Fraudsters Want Your ID Information. What Are You Doing to Stop Them?

In 2016, identity theft amounted to $16 billion and affected more than 15.4 million people in the United States. Your identity is arguably your most valuable asset, but how often are you aware of all the ways that you use it to transact? With the lines of physical and digital identity becoming increasingly blurred, it’s more important than ever to safeguard your identity during transactions.

Are you doing enough to ensure you’re keeping your personal information – and your customers’ information – safe from fraudsters?

Click to download the free infographic: Where Does Your Identity Take You in a Day?

Every day, Americans make transactions by swiping, scanning or chip-reading – from grabbing a cup of coffee to purchasing airline tickets. The convenience of these transactions, it seems, trumps concerns of information falling into the wrong hands. But the time has passed for simply hoping our ID information – and our customers’ ID information – will continue to be safe, simply because you’ve seen no evidence it’s been compromised.

Just a Day in the Life for Identity Thieves

Let’s look at a typical day anyone could have to see how easily one can expose their ID information to considerable security risks.

Mobile banking. Shortly after leaving the office, a person decides to check the balance of their checking account. They use the local coffee shop’s free Wi-Fi, because like 67% of Millennials, they use a mobile app to access their banking information. Though on an open network, they tap in their ID, password and perhaps other Know Your Customer (KYC) information, as required by anti-money laundering (AML) regulations. Did a fraudster track their every keystroke?

Click to download the free infographic: Where Does Your Identity Take You in a Day?

Small business transactions. Because this person is now running late to a doctor appointment, they pull out their credit card to engage one of the 1,000 bike-sharing services across the country, a market that is expected to become a $6.1 billion business by 2020. Are the security measures employed by all 1,000 vendors up to par? How does this one rank?

Medical Insurance. At the doctor’s office, they check in at the front desk, making their co-pay with the same credit card and giving their medical insurance card information which is likely photocopied. Like most people, this person is more than likely unaware that 15.4 million medical records were stolen in 2016 alone, and that 301 people across the country were charged roughly $900 billion in false billing.

Remember, Identity Thieves Never Take a Vacation

Although you’re in a rest-and-relaxation mode, you still know not to leave your hotel room unlocked or your wallet on a car seat. If only you could take similar measures to protect your ID information. Here are some common transactions that require ID information on a typical vacation – and some data associated with their risk of security breaches.

Accommodations. The global vacation rental market is poised to be worth $193.89 billion by 2021. Fully 46% of customers check in using hotel loyalty programs, and loyal customers spend on average 67% more than new ones. Front desks and agencies are mostly taking your identity document photocopying it and storing it somewhere; a very insecure data capture method. All this makes vacation rental businesses likely targets for theft of identity information.

Ground transport. Uber reported that 40 million people used the ride-hailing service in 2016. Incidentally, 8,000 ride-hailing service drivers in Massachusetts failed to pass new state background checks in 2017. Similarly, car-rental agencies routinely require a check of ID documents to complete transactions and mostly use the archaic photocopy method of capturing your ID leaving you vulnerable to a paper file floating around.

The More You Know, the Better

Our free infographic, Where Does Your Identity Take You in a Day , illustrates just how important it is to protect your ID information.

Acuant provides businesses with identity proofing solutions for trusted transactions, for more information contact us here.

 

Read the Infographic

How Machine Learning is Taking Identity Proofing Solutions to a Whole New Level

Artificial Intelligence (AI) enables computers to make human-like decisions, creating efficiencies that were previously unachievable. AI powers everyday technologies such as search engines, self-driving cars, and facial recognition apps. This technology is also leveraged for consumer identity access and management to protect consumers and businesses against fraud.

The Growth of ID-based Transactions

Banking, healthcare, government and many other industries employ ID verification and authentication to get accurate information about their customers and prevent ID fraud. As fraudulent transactions continue to rise, the need for a strong, customer-friendly identity proofing solution becomes critical.

Artificial Intelligence, and its subsets of machine learning and deep learning, make it possible to accurately process, verify, and authenticate identities at scale. Machine learning enables solutions to continually improve by learning from their data collection mechanism. This, in turn, informs the operation and performance of the software. For an in-depth look at machine learning and how it applies to your industry, read our latest white paper: Beyond Machine Learning.

