ID Theft Checkup: 4 Ways Medical Organizations Can Better Protect Patient Data

2019 was the worst year in history for healthcare data breaches. Almost 32 million patient records were breached during the first half of 2019 – more than double the number of records breached over the entire 2018 calendar year, according to the Protenus Breach Barometer. Many high-profile organizations such as American Medical Collection Agency fell victim to nefarious attacks.

Criminals are getting through cracks in organizations’ cyber defenses to steal patient data and profit from vulnerable health systems. Why? According to a study published in Annals of Internal Medicine, over 70 percent of hospital medical record breaches compromise sensitive patient information such credit card numbers, social security numbers and birth dates.

This increases the risk of identity theft, as hackers are purportedly willing to pay ten times more for medical information than a credit card number on the black market. Hackers use medical records to solve security questions that are otherwise difficult to answer, gain access to insurance benefits, or even illegally receive prescription drugs.

Healthcare organizations must take preventative steps to better protect patient data and avoid becoming the next front-page headline (and receive a costly HIPAA violation fine!).

Adopt Identity Safeguards

Healthcare providers should take a page from the Know Your Customer (KYC) regulations adopted by the financial services industry. This practice verifies that the customer is who he or she claims to be, confirms that they’re not on any prohibited watch lists, and assesses their general risk factors.

This practice affords medical offices, clinics, hospitals and pharmacies with the ability to approve or deny customer onboarding and online transactions. Once the account is approved, the organization can use identity verification technology to simply compare a current photo against the one captured during onboarding to authenticate the patient.

Protect Access to Medical Records

To avoid HIPAA violations, it is important for the organization to ensure it’s giving the right patient access to their own data. According to HIPAA Journal’s November 2019 Healthcare Data Breach Report, there were three financial penalties imposed on HIPAA-covered entities totaling nearly 7 million dollars to resolve HIPAA violations.

Secure log-in monitoring and device intelligence can help confirm that the person trying to log in is who they say they are.

Educate Staff on Security Threats and Warning Signs

Many breaches are not malicious – they can be filed under “human error.” A current and comprehensive employee training program can better prepare healthcare providers against continually evolving cybersecurity threats. This is especially true for employees within smaller organizations, where there are fewer resources and IT staff is often tasked with managing multiple roles.

Workforce training and management is a requirement for all covered entities under the HIPAA Security Rule. A covered entity must train all workforce members regarding its security policies and procedures and must have and apply appropriate sanctions against workforce members who violate its policies and procedures.

Automate Patient Portal Enrollment

Customer onboarding is a tedious process. The manual input of forms can result in incorrect personally identifiable information (PII) being entered into patient records. Using an automated enrollment process can eliminate the hassle of long, complicated set-ups and reduce errors at the same time.

Acuant MedicScan® provides automated data and image intake of IDs and medical insurance cards. IDs and insurance cards are scanned to directly auto-populate patient PMS/EMR/EHR application in seconds.  Acuant AssureID® provides instant and seamless identity verification to know who your patient is and if they are who they say they are- all in the same step as Acuant MedicScan. Products can be layered or engaged alone.

Acuant works with healthcare providers to prevent medical identity fraud and improve the customer onboarding process. For more information, please visit our solution page or schedule a demo.

Acuant Predictions: All Eyes on Identity in 2020

As we look to 2020, we will see the protection of consumer data become a legitimate business, with the power finally in the hands of consumers evaluating what businesses they trust. Facial recognition authentication will go mainstream as businesses evaluate the best way to ensure each customer’s digital identity matches their real identity. And investments in emerging technology (like blockchain/cryptography) will finally pay off as technologists continue to displace the outdated password with more effective methods of verifying user identity.

A look at what to expect in the coming year:

The protection of consumer data becomes a legitimate business: In 2019 consumers loudly voiced their concerns over companies’ repeated data breaches and the repeated mishandling of their personal data and we saw more legislation than being enacted (GDPR, CCPA, PSD2). Next year there will be serious consequences for organizations that do not secure customer, employee or partner data. Consumers will continue to demand power over their PII and will fight for the right to control and share their information, how and where they chose to. The ‘billionaire boys club’ will continue to bring this reality to light. But who will ‘win?’ The company that figures out how to protect sovereign identity.

The rise of synthetic ID fraud pushes increased adoption of biometrics and identity corroboration/orchestration hubs: Reports of synthetic identity fraud, one of the most challenging fraud types to spot, will continue to grow. Companies – especially those in financial services – will increasingly seek robust biometric screening that cannot be easily fooled by deep fakes and image spoofing. Beyond financial services, biometrics will continue to be adopted across many industries for identity verification. Retailers will turn to biometrics for payments/self-checkout as we’ve seen with Amazon Go or Pay with a Smile, which launched in China last year. Companies – especially those in financial services – will increasingly employ identity corroboration/orchestration hubs to thwart this.

