stolen credit card or payment fraud continue to be some of the most known and damaging types of online fraud taking place today. In fact, online fraud continues to be a risk across the globe. According to our 2019 Global Identity and Fraud Report, 55 percent of businesses reported an increase in fraud-related losses over the past 12 months, particularly in account opening and account takeover attacks.
Additionally, the other risks to businesses come in the form of increased customer friction, customer frustration and abandonment. The potentially damaging forms of discontentment usually are caused by the use of overly draconian security measures which have a negative impact on a legitimate customer base. It is important that businesses consider not just the overt threat landscape, but also the practices employed around detection and security, which can dramatically interfere with customer satisfaction, brand trust and overall revenue growth.
DJ: Where are these threats coming from?
Britton: We believe that the fraudster community is comprised of creative and persistent individuals, highly motivated to achieve their goals. The modern attacker has a wide variety of tools, insights and compromised data that they can apply to their trade. There has been an increase in mobile malware, fraudsters attacking mobile channels, targeted phishing attacks (spear-phishing), and advancements in automated attacks.
Further, these groups are highly organized, and are now effectively targeting businesses with a focus on weak operational processes or vulnerabilities. We have also seen a rise in device emulation, tools that allow a user to configure their laptop to appear as a different device such as a mobile device,) in an attempt to avoid rudimentary device recognition technology. These threats are further enabled by other environmental aspects, including site vulnerabilities such as out of date security systems, weak passwords and malware viruses.
DJ: What are the highlights from the Experian’s Global Identity and Fraud report?
Britton: There were several highlights from our 2019 report including the fact that 70 percent of consumers would share more data if there was a perceived benefit, with greater online security and convenience at the top of the list. This is particularly true as it relates to consumers that sign up for a service, and then log in to that service on a recurring basis over time. Consumers have indicated a willingness to provide more data about themselves, if it means that subsequent access is frictionless, or easy to undertake.
This presents an additional opportunity for businesses to help ensure they are keeping their customers safe while still providing a seamless and relevant customer experience. As an example, many consumers felt that businesses that leveraged biometric authentication capabilities were more secure than those that just relied on passwords for access.
We also found that consumer confidence in traditional security methods, in which there are some visible signs of security, remains high. This would include secure SSL (HTTPS) indicators during browser interactions, immediate confirmation of transactional activity, and a general sense of consistency and clarity about what the consumer should expect during the engagement. But we also found that consumer trust and confidence soar in response to sophisticated security measures.
DJ: Do passwords still have a role?
Britton: Yes, despite their inherent challenges, passwords continue to instill the most confidence in its ability to protect against identity theft and online fraud across all regions. We believe this is the case since passwords are the most commonly used visible sign of security. Passwords will continue to be used, however we are seeing increasing use of additional elements like traditional biometrics, behavioral biometrics, device and network attribute observations and customer transactional behavior and activities to provide a more passive approach to authentication.
The most robust measures around consumer authentication will be the ones that can combine these various methods and will use them as needed, based on the inherent risk in the activity being performed by the consumer. This dynamic approach to consumer authentication requires a continuous consumer identity-based authentication approach, that understands and can leverage the entire consumer journey as context for the decision making process.
DJ: Are biometrics better than passwords?
Britton: Fundamentally, biometrics offer a much richer and more unique way of authenticating, than passwords do, however, on their own they still have limitations. For example, if biometric data is compromised, it is impossible to reissue a biometric element. We do believe that the best approach will be a multi-layered approach that brings together a variety of techniques and technologies, in a combined and dynamic assessment of risk.
It is clear that companies and consumers are starting to get more comfortable with advanced authentication methods. So much so that, 74 percent of consumers have more confidence in a business that uses physical biometrics for security. As more consumers are demanding both security and convenience, a shift is becoming inevitable.
DJ: Do consumers trust businesses more that have more than one method of authentication?
Britton: Using a layered approach including advanced authentication solutions allows business to apply the right response by intelligently stepping up or stepping down the required level of challenge based on the level of risk. For example, if a customer only wants to check their account balance, they shouldn’t have to be exposed to the same level of authentication requirements that they would if they were attempting to make a large value wire transfer request out of bank. Not needing to challenge customers every time they visit your site, not only provides an improved experience for the customer but it creates more trust.