Machine Learning for ID Proofing

Machine learning is an extremely efficient tool for discerning between real and fraudulent IDs. Computer software that is constantly learning and correcting itself can process millions of transactions at a rate unachievable by human experts.

However, IDs are physical documents that endure wear and tear, and may feature manufacturing discrepancies. If the model for passing or failing IDs is based on only a few samples, many real IDs will fail the test. This is where human oversight comes into play.

Machines and Humans Working Together for Highest Accuracy

Trained professionals using the software can step in to prevent bad customer experiences when the software flags a legitimate ID because it is damaged or worn.

During the rare instances where the computer fails to identify what is wrong with an ID, the professional can apply their expert eye, determine what error occurred and teach the computer how to spot the issue in the future. This creates a different method of learning where new information is being input to the learning model so the model can improve.

The benefits of machine learning combined with human expertise is the current standard in identity proofing solutions. Businesses want to be able to approve all good customers from the start with no friction. A good ID verification solution will do just that. In addition, when looking for a provider, businesses need to consider scope of expertise. Providers experienced in ID-based transactions across multiple industries help to ensure machines will have a model that has encountered multiple scenarios for failing or passing an ID.

Conclusion

Artificial Intelligence increases customer security and prevents fraud. Identity proofing providers are a trusted source to collect evidence of fraud, and through machine learning, that evidence can be analyzed and applied continuously to ensure higher accuracy.

Acuant is among the world leaders in applying machine learning to identity proofing solutions. Over the past 20 years, Acuant has accumulated the industry’s largest identity document library with government-issued ID documents and passports from over 190 countries. Acuant technology also has the ability to read characters in almost any language to ensure business are providing the most customer-friendly experience to instantly approve more good customers.

To join Acuant’s group of industry-leading partners, talk to an ID Solutions Specialist today.

 

Beyond Machine Learning

Stranger Danger: Why You Should Care About Verifying Identities in the Age of the Sharing Economy

The Sharing Economy, which in broad terms is defined as an economic system in which assets or services are shared between individuals via the internet and especially mobile apps, has become a major way in which Millennials transact. This includes conducting transactions for business, travel, on-demand services and virtually all lifestyle-type offerings for goods and services. According to Pew Research, about 72% of Americans have tried at least one platform or service.

While the rise of sharing economy apps appears to have made many luxury services and chores more convenient and accessible, there is the question of security. Not every app emphasizes security and privacy. Many use social media as a way to verify users. These are merely connected to a Facebook or other social profile, which can be easily faked. Then there is the question of employee verification. With so many services that allow users to invite providers into their private homes, a private car or a private location – one has to ask the question, how is my safety being addressed? We need only refer to Uber to see how instances of assaults by drivers and passengers have made customers, especially women, warier of these services. And we have all heard a crazy story about an Airbnb person who would not leave or destroyed the house. Wouldn’t it bring some peace of mind to know your driver, houseguest, online date, make-up artist etc., has been verified and that you know this before they enter your life?

Seeing a picture and name of your driver or delivery person does not mean necessarily that this person has been verified. Not every sharing economy platform conducts background checks and only in the last few years has ID verification become more of a concern to even the major platforms like the aforementioned Uber who now continuously verifies driver identities.

It is important for businesses to continually update their security by verifying IDs and conducting background checks. In addition, educating customers about best practices will also help to protect privacy and prevent a negative experience.

While companies catch up on their security standards, here are some tips for customers using apps and services:

  1. Learn to Spot Fake Reviews

Don’t be fooled by stellar reviews. If there are only a handful of 5-star reviews, these could have been written by personal friends. Pick someone with hundreds of good reviews and be assured that this provider is giving a consistent, positive experience.

  1. Research Company Methods of ID Verification the Background Checks

Before using any service, do some research about what kind of identity verification they use for employees and users, as well as if background checks are conducted, general policies, and whether there are outstanding lawsuits against the company. Checks such as sex offender registries, DMV records, or taking social security number information are some basic tests of a trusted service.

  1. Change your Profile Pictures

As Sharing Economy platforms become more popular, they often become targets of ID theft and confidence schemes. A good way to avoid being conned is to use a new photo not attached to any other platform that might contain personal information such as LinkedIn or even Facebook.