Cryptography will rapidly replace the password: The swift rise and fall of blockchain has some technologists doubting its adoption and importance in 2020 and beyond. But blockchain has brought forth the use of cryptography. This technology will be used to replace the username/password as a method of user verification. Instead, passwords, PINs, SMS codes, and other authentication technologies are replaced with public-key cryptography. Biometric authentication will become the new norm in this brave, new “passwordless world.”

Not sure how to approach digital identity in the coming year? Acuant takes a customer centric approach to identity verification. We empower trusted transactions between businesses and their customers, allowing businesses to address their appropriate level of risk and permitting consumers to remain in control of their personal information. Want more information? Let’s talk!

AI + Digital Identity: Why You Still Need Humans

Today’s data driven world has ushered in an era of constant tracking, monitoring, listening and learning. Customers expect businesses to automate their processes for efficient and positive experiences. Products are created to be tailored to individual’s needs and interests. In response, companies are leveraging data – and Artificial Intelligence (AI) capabilities in particular – to improve customer experiences and make processes more efficient.

AI has quickly transformed every major industry, bringing automation and speed to tasks that normally require human intelligence. A quick scan of headlines shows its reach – from solving a Rubik’s Cube in 1.2 seconds, to advancements that could control a smartphone or computer with just your thoughts.

The Rise of AI in Identity Verification

With identity theft on the rise, businesses are fighting to prevent and deter online frauds and scams. Machine learning and AI are ushering in a new era where identity authentication delivers a smooth experience that doesn’t require users to trade convenience for security. These technologies are increasingly being leveraged for online identity verification to protect consumers and businesses against fraud and account takeover.

AI creates a more efficient and accurate process than relying on a human to examine and verify an ID.  Computer software that is constantly learning and correcting itself can process millions of transactions at a rate unachievable by human experts.

Human Assisted AI: Don’t Extract the Experts

However, IDs are physical documents that endure wear and tear, and may feature manufacturing discrepancies. There are many factors that, if left unobserved, could result in even the strongest algorithms being tested and a genuine ID being flagged as fraudulent. For example, the quality of the camera might not provide high resolution results. Or the image on the ID may be too worn to pass automated inspection. Maybe the lighting is too dim/has shadows, or the image is too blurry and therefore the image cannot be properly identified.

The benefits of AI are best realized alongside a trained professional who can step in if the software rejects a legitimate ID,  apply their expert eye, determine what error occurred and teach the computer how to spot the issue in the future. This allows the learning model to improve through constant input and refinement of data with the oversight of a trusted identity expert.

Acuant has amassed the world’s largest document library of government issued identity documents from over 190 countries. The company combines its deep industry knowledge of country specific ID characteristics and the application of AI to scale and expedite the verification process. This has created the most comprehensive Identity Platform available.

Companies with high risk can rest assured with the Acuant Review which provides human expert manual inspection of identity documents in minutes. Forensic experts manually review and determine document authenticity in real time to ensure the legitimacy of documents flagged by Acuant AssureID suspicious (with the option to review any document or result a company wishes). This marriage of AI and human assisted machine learning results in passing more good IDs/customers (while catching sophisticated fakes) and providing a seamless, low friction customer experience.

 

To learn more about Acuant’s identity solutions, schedule a demo now:


A Worldwide Approach to Global IDs: Why Setting the Standard is No Easy Feat

Organizations and government entities are struggling on a global scale to determine the best methods for approaching identity management. The conversation around national digital IDs is not new. Governments around the world have expressed both interest and concern, in roughly equal amounts, about adopting these in their countries. However, some citizens of more developed countries such as Australia, Canada, New Zealand, the UK and the US are opposed to the idea of biometric based national ID schemes, mainly on the grounds of privacy.

Setting standards for the global ID verification process is no small task. Beyond the obvious – the need to standardize all identity cards or processes – there is the differences in comfort from country to country with technology advancements like biometrics and other measures.

The UK government introduced the GOV.UK Verify scheme in 2016 as a way for people to prove their identity for online government services, targeting 25 million users by 2020. As at March 2019, it has acquired 3.6 million users. Oliver Dowden MP, the Minister for Implementation, recently announced the creation of a new Digital Identity Unit, which is a collaboration between DCMS and Cabinet Office to ensure the adoption of interoperable standards. The government is also engaging the private sector to establish a commercial framework for businesses to provide digital identity for use with public services. The government hopes to bring this capability online by April 2020.

