What We Learned at the K(NO)W Identity Conference: Part Two

B&B: Biometrics & Blockchain

We are back with more from the K(NO)W Conference and focusing on solutions that create trusted transactions. Digital identity is relatively new. Physical identity has been around for millions of years. We are really just starting to figure out how to build digital trust and what that means for different industries. There were certainly a fair share of buzzwords and solutions spoken of, but the B’s were front and center with Biometrics and Blockchain in the top slots (honorable mention to the Internet of Things).

 

Biometrics

Maxine Most, founding Principal of Acuity Market Intelligence, the definitive authority on global biometrics market development, stated that customer friction has resulted in 13 times more lost revenue than fraud. We are in a time when we can increase security and decrease friction, which should be the goal for every transaction.  Biometrics allows companies to solve both friction and fraud. Born out of tech and the coolness factor, biometrics has cooled over time into a solution-oriented approach, especially in government. For a long time biometrics was about surveillance. Biometrics today is more about security, and the evolution of mobile devices has played a key role.

The stats cited by Maxine on the number of mobile devices that enable biometrics and the number of transactions that will be on occurring on them in 2020 is staggering- truly game changing. The global smartphone install base is set to grow 50 percent in the next four years to 6 billion devices totaling $355 billion in revenues. We were asked to think about all of the ways we use our mobile devices today and how dramatically that has changed over the past few years. Think of how often you make a phone call vs. the many routine uses that are now second nature. A lot of these uses likely include biometric authentication such as a fingerprint. Touch ID was a tipping point for the industry.

Biometric authentication is very passive compared to other authentication options. There is no fumbling around to find and capture a credential, no remembering crazy passwords or answers to annoying questions. If companies make it hard for people to do the things they want to do- they won’t do it. With biometrics, you must also consider giving consumers a choice otherwise it can seem creepy. For example, today at airports in Canada, travelers can opt for a retina scan to expedite the security process, rather than going thru the slow line. If it was mandatory, it would likely feel like a violation rather than a benefit. Having options at the device level where consumers control the choice also makes biometrics more adoptable and less creepy.

While there is a much broader acceptance of biometrics today, there is still a false perception that when you authenticate yourself one time you are protected throughout the transaction and future transactions with that entity. This is not the case; real threats go beyond just the login or one-time action. Verification must be continuous to truly safeguard those involved in the transaction.  For example, patients in hospitals, customers banking and even sharing economy apps- verification for use cases here should not be considered a one-time thing. The idea of the fabric of an identity of authentication was conveyed. If the same person is not repeatedly represented in an authentication process, the whole thing is destroyed. It was stated that the only way we can do this repeatedly, consistently and unquestionably is with biometrics- as opposed to something you know which is not sufficient anymore (passwords, KBA’s, etc.). This is the opinion of some.

But we know there is no such thing as a perfect solution. Companies must consider what fraudsters are doing today and innovate as they authenticate. One issue is liveness detection for images. Stealing images and passing them off for facial recognition will work if there is not a liveness detection test in the solution. To further layer on top of innate biometrics that could be stolen, the case was made for behavioral biometrics to protect users and data when it comes to mobile device spoofing, being tricked into downloading malware on your device and simply having your device stolen. Behavioral biometrics measure and track uniquely identifying patterns in human activities and range from tracking keystrokes and navigation, to location and device login frequency. This offers another way for consumers to be protected by being passive.

 

Blockchain

The other B word that was highly mentioned in addressing the question of establishing a trusted digital identity was blockchain. Maybe you know blockchain and are a big fan, maybe you thought it was thing of the past. Let’s start with the definition according to wiki: blockchain is a digital ledger in which transactions made in bitcoin or another cryptocurrency are recorded chronologically and publicly. The first blockchain was then conceptualized by Satoshi Nakamoto in 2008 and implemented the following year as a core component of the digital currency bitcoin, where it serves as the public ledger for all transactions. The bitcoin design has been the inspiration for other applications.

Essentially blockchain keeps a record of transactions that cannot be manipulated and establishes decentralized and distributed trust. Blockchain was spoken of as more of a movement than a technology. This is largely due to the fact that, as speaker David Birch of Consult Hyperion put it, we have gone from not being able to tell if you are a dog on the internet to not being able to tell if you are a fridge pretending to be a dog. Maybe a tad dramatic, but maybe also too true – hello, catfishing.

Fraud has dramatically increased in recent years, and it is his belief is that it’s going to get worse because of the movement to make everything frictionless in payments and financial transactions. He stated that this is a hacker’s paradise- to make everything easy. One example is the fact that we still use SMS messages for security even though we know this is not secure. And thanks to the internet of things, we live in a world where we have kettles that are connected to Wi-Fi so that we can remotely operate them, where we have Bluetooth socks and Fitbits for dogs (unclear why but they are both allegedly amazing and in high demand). The dark side of this to consider is that all of this connectivity leaves us vulnerable and more open to attacks. But, as David says…there’s blockchain. Bitcoin is a remarkable cryptographic achievement and the ability to create something not duplicable in the digital world has enormous value. TBD on the future of blockchain but it says something that almost every major financial institution in the world is doing blockchain research at the moment and 15% of banks are expected to be using blockchain in 2017.

 

Conclusion: Problems Aren’t Changing, They Just Look Different

When it comes to tech solutions for authentication, in a lot of ways we are still at step one. If institutions want to scale, it has to be easy – take the human out of the equation whenever possible, but we are not there yet. There is still too much room for human error and institutions and providers are figuring out how to adapt solutions for different environments.

In a room of hundreds of identity professionals, less than 10% confirmed using a crypto key to protect their personal email when we know we are at risk. Consumers will always choose the path of least resistance. Users have to clearly see the value. There are no silver bullets or absolutes. Institutions must consider the use case and the best solution, identifying a point where the authentication meets the level of trust required and addresses the level of risk associated.