  1. Think Before You Speak

Don’t talk to strangers about your plans. A handyman, housekeeper, or driver from an app doesn’t need to know where you’re going or how long you’ll be away. In addition, it might be a good idea to let close friends or family know whenever you are on the road, in someone else’s home, or have someone in your own home.

 

Sharing economy platforms and services must do more to protect customer privacy and security. Verifying IDs is a crucial step in establishing trust between customers and providers. Acuant’s ID Proofing Solutions allow businesses to capture accurate ID data, ensure IDs are valid and verify identities in seconds for secure mobile transactions.

Download our idScanGo mobile app in the app store for iOS and Android to see the process in action with your own ID and insurance card.

 

 

idscango trial

PKI, Chip Technology Embraced to Fortify Security Defenses

As high-profile security breaches become more commonplace, companies and government agencies are increasingly looking to Public Key Infrastructure (PKI) technologies to enable strong authentication access controls and more robust data protection capabilities. Successful PKI-based, security chip implementations are designed to facilitate secure authentication.

 

Case in point, Congress is currently crafting a bipartisan piece of legislation called the IoT Cybersecurity Improvement Act of 2017 in an effort to secure IoT devices. One way of securing IoT devices in the workplace and home is through the use of PKI credentials to both identify the device and to securely authenticate those seeking access to the device – which can prevent unauthorized users from gaining access. As IoT devices become more ubiquitous, devices will need to authenticate themselves and have their own certificates to prove trustworthiness. Through the use of PKI, the chances of unauthorized access through IoT devices decreases.

 

PKI is also increasingly embraced in the healthcare industry as a way to meet security compliance regulations, particularly the standards of the Health Insurance Portability and Accountability Act (HIPAA). Devices with PKI technology help secure patient identities by only allowing access to authenticated users. The use of PKI technology in turn reduces the likelihood of litigation due to a HIPAA violation, and can also reduce the losses incurred due to identity fraud.

 

PKI can also be used in corporate environments to authenticate the identities of employees who request access to privileged company data. With the use of multi-factor authentication technologies like smartcards and biometrics, PKI can be used to offer another layer of identity security.  In fact, the US Department of Defense recognized an 80% reduction in unauthorized access to their systems once they fully implemented PKI-based access controls for their networks through the requirement for the use of the Common Access Card (CAC) smartcard in the place of passwords.

 

For border security, chips using PKI can also be leveraged to easily confirm the identities of travelers without sacrificing accuracy or negatively impacting the processing time for evaluation of the travel document. e-Passports add another layer of security to traditional non‑electronic passports by embedding an electronic chip in the passport. Performing an electronic evaluation of the e-passport chip data provides the highest level of assurance that the document is authentic, and is the only assurance that the biometrics on the chip are bound to the traveler.

 

Acuant’s recent acquisition of the Ozone e-Authentication product suite from identity solutions provider Mount Airey Group, further enhances its traditional physical security feature assessment capabilities and provides a comprehensive e-authentication solution for border control and other environments depending upon e-document validity. Acuant’s solution features certificate chain validation for e-passports, and implements country-specific policy controls.

 

In addition to support for e-passport issuance and border control processes, Ozone also supports PKI enablement across the enterprise.  With Ozone, application owners can enable their applications with PKI, without having to understand the complexities of PKI technology. Owners can manage application-specific authorizations without the need for modifications to the application software. Ozone also supports implementations across federal agencies to improve federated security leveraging existing Homeland Security President Directive #12 infrastructures.

 

Acuant’s Ozone Suite offers seamless PKI integration with smartcards, single sign-on schemes, and biometric authentication processes. The line of identity solutions supports enterprise-scale identity and access management (IDAM) solutions including e-Passport authentication, ICAO Public Key Directory (PKD) support, and eID document validation capabilities, as well as atomic authorization capabilities.  Consistent with Acuant’s flexible deployment strategy, the solution set supports traditional on-premise implementations, as well as supports cloud and mobility solutions.

Using PKI, Chip technology is a secure and efficient way to provide added security to your transaction.

Digital Identity Authentication Provides Additional Security as Breaches Intensify

As large-scale data breaches continue to compromise personal information like login credentials and Social Security Numbers, companies have realized that they need to evolve their security methods over time in order to maintain consumer trust. In the past, many companies have solely relied on knowledge-based factors like birth dates and addresses to verify the identity of their customers.