Singapore has already created a digital ID program with the SingPass Mobile app taking effect in the middle of last year. Malaysia and the Philippines have expressed interest in developing such a program

Africa is taking a less standardized approach to digital identity; each individual county within Africa has rolled out its own approach. For example, Nigeria is moving towards a single, centralized National Citizens Database bringing together various databases for SIM card registrations and driving licenses to be managed by the National Identity Management Commission which issues the National Identity Numbers. And last month (May 2019), Tanzania kicked off biometric verification of mobile telephone numbers. The ID card issued by the country’s National Identification Authority (NIDA) will be the sole document required for the process. Mobile phone subscribers are expected to use the same NIDA offices that capture biometrics for issuing ID cards to verify their fingerprints to register their SIMs.

One of the key issues that Africa is facing in general is a lack of identity management systems or governments not having the ability to identify citizens as there is a large number of the population that is unregistered, or they don’t necessarily have means of biometric verification to prove their identity.

The other issue identified is identity on mobile, because traditionally we have had physical identity documents like passports and ID cards, but the increasing trend is identity moving to mobile phones as there is a very high uptake of mobile usage across the continent, so there is a need to bring the identities of people on mobile phones and make it easier for people to access to government services, as well as authentication remotely.

The U.S. is enacting data privacy laws on a state-level, but lawmakers in the House and Senate are calling for bills aimed at strengthening individuals’ ability to control their data collected by the biggest technology companies, including Alphabet Inc.’s Google, Facebook Inc. and Apple Inc. The California data privacy law, set to take effect in January 2020, is viewed by most as the strictest consumer privacy legislation in the United States. Similar to Europe’s General Data Protection Regulation, which took effect last year, the California measure also includes more provisions allowing consumers to opt out of data sharing as opposed to forcing them to opt in before continuing to use online sites.

Looking Ahead – Why Trust is the Key to ID Verification

The convenience of being able to quickly and easily verify one’s identity comes with the loss of control over where that data is being stored and how it is shared. At Acuant we believe in creating solutions that put the power back into consumers’ hands. Companies are now recognizing that identity data collection and verification is an organization’s biggest vulnerability- and the protection of identity data is paramount. Acuant helps organizations build trust via an identity platform that allows businesses to address security/privacy concerns, regulations and their appropriate level of risk – while at the same time being customer centric.

Learn more about our Next Gen Identity Platform here:

New call-to-action

Global Challenges with Establishing Identity in Today’s Digital Economy: A Look from a Solutions Provider POV

Acuant CEO Yossi Zekri recently spoke at London’s premiere Identity Week Show. Here is a bit of what Yossi had to say from Acuant’s point of view on the global challenges in establishing identity today.

We are all aware that establishing identities today is not foolproof. There is no perfect solution to protect customers and institutions from sophisticated fraudsters, hackers and data breaches. But as identity is increasingly digital and becoming a currency for consumers — the need to defend digital identity against bad actors is imperative.

Establishing a trusted Identity Anchor is the base for the Digital Identity of the future — and this is at the heart of what Acuant does.

Global Factors

Acuant sees millions of global ID transactions — heavily concentrated in North America, but capturing transactions from virtually every country every month. We see mobile use is increasing across the globe, which has its own set of challenges.

With more than 196 countries, there are thousands of identity document templates and types globally, each with unique identifiers/characteristics and security elements. This presents challenges such as:

  • Data Sets – The need for good (and a lot of) data and quality documents to establish a global document library. Systems must utilize human factors as well as machine learning to have continuous updates to libraries or databases.
  • Design – ID card issuers do not always design with authentication in mind so there are different security features which can present challenges and most have nonwhite light features making them poor or irrelevant for mobile authentication.
  • Language & Culture – There are cultural differences in language/spelling that add complexities. For example, Mohammad is written 50+ different ways, depending on the country, and Asian names often end up truncated due to the limited character space on forms.

In addition, ordering schemes differ among countries and security features on each ID are different with some being easier to forge than others and frequent changes to track. This is a constant battle with incremental fraud capabilities and the methods providers and institutions use to verify IDs are changing.

Device & Method Challenges

It is imperative today for businesses to provide an omnichannel verification solution that includes mobile. The rise in mobile adoption evidenced in Forrester’s Mobile Mind Shift Index identifies an evolving preference for mobile use.