The data breach at the IRS in 2015 proved that the answers to knowledge-based authentication questions can be deciphered by hackers. In addition, the recent massive data breach at a top consumer credit reporting agency showed consumers that their identities are at risk, and can be at risk for the rest of their lives. As a consequence, companies in various industries are steadily moving from physical to digital authentication.

Digital authentication through biometrics is gaining traction because it is harder for hackers to duplicate biometric features. Biometric authentication, such as our Acuant FRM, uses liveness detection to prevent criminals from using static images to break into devices. Facial recognition technology provides consumers with a more robust layer of security by making it more difficult for hackers to work around.

The convenience of facial recognition makes the technology appealing to consumers who frequently forget passwords or don’t want to carry around digital tokens. Facial recognition allows consumers to unlock their devices without memorizing long strings of characters. For forgetful consumers, the method of resetting a password is also a security risk. Organizations use secondary security questions like “What is your mother’s maiden name?” help consumers easily reset their passwords, but hackers can uncover the answers to these questions through social engineering and spear phishing.

Apple’s adoption of facial recognition technology reinforces our belief that consumers are looking for more secure ways to verify their identities and safeguard their devices. The new iPhone X allows consumers to use facial recognition to unlock their smartphones and verify their transactions on Apple Pay. Although a few Android devices also allow consumers to use facial recognition to unlock their devices, Apple’s adoption of facial recognition technology in the iPhone X demonstrates a significant step in the consumer adoption and acceptance of this novel technology.

In addition to biometrics, at Acuant we provide layers of authentication to enable trusted transactions that allow businesses to know who they are dealing with in a frictionless and customer friendly manner. It’s as simple as verifying that an ID is not fake, then verifying that the ID matches a real live person, all in one easy process that take less than 10 seconds and can be done from any location (via mobile devices or on-premise scanners).

As the industry pushes forward with the convergence of physical and digital IDs, Acuant continues to evolve our product line to stay at the forefront of these changes as evidenced by our latest acquisition of Ozone® PKI Authentication Solutions.

 

Contact us today to learn more about a solution for your business.

Facial Recognition Technology Helps Retailers Comply with FDA Regulations

Last year, the FDA impacted a $3.7 billion industry by ruling that vape pens and e-cigarettes won’t be available for sale to anyone under the age of 18 because they fall under the category of tobacco products. According to a survey conducted by the Center for Disease Control (CDC), one in four teenagers use vaping products like e-cigarettes and vape pipes. The CDC’s survey found that 24% of high schoolers have used alternative tobacco products like vape pens, e-cigars, and e-hookah.

Vape shops and other retailers across the country have spent the past year figuring out how to verify the ages of customers who want to buy e-cigarettes and other related products, whether it’s online or in-person. Every retailer of the covered products must “verify by means of photographic identification containing the bearer’s date of birth that no person purchasing the product is younger than 18 years of age” and must do so for any customer under the age of 27. While verification is needed, retailers need to address how they collect PII scanned from customer driver’s licenses and identification and mind state regulations such as New Jersey’s.

On Premise Verification

Acuant allows for quick authentication of IDs by scanning an ID with any mobile device or desktop scanner to verify that it is valid. This allows untrained personnel to detect sophisticated fake IDs and avoid hefty fines. Results are given in seconds to avoid long customer transactions.

Remote Verification

Online retailers are a popular point of purchase for many e-cigarette users. Similar requirements apply to online sales of traditional tobacco products and alcoholic beverages. Acuant allows retailers who sell vaping products to capitalize on the e-commerce trend and move their businesses online through its Facial Recognition and Match (FRM) technology. Acuant FRMTM enables online retailers in the alcohol and vaping industry to comply with new FDA regulations, which require retailers to validate that customers are over the age of 18.

For customers, Acuant FRM is as easy as taking a selfie, which is then compared to extracted biometric data contained in a government issued ID, such as a driver’s license. Facial recognition technology matches the face biometrics of the selfie to the face image on the ID to authenticate that they match. In addition, Acuant FRM provides liveness detection to prevent criminals from using static images. This one-time verification during account set up ensures that not only does the face match, but that there is also a live person in front of the camera.

Failure to verify customer ages can lead to sizable fines and other enforcement actions. For retailers in regulated environments and shipping companies, this means they need a fraud-proof way to check that the identity document being presented is valid and matches the individual currently making a purchase and that do not store PII. Acuant provides multiple customer friendly options.