Much of this can be attributed to millennials (currently ages 18-34), the generation most likely to own a smartphone (97% market penetration) which they check more than 150 times per day. A paper document is no longer the only method of ID verification to consider. Some reports show millennials are deciding who to do business with based on their mobile capabilities.

But verifying IDs via mobile creates additional challenges:

  • Solutions must be in real time (seconds)
  • ID holder’s appearance may have changed since ID photo was taken
  • Fraudsters are increasingly sophisticated
  • Camera quality affects the image and image quality is key!
  • Harder to run forensic tests

Solution providers need a strong Algorithm + Big Data Set + Human Oversight = for the Best Results.

Establishing Genuine Presence

Today, solutions must be able to address increasingly sophisticated fraud and presentation attacks while balancing the user experience. Businesses and organizations must match the level of risk to the use case: how much friction they add will/should depend on the level of assurance required and risk involved.

Factors to consider include:

  • Time – consumers will not stand for a lengthy or invasive process
  • Accuracy – how can this process yield accurate/ best results
  • New verification methods to support mobile/digital identity
  • Using a hardware secure element (SE)/chip authentication to securely store a mobile ID credential on a smartphone

Linking an ID to a person requires multi-factor authentication. First, you must establish there is a valid ID to establish a trust anchor. You must have a clear image that can be captured via any device and have robust authentication tests (strong forensics). Second, you must verify the person is who they claim to be which can be accomplished with biometric tests such as robust facial match and liveness tests. ID photos must be matched to be a real time selfie for a score or decision. Challenges here include presentation attacks, image and device spoofing, deep fakes and video replay.

Once you link the ID to the person, additional security features can be layered on:

  • Start building an Identity Score for easy & ongoing verification
  • Watchlist & database crosschecks: OFAC, INTERPOL, AML etc.
  • NIST certified algorithm – ICAO Standards for govt use cases such as border control

 

Software solutions that use AI & Machine Learning in tandem with human researchers are the best method to detect fraud. Automation cuts down processing time and eliminates mistakes. You must start with an automated solution that uses a strong algorithm, have a big enough data set, then add human oversight (mostly to compensate for image quality and variation) to get the best results and pass more good customers.

While there are no global standards today in identity verification, there are solutions that offer a  level of certainty for every level of risk. It is up to institutions to decide the amount of security they are providing, and up to consumers to decide how much friction they are willing to bear. The burden of proving digital identity is one both must ultimately face.

 

 

Beyond Machine Learning

Millennials & Mobile Health: How Providers Can Maximize Convenience & Minimize Fraud

As the largest generation in the U.S., wielding growing purchasing power, Millennials have driven change in all industries – from retail to automotive, banking to healthcare, examples of disruption abound. Their preferences are backed by powerful dollars and any company foolish enough to ignore that fact will be faced with irrelevance in short order. It may be hard to imagine that such a highly regulated and decidedly personal industry as healthcare would be able to evolve to address the unique demands of the Millennial generation. But we are seeing the evolution in myriad ways.

Millennials are used to speed and convenience – even when it comes to healthcare. They inhabit a workforce that embraces freelance work as well as telecommuting, which often means little to no downtime. As such, time is valuable and healthcare, and other routine “adulting,” must be quick and efficient. Millennials don’t accept long wait times, manual processes and slow turnaround.

Due to the great value they place on convenience, Millennials demonstrate a strong preference for “fast health” option, eschewing primary care physicians as a first line of inquiry. A PNC Healthcare study found that they are twice as likely as Baby Boomers to prefer retail clinics and acute care facilities for speed and efficient healthcare delivery. This generation’s penchant for faster and more convenient options was likely a key driver for the recent launch of CVS HealthHUBs, an extension of its MinuteClinics.

Often called Digital Natives, Millennials are keen to use technology to manage their lives. Growing up with smartphones, they are not only comfortable with digital technology but expect it at every turn. As such, they are becoming increasingly comfortable with using mobile devices for more sensitive transactions such as banking and healthcare.

There are now well over 300,000 health apps available on the top app stores worldwide, nearly double the number of apps available in 2015 – and more apps are being added each day.

From wearable sensors to mobile health apps, Millennials often look to technology to create efficiencies in their lives. Beyond mobile apps, they are demanding solutions such as online health portals, online appointment scheduling, electronic medical record access and more. Hospitals and physicians are evolving to meet these needs to provide better service to their patients.

As more Millennials become parents, they are using health facilities more frequently as well. Dayton Children’s Hospital in Ohio built a new wing with features to specifically address the technology needs of Millennial parents. From simple things like having electronic chargers available and providing a robust wireless network, to more critical services like electronic signage that lists patient precautions and connecting medical devices, such as vital sign monitors, directly into the EMR, hospital executives focused on how technology would attract and build confidence with Millennials.

While providing improved patient experiences is often the goal for implementing technology solutions, it is important to understand that patient medical data is the most valuable asset on the dark web. The dark web is a massive marketplace for stolen data and personal information that often is a result of a data breach, and notably, the healthcare industry accounts for up to a third of all data breaches.

Why do fraudsters want medical data?  It contains a trove of personally identifiable information (PII) that can be used for identity theft or to access medical care in the victim’s name. This information is hard to change and unlike a credit card breach, individuals have few options and little recourse when protected health information (PHI) is leaked.

Experian, an Acuant partner, found that a social security number will fetch about $1 and credit card information will garner from $5-110. Yet data-rich medical records – ideal for identity theft purposes – can rake in up to $1,000. Victims often spend more than 200 hours and an average of $13,500 to remediate the damage of medical ID theft.

Since avoiding technology and ignoring the demands of Millennials isn’t an option for organizations that plan to stay in business into the next decade, healthcare providers must find ways to balance convenience and fraud prevention. Here are a few ways to offer an improved patient experience, while protecting the organization from fraud.

Automated Intake Processes

It is possible to streamline and improve the patient experience by using mobile devices to enable credentialing, automate intake processes and power self-check in. Patients don’t want to be bogged down with administrative processes. By accelerating the registration process, the patient wait times are minimized. Something that Millennials will expect when visiting any healthcare provider.

As healthcare providers embrace mobile technology, front line staff can capture critical health data from insurance cards and patient IDs using a mobile device. Patient data can then be auto-populated into an application or EMR, reducing the chance of errors. This is especially true for credentialing, which should no longer rely on outdated, time-consuming, paper-based approaches that are definitely error prone. This is particularly helpful for reducing insurance claim rejections, which are often the result of incorrect or missing information. With an automated process, collected data is more complete and accurate, resulting in increased efficiency and accuracy while leading to faster claim processing and reduced rejections.

Instant Multi-Factor Smartphone-Enabled Identity Verification

Another benefit of using technology to automate processes is the ability to reduce fraud. It is easier to spot medical fraud using technology as compared to paper-based processes. Medical insurance fraud is a growing issue due to the high rate of identity theft. Mobile phones can scan and instantly authenticate IDs to create a trust anchor. From there, you can layer on facial recognition technology to verify a patient matches their ID by presenting with a simple selfie, all in seconds and in the same workflow. It is an easy way and powerful way to combat fraud.

Facial Recognition Over Passwords

Biometric technology can also be used when patients want access to medical test results, to book an appointment, or to pay a bill. Instead of passwords that are often re-used and possibly compromised, patients can use facial recognition technology to verify their identity and access sensitive health information or login to patient portals.

In a world where Millennials can – and do! – look up physician and hospital ratings online, patient satisfaction is a big deal. By embracing technology and putting more power (literally) in the hands of patients, healthcare staff can focus their attention creating positive experiences around patient care while benefiting from improving overall risk exposure. The result will be significant increases in patient satisfaction, reduced fraud, better data security, more efficient and effective patient visits and improved staff productivity.

 

Learn more about Acuant MedicScan

Federation and Other Trust Models for Cross Vertical Digital Identity Acceptance

Over the past year, digital identity solutions have both matured and newly emerged. Several of the Self Sovereign Identity (SSID) solutions that were first commercially introduced last year, have now made it into pilots. Others solutions are using a metered approach to build a solid credential structure to address a specific vertical use case. Still others are blending these concepts to provide support for both government led digital credential standardization as well as sector specific use cases. Each of these capabilities was presented and widely discussed recently at connect:ID 2019 in Washington, DC.

As all of the solution sets have developed support for valuable identity based processes, there are still a number of challenges for use of any of these credentials across verticals or industries. Most of these SSID solutions are commercial efforts that were instantiated as pilots to address requirements specific to an industry – examples include:

  • Self enrollment & electronic health record sharing, derived from a specific health insurer’s customer base
  • Mobile driving license generation & utilization
  • Seamless traveler initiatives leveraging the Digital Travel Credential (DTC) being defined through an ICAO and ISO partnership for use throughout the travel continuum (booking – airport check-in – baggage drop – security screening – airport vendor services – boarding – arrival – customs – hotel check-in – return trip)
  • Concepts extending the DTC concept from the traveler journey to Visa request, work permit, & law enforcement record verification processes
  • Solutions providing a digital identity to the extremely large population of people without paper identity documents
  • Digital consortium solutions for banking

As can be imagined, each of these capabilities has been implemented using varying technologies and security frameworks. All of the programs describe their offerings as being built with extensive security measures in the generation and protection of the digital credential, and just as importantly, with a Privacy By Design approach. Some of the digital credentials are built through the derivation of data from a physical document (after the performance of automated identity document authentication – often in combination with facial recognition matching of the end-user against the authenticated source document), while others use identity repositories as the data source for the digital credential. As the DTC is a token which leverages the Document Security Object from an ePassport, the initial delivery mechanism of this token to the end user is meant to be managed by the document issuer.