 

 

LEARN MORE ABOUT AGE AND ID VERIFICATION SOLUTIONS

What We Learned at SDW 2017

SDW 2017, a conference for professionals involved in secure ID credentials and government-identity solutions, was last week in London and brought together top minds in the Identity Proofing Industry who all agreed that a trusted identity is the cornerstone of a trusted transaction. Key issues covered included identity fraud, document design, travel documents, smart borders, eID, the growing role biometrics, digital and mobile ID, smart citizens and the future of identity innovations, including the importance of machine learning.

OUR TOP TAKE-AWAYS:

Fraud Isn’t Going Away

The value of an identity isn’t decreasing; fraud will continue to become more sophisticated as security technology also improves. Physical credentials such as passports will soon have more design elements and production complexity to make forgeries more difficult to produce. However, making documents more difficult to forge also has the consequence of forgeries being harder to detect. In addition to upgrading the physical credential, other technologies to verify the identity, such as biometrics, will become increasingly important.

 

More Countries will use Biometrics at Borders

Many countries have been experimenting with biometrics for border control, and the use of finger print or facial recognition will continue to expand. The TSA is now rolling out a pilot program for finger print scanning for PreCheck customers. Dulles and Atlanta airports have also been experimenting with facial recognition technology with the aim to have secure and frictionless experiences for those exiting the country. Expect to see more roll-out of biometric technology the next time you travel outside the country.

 

Machines and Humans will Coexist

As both ID documents and forgeries become more sophisticated, it is necessary to augment the abilities of an experienced border guard with the computing power of machine learning. Automation is a key to frictionless document authentication and verification, but the need for humans and machines to work side-by-side to catch forgeries is key – there are elements that computers can be taught to spot in an instant, while there are knowledge and experienced-based situations that humans can better address. To learn more about the benefits of machine learning for ID Proofing, read the whitepaper: Beyond Machine Learning.

 

Experts are still Figuring out the Standard for Trust

A recurring theme of the conference was the importance of trust being the cornerstone of identity, and a trusted identity being the cornerstone of a trusted transaction. The idea of sharing trusted identities for travel, government and other purposes across common use cases was discussed from a variety of perspectives. Some technologies being discussed in this space include Blockchain, which was also a big topic that was covered in a previous blog about the K(NO)W Conference.

 

2017 is looking to be a crucial year for businesses to secure their ID-based transactions. The first step is to find a trusted and experienced ID Proofing Solutions Provider. Acuant emphasizes global experience across multiple industries, with ID verification, authentication, and biometric capabilities. Talk to an ID specialist in your industry today and learn how to protect your customers.

 

Tech Solutions to Address the Alarming Rise of Healthcare Fraud

The FBI estimated costs associated with U.S. healthcare fraud was at $80 billion in 2013. A 2016 healthcare fraud sweep by the FBI involved $900 million in false billing and more than 301 individuals, including 61 medical professionals and 28 doctors. There a number of surprising and frightening ways that people internally and externally can game the system and that can lead to dire outcomes, including the lethal mistreatment of patients that are not properly identified and the ruin of personal finances.

“About 20 percent of victims have told us that they got the wrong diagnosis or treatment, or that their care was delayed because there was confusion about what was true in their records due to the identity theft,” says Ann Patterson, a senior vice president of the Medical Identity Fraud Alliance (MIFA), a group of several dozen healthcare organizations and businesses working to reduce the crime and its negative effects.

The good news is that there are solutions that are easy and effective to implement that will protect both healthcare institutions and patients safeguard. While adoption of new technology in healthcare is painfully slow, especially when it comes to operational efficiency, it is time that practices take notice of how simple and cost-friendly can make a big impact on operations. Case in point, the recent WannaCry Ransomware attack did not intentionally target hospitals but still caused a lot of damage to the NHS.

Common Fraud Schemes

There are several scenarios that are typical for fraud schemes. Below is a list of ways that people are gaming the system:

Rolling Lab Schemes. This healthcare fraud is the result of unnecessary tests that are charged to insurance companies. Insured individuals often get caught off guard because these tests are administered in friendly or familiar areas, such as retirement homes and local gyms.

Medicare/Medicaid Insurance Fraud. Medical service providers that sign off on unnecessary equipment or services (i.e. unnecessary testing) are often involved in this healthcare fraud scheme. They often work with equipment manufacturers who get access to seniors’ and other insured patients’ Medicare or Medicaid ID numbers.

Services Not Rendered. This type of fraud occurs when medical service providers or customers submit false or altered bills to the insurance companies for services that never happened.

Medical Equipment Fraud. In this scheme, insurers are charged for unnecessary medical equipment or undelivered medical equipment. These fraud cases often begin as a deceptive pitch or are presented to insured individuals as “free.”

Medical Identity Theft. This healthcare fraud involves perpetrators who retrieve insured individuals’ insurance identification and other information. They get this data several ways, including via collection of patient information during free screening at health fairs, recruiting corrupt medical staff with access to insured patients’ information, and buying patient information.

Prevention Methods

Prevent insurance fraud by safeguarding your patients’ benefit information and insurance cards, and your provider ID. You can also use a few quick and easy tech solutions to prevent gaming of the system:

Biometric Security Measures. This method includes implementing a biometric verification point, such as facial recognition, and strengthens the identification process. It can be used to match a person to their ID on file, or to confirm a real person that matches the ID on file is trying access information. Biometric Security is especially user-friendly for telehealth and mobile health apps by reducing the need to manually enter ID information or answer time-consuming, knowledge based questions that any fraudster might know, guess or hack.

ID Verification by ID Scanning. Presenting a valid ID is still a valuable way to prevent fraud. However, checking this manually at the front desk can be time consuming and error prone. Scanning an ID that can be authenticated as valid is quick and easy. Another benefit to scanning is accurate and clean data to populate into your data systems, such as EMR and HER, within seconds. This prevents records with wrong patient data and saves time at patient check-in. It also gives you the ability to verify patients’ identities every time the valid ID is presented.

Protect your Information. Patients must be more careful and pay attention to when and where they share their identity and healthcare insurance information. Anyone with access could be a gateway for fraud. And hackers are very wise about finding information via avenues such as social media to supplement the information they have, like a social security number. Cobbling together a patient profile allows them to present an identity that institutions will accept today.

Final Thoughts

Avoiding healthcare fraud may seem daunting, but it is simpler than you think and solutions exist today that can dramatically reduce the impact. Creating more user-friendly, frictionless ways to verify the identity of patients at every access point will go a long way to protect both healthcare institutions and patients from fraud. Set yourself up with tools that fit your needs, or consult a team of experts on biometric and ID verification security services for an effective and secure way to mitigate healthcare fraud.

 

Read about Carbon Health

What We Learned at the K(NO)W Identity Conference: Part Two

B&B: Biometrics & Blockchain

We are back with more from the K(NO)W Conference and focusing on solutions that create trusted transactions. Digital identity is relatively new. Physical identity has been around for millions of years. We are really just starting to figure out how to build digital trust and what that means for different industries. There were certainly a fair share of buzzwords and solutions spoken of, but the B’s were front and center with Biometrics and Blockchain in the top slots (honorable mention to the Internet of Things).

 

Biometrics

Maxine Most, founding Principal of Acuity Market Intelligence, the definitive authority on global biometrics market development, stated that customer friction has resulted in 13 times more lost revenue than fraud. We are in a time when we can increase security and decrease friction, which should be the goal for every transaction.  Biometrics allows companies to solve both friction and fraud. Born out of tech and the coolness factor, biometrics has cooled over time into a solution-oriented approach, especially in government. For a long time biometrics was about surveillance. Biometrics today is more about security, and the evolution of mobile devices has played a key role.

The stats cited by Maxine on the number of mobile devices that enable biometrics and the number of transactions that will be on occurring on them in 2020 is staggering- truly game changing. The global smartphone install base is set to grow 50 percent in the next four years to 6 billion devices totaling $355 billion in revenues. We were asked to think about all of the ways we use our mobile devices today and how dramatically that has changed over the past few years. Think of how often you make a phone call vs. the many routine uses that are now second nature. A lot of these uses likely include biometric authentication such as a fingerprint. Touch ID was a tipping point for the industry.