Security of the token also varies. The DTC imposes requirements to perform the same level of authentication for the token as for the document itself, meaning that it needs to be cryptographically assessed to determine its authenticity by the relying party. Other solutions are leverage block chain implementations to both protect and distribute the user data to support access decision processes for both physical and logical access capabilities.

The key to the evolution of a broader, frictionless identity ecosystem is going to be the development of an interoperable security framework that will allow the digital credential from one ecosystem to be fully leveraged by another. While brand loyalty drives many of these initial capabilities, use of a single credential for many disparate functions is what will drive consumer adoption globally. While it seems naive to think that a global, federated trust fabric will be deployed to support any and all of these disparate programs, perhaps the answer is an interoperable identity wallet that understands the protocols required to authenticate an end user to all points within the ecosystem using the appropriate digital credential – without any specific user action other than authentication to the device containing the digital credentials.

 

Ozone e-Passport PKI

4 Blockchain Business Opportunities

Varun Garg, Acuant’s Director of Cloud and Mobile Products, recently contributed this article to DevPro Journal. You can read his article below. To read the original, click here.

Blockchain is an immutable decentralized way to securely store data in blocks that are linked to each other using cryptographic principals. In late 2017, bitcoin and other cryptocurrencies became the center of many conversations among millennials and tech experts alike. Just two years later, many believe that cryptocurrencies are dead. But there are numerous emerging groundbreaking blockchain related business opportunities that will disrupt established businesses and ways of doing things.

Here are four disruptive, blockchain-related opportunities.

Trading

Blockchain can be used to transfer assets from one holder to another globally and instantly. Current financial markets limit trading to a country or a continent. For example, NYSE, Japan Exchange Group, Euronext, etc. Today when we trade stocks, it takes a few days for a trade to settle and for us to withdraw the money. We have yet to see a global decentralized financial market where anyone can trade any asset and trades are settled instantly on the ledger.

Imagine a world where you could trade almost anything from stocks to precious metals to fiat or cryptocurrencies to ETFs, and you could interchange from one asset to another instantly for pennies. Decentralized exchanges (DEX) solves the problem where no institution or country or a group of servers have the central authority making it impossible to hack or implode.

Money Transfer and Micropayments

Bitcoin once was promoted as a digital way to transfer money from one person to another locally and globally instantly. As of today, it takes around $0.88 and 10 to 20 minutes to transfer money using bitcoin, making it very inefficient. If you are doing a money transfer from your bank account to someone’s bank account overseas, it may cost you a 1 percent to 5 percent transaction fee and may take two to five days for the transaction to process and settle as funds are routed through many intermediary banks.

Thanks to technologies built using blockchain such as Ripple or Stellar Consensus Protocol, money can be transferred from one bank account to another globally within seconds for just a few cents.

This practice can also be expanded to micropayments. Credit/debit card network fees are not cost effective for micropayments. If you had to pay 2.9 percent + $0.30 on a $0.50 transaction, you’d be paying about 63 percent. Even on a $3.00 transaction at 2.9 percent + $0.30, you are left paying about 13 percent overall. With technologies built using blockchain, network fees can be reduced to a fraction of a cent.

Digital Advertising

Google, Facebook, Twitter, Pinterest, etc. have built an incredible business by showing us digital ads. They store all our data and sell it to advertisers. Have you ever wondered why you don’t pay to use their services? Is there something free on this planet?

Your data is worth hundreds of dollars to these companies. You are the product. Blockchain-based technologies aim at fixing the web by blocking all the ads we see in our web browsing experience and rewarding us for our attention. Today, our screens are full of ads shown to us based on our browsing history. Shouldn’t we be in control of the ads shown to us instead of having them forced on us? And if we see ads, shouldn’t we be rewarded to pay attention to these ads?

The multibillion-dollar digital advertising industry is in crisis. User privacy has become a casualty in an ever-increasing consumer-surveillance ad model that relies on tracking and profiling users. Publishers and content creators are shutting down or retaliating with self-destructive tactics as users enable ad-blockers in response to privacy violations, irrelevant ads and malvertisements. Ad fraud is rampant throughout the system, and advertisers are struggling to find solutions that comply with new GDPR/ePrivacy regulations. This is a fundamentally unsustainable state of affairs.