Biometric authentication is very passive compared to other authentication options. There is no fumbling around to find and capture a credential, no remembering crazy passwords or answers to annoying questions. If companies make it hard for people to do the things they want to do- they won’t do it. With biometrics, you must also consider giving consumers a choice otherwise it can seem creepy. For example, today at airports in Canada, travelers can opt for a retina scan to expedite the security process, rather than going thru the slow line. If it was mandatory, it would likely feel like a violation rather than a benefit. Having options at the device level where consumers control the choice also makes biometrics more adoptable and less creepy.

While there is a much broader acceptance of biometrics today, there is still a false perception that when you authenticate yourself one time you are protected throughout the transaction and future transactions with that entity. This is not the case; real threats go beyond just the login or one-time action. Verification must be continuous to truly safeguard those involved in the transaction.  For example, patients in hospitals, customers banking and even sharing economy apps- verification for use cases here should not be considered a one-time thing. The idea of the fabric of an identity of authentication was conveyed. If the same person is not repeatedly represented in an authentication process, the whole thing is destroyed. It was stated that the only way we can do this repeatedly, consistently and unquestionably is with biometrics- as opposed to something you know which is not sufficient anymore (passwords, KBA’s, etc.). This is the opinion of some.

But we know there is no such thing as a perfect solution. Companies must consider what fraudsters are doing today and innovate as they authenticate. One issue is liveness detection for images. Stealing images and passing them off for facial recognition will work if there is not a liveness detection test in the solution. To further layer on top of innate biometrics that could be stolen, the case was made for behavioral biometrics to protect users and data when it comes to mobile device spoofing, being tricked into downloading malware on your device and simply having your device stolen. Behavioral biometrics measure and track uniquely identifying patterns in human activities and range from tracking keystrokes and navigation, to location and device login frequency. This offers another way for consumers to be protected by being passive.

 

Blockchain

The other B word that was highly mentioned in addressing the question of establishing a trusted digital identity was blockchain. Maybe you know blockchain and are a big fan, maybe you thought it was thing of the past. Let’s start with the definition according to wiki: blockchain is a digital ledger in which transactions made in bitcoin or another cryptocurrency are recorded chronologically and publicly. The first blockchain was then conceptualized by Satoshi Nakamoto in 2008 and implemented the following year as a core component of the digital currency bitcoin, where it serves as the public ledger for all transactions. The bitcoin design has been the inspiration for other applications.

Essentially blockchain keeps a record of transactions that cannot be manipulated and establishes decentralized and distributed trust. Blockchain was spoken of as more of a movement than a technology. This is largely due to the fact that, as speaker David Birch of Consult Hyperion put it, we have gone from not being able to tell if you are a dog on the internet to not being able to tell if you are a fridge pretending to be a dog. Maybe a tad dramatic, but maybe also too true – hello, catfishing.

Fraud has dramatically increased in recent years, and it is his belief is that it’s going to get worse because of the movement to make everything frictionless in payments and financial transactions. He stated that this is a hacker’s paradise- to make everything easy. One example is the fact that we still use SMS messages for security even though we know this is not secure. And thanks to the internet of things, we live in a world where we have kettles that are connected to Wi-Fi so that we can remotely operate them, where we have Bluetooth socks and Fitbits for dogs (unclear why but they are both allegedly amazing and in high demand). The dark side of this to consider is that all of this connectivity leaves us vulnerable and more open to attacks. But, as David says…there’s blockchain. Bitcoin is a remarkable cryptographic achievement and the ability to create something not duplicable in the digital world has enormous value. TBD on the future of blockchain but it says something that almost every major financial institution in the world is doing blockchain research at the moment and 15% of banks are expected to be using blockchain in 2017.

 

Conclusion: Problems Aren’t Changing, They Just Look Different

When it comes to tech solutions for authentication, in a lot of ways we are still at step one. If institutions want to scale, it has to be easy – take the human out of the equation whenever possible, but we are not there yet. There is still too much room for human error and institutions and providers are figuring out how to adapt solutions for different environments.

In a room of hundreds of identity professionals, less than 10% confirmed using a crypto key to protect their personal email when we know we are at risk. Consumers will always choose the path of least resistance. Users have to clearly see the value. There are no silver bullets or absolutes. Institutions must consider the use case and the best solution, identifying a point where the authentication meets the level of trust required and addresses the level of risk associated.

 

Learn more about Acuant's special offer for K(NO)W