Contracts

Typically, you would go to a lawyer, spend a lot of money and wait for days for the contract to be drafted and agreed upon by both parties. With Smart Contracts, you can do this same process through blockchain. Suppose you want to rent an apartment from me. You get a receipt which is held in our virtual contract; I give you the digital entry key which comes to you by a specified date. If the key doesn’t come on time, the blockchain releases a refund. If I send the key before the rental date, the function holds it, releasing both the fee and key to you and me respectively when the date arrives. The system works on the If-Then premise and is witnessed by hundreds of people, so you can expect a faultless delivery. If I give you the key, I’m sure to be paid. If you send the amount defined in the contract, you receive the key. The document is automatically canceled after the time, and neither of us can interfere with the code without the other knowing since all participants are simultaneously alerted.

Smart contracts can be used for all sort of situations that range from financial derivatives to insurance premiums, breach contracts, property law, property sales, automobile sales, credit enforcement, financial services, legal processes and crowdfunding agreements.

What We Learned at the Goode Intelligence Biometric Summit

Acuant attended the Goode Intelligence Biometric Summit in NYC last week, where industry experts and providers met to discuss the state of identity, challenges and trends in biometrics. Our own Steve Maloney, EVP of Business Development and Strategy spoke on a panel hosted by International Biometrics + Identity Association (IBIA) Executive Director Tovah LaDier to address how biometrics are being leveraged to support digital onboarding while complying with Know Your Customer (KYC and eKYC)  and Anti Money Laundering (AML) regulations.  Here is a recap of what we learned.

 

Biometrics is hot right now

Biometrics continues to be one of the hottest tech areas with increasing investment activity bringing more providers to a growing market. Financial services, payments, transportation and governments continue to be at the vanguard of adoption, but other vertical sectors are increasingly turning to biometrics to support a range of use cases including healthcare. The majority of uses of biometric authentication are performed on-site, but mobile device usage is a fast growing area as well.

 

The line between convenient and creepy is based on the use case

The topic of the keynote speech by Alan Goode of (CEO & Chief Analyst at Goode Intelligence), was Biometrics, Creepy or Convenient? This is an important question that directly affects user adoption and government regulation- it is also an ethical and trust debate.

Alan walked though several examples of biometric use cases that exist today, or did exist, to survey the crowd’s reaction as to whether this was in fact convenient or creepy. Examples included your smartphone recording where you parked your car without you instructing it to do so, airport kiosks in China scanning and identifying your face to then display your flight details in a public area, retail stores using behavioral biometrics to determine unusual consumer behavior from a camera to catch and prevent shoplifting, and using cameras for facial recognition to catch jay walkers in order to message and fine them. Reactions were mixed and likely a bit biased to convenient given the audience.

Results from a larger survey shared included:

  • Gas station plays ads at the pump based on your age/gender/ethnicity that a camera determines – 44% found creepy
  • Weaponized automated drones using facial recognition to identify targets – 70% found creepy
  • Banks detecting your behavior to see how you interact with and use your keyboard to prevent fraud – 30% found creepy

All acknowledged that there are grey areas to consider which include cultural and regional differences, regulations such as GDPR, and consumer opinion – not to mention the ethical and moral questions.

Goode Biometric Summit Panel

Biometrics will transform digital identity authentication

It was agreed traditional passwords alone are dying a slow and painful death. They simply do not provide enough security in today’s digital world and for our increasingly digital identities. The group was also in agreement that consumers are lazy, therefore convenience is key.

Key market drivers were identified as:

  • The increasing number of services that require logins with different devices
  • The demand for protection of digital identity
  • The demand to replace current solutions requiring pin codes
  • Smart cards being close to commercial launch – especially in EU & Asia with the US following closely and likely to follow contactless biometric payment cards

In an age where it is all about the IoT, there was also a focus on the evolution of UI (device & biometrics)- the latest being conversation or voice (Hi Alexa). We talk to tv’s, cars and now Nike even has voice enabled shoes. There was a notion that in fact, the best UX is no UX, the idea being removing it will reduce friction and not rely on consumers who will inevitably get it wrong. However, there was general consensus that usability outweighed friction and that some friction is inevitable.

There was also debate about what the standard guidelines are to be followed, but here in the United States NIST was the front runner and recent advances by FIDO applauded. And while all agreed that the least amount of friction always wins, frictionless may be the wrong mindset. While solutions must be useable, they must also be secure in order to fight the criminals who are sophisticated. Not the check a box and meet compliance solutions, but really deterring the high-powered criminals we need to thwart. The majority (90%) of security solutions today are fine to catch the low-end criminals, but not the dangerous ones. Essentially, solutions needed to catch the fraudsters must make the attacks more trouble than they are worth and at Acuant, we believe it’s about creating multiple signals to defeat bad actors.

 

Conclusions

No matter your moral opinion on the matter, the masses have spoken. Biometrics are being widely adopted and are here to stay. They have a proven convenience factor that will continue to push the borders on privacy and creepiness. Here is where we will expect to see more legislation. The majority agreed this will be largely centered on the use case and the level of risk or security needed in each, for example, we are much more likely to be okay with our biometrics being recorded for travel when terrorist threats abound, rather than in a store while shopping to spot unusual behavior.

What’s more, we cannot and are not in a position to rely on one method of authentication. As we at Acuant believe – identity is the new currency, and as such it must be defended. When it comes to biometrics this includes Presentation Attacks, also known as “spoofing,” to defeat biometric systems which expose the vulnerability of AI only recognition systems. All  biometrics are vulnerable, and institutions must recognize that solutions have flaws. All agreed that we need to put more factors together for better solutions including security and privacy (protecting PII/data), versatility, ease of use and maintenance (continuous updates).

Acuant starts with establishing the trust anchor of an authenticated ID, then allows for layering on additional methods of verification based on your use case. Learn more about choosing a solution that is right for you by reading our white paper:

read the white paper

Takeaways from KNOW Identity 2019: Hint, Identity is the New Currency

KNOW Identity 2019  hit Las Vegas last week. The show brings together some of the brightest minds in the international identity community to discuss and debate the best way to manage and protect identity and PII in our increasingly digital world.

Here is a recap of the biggest highlights and our key takeaways below.

 

Self-Sovereign Identity (SSI) Remained a Central Theme

As with last year, Self-Sovereign Identity (SSI) played an important role in many discussions. Today’s brightest minds are grappling with the undertaking of securing digital identity, and many sessions – including Roger Dingledine’s keynote – highlighted the importance of privacy.

Mastercard announced a corporate world-push into digital identity to bring trust into transactions, putting the individual at the heart of every digital interaction. Charlie Walton, the SVP of Digital Identity at Mastercard, walked through this vision (outlined in the paper “Restoring Trust in the Digital World,”) during the Tuesday morning keynote.

There are many large players trying to commoditize SSI, but at the same time there is another path being created. TYKN exhibited at the show – the company is bringing digital identity to rural Africa through an open source offering. This is just one example of “out of the box” thinking to help solve the digital identity crisis.

 

Biometrics Adoption Continues Across Border Control/ Travel

Biometrics adoption was another hot topic last week. Colleen Manaher from the US Customs and Border Control led a fascinating session about the use of biometrics, specifically citing the use of biometrics in airports as an opportunity to close the gap between security and customer experience. She argued that active private sector participation is at the core of effective, secure and privacy-preserving identity processes enacted by governments.

When it comes to travel and airports, Americans view verification technology as a positive solution. According to our recent survey,  84% of Americans believe that biometrics will improve travelers’ airport experience, and the majority (59%) say that biometrics will increase safety because of improved identification accuracy.

The adoption of fast and easy identity verification via document authentication that can be tied to biometrics, EIDs and other technologies has the potential to make flying a frictionless and fun experience again.

Diversity is Key: Multiple Techniques Ensure Trust in Your Transactions

Wandering the exhibitor hall shows more platforms offering bundles of identity authentication techniques using data aggregation, email, phone, identity document authentication and biometrics. With another 1,244 breaches last year – and one UK firm alone that had nearly one billion email addresses stolen – it’s important to use multiple techniques to ensure trust in your transactions.

On Wednesday morning, David Birch, Director of Innovation at Consult Hyperion and KNOW 2019’s emcee, gave an impassioned speech suggesting World War 3.0 has already begun. He argued, “…We’re in a cyberwar and our identity infrastructure needs to support mobilization across virtual and mundane realms. World War 3.0 has already started but a lot of people haven’t noticed because it’s in the matrix.”

As we at Acuant have believed and known for a while, Identity has become a currency. Companies are now recognizing that identity is an organization’s biggest vulnerability; as such the verification and protection of identity data or PII (personally identifiable information) is paramount. Acuant helps organizations build trust by providing a full suite of solutions that allow businesses to address their appropriate level of risk.

 

Want to learn more? Schedule a Demo