 

Learn more about Acuant's special offer for K(NO)W 

Tech Solutions for Access Control and Visitor Management

With news of massive data breaches in the headlines every other week, it’s no surprise that security threats are a growing concern for businesses. A February 2017 study by Javelin Strategy & Research found that 15.4 million Americans were the victims of identity fraud in 2016, a dramatic increase of more than 2 million people from the year before.

From glittering high-rises to government labs, security professionals want to make sure they’re letting the right people into the building. It’s extremely important for a number of industries, including education, defense and airlines, to prevent security breaches and stop the unauthorized access of sensitive information.

Fortunately, there are a number of quick and easy technology based solutions for access control and visitor management. These solutions can be used to verify the identity of individuals entering your business.

ID Authentication & Scanning

ID scanning is used to authenticate an identity document and determine whether the holder should be allowed entry into the premises. There are several types of ID scanners that verify documents in multiple ways: Some scan the ID’s barcode, while others read the ID’s magnetic stripe like a credit card, and more robust software can perform forensic tests to ensure that an ID is not forged.

Solutions such as this can be facilitated via a desktop scanner, but there are also more modern and efficient experiences via mobile apps and self-service kiosks. These are especially helpful for high traffic environments and also offer a solution for employee and personnel access monitoring in high risk buildings.

In the event of a crime or disturbance, an integrated ID scanning solution can track the history of the documents that it reads in order to identify potential suspects. Scanners allow businesses to capture information such as an individual’s name, age, gender, photograph and other identifying information, along with the date and time of access into their applications. Businesses can easily create and manage visitor logs and even use this technology to facilitate easy badge printing with accurate information. In addition, they can maintain a list of VIP or banned users among the business’s clientele to check against when an ID is scanned, alerting employees of preferred or barred status.

Biometric Security Measures

Although ID scanning is an effective way of controlling access, it doesn’t verify that the ID holder and the ID owner are the same person – after all, IDs can be stolen or fake. To do this, you’ll need to use alternate security measures. One example is biometric security, which identifies a person’s unique traits, such as in facial recognition, fingerprints, voice or eye patterns.

Biometric security measures are more secure than ID scanning because they effectively remove the chance of impersonation. They are automated and extremely quick while leaving very little room for error. Another benefit is that biometric security measures can easily be added to existing security systems that are mobile, desktop or even kiosks, in order to provide secure authentication.

No matter your environment, it does not hurt to think about simple but effective ways to be more secure.




New Call-to-action




Reducing Identity Fraud in the Growing Sharing Economy

The digital economy has brought about the democratization of goods and services thanks to the advancement of technology, such as increased broadband connections with high-speed. It’s also helped modernize the sharing economy to push it forward so that people can enjoy its benefits of convenience, simplicity and consumer empowerment to share almost anything from bicycles and homes to medical equipment. Even businesses are increasingly allowing their employees to take advantage of the cost savings from using ride-hailing and home rental apps. However, the rising threat of identity fraud is becoming synonymous with the growing digital economy. Discover how identity fraud affects the sharing economy and what action you can take to combat it.

Identity fraud is growing.

Identity fraud steadily increases, and technology is making it easier to do. ID fraud increased by 16 percent between 2015 and 2016, and the sharing economy is not immune. The sharing economy can provide a loophole for businesses that fail to do a thorough background check on providers or hosts of services. Moreover, ID fraud is often facilitated via technology with hacking being as simple as exploiting your enterprise’s vulnerabilities or phishing for information from consumers. These instances can potentially leave your business at risk for cyber attacks and liability suits.

ID fraud presents opportunities for “fraud-fighting” technology.

While reputation ratings have been used to help reduce fraudulent behavior, a more digital resolution is gaining popularity for being user-friendly and more secure. As a solution to circumvent identity fraud in the sharing economy, businesses are taking matters into their own hands with “fraud-fighting technology. Businesses and even governments are using biometric security technology, such as facial recognition systems and devices that detect fingerprints digitally. ID scanning or scan license technology, ID authentication and ID verification services also help to mitigate identity theft. They offer the main benefit of being able to verify people’s identities in real-time.

Final Thoughts

Despite the rising risk of identity fraud within the sharing economy, there are several solutions to address identity fraud. Sharing economy businesses can utilize these user-friendly ID verification solutions to instantly reduce fraud and protect both themselves and consumers. With Acuant, it takes less than 10 seconds to authenticate an ID, and another few seconds to match the photo on the ID to a selfie taken with our facial recognition match. Our solutions are all made to support person and card not present transactions for all operating systems that dominate the digital economy. 10 seconds can amount to saving millions of dollars.





New Call-to-action




With Over 3 Million Transactions Monthly, Acuant Debuts New and Improved ID Capture and Facial Recognition Technology that Reduces Fraud While Being Customer Friendly

The new economy provides consumers with more ways of transacting than ever before including in-person and person-not present transactions utilizing web services, mobile devices and apps. With transactions becoming increasingly digital, comes the unfortunate rise and sophistication of identity fraud. We are in the age of the biggest data breaches of all time exposing consumer username and passwords to very skilled hackers and fraudsters at large. Identity verification solutions must be robust; businesses and consumers need to take steps to establish trust and ensure protection.

So what does it mean to protect your business from identity fraud today? And how do the solutions you chose affect your customer conversion/acceptance rates and tackle customer privacy concerns? Addressing these questions and the evolving landscape of the convergence of physical and digital identity is the focus of Acuant’s solutions.

Identifying your Level of Risk and Assurance

There is no one size fits all formula for identity verification solutions. The first step is for businesses to identify the level of risk they are willing to accept. For example, a financial institution will have more security concerns than a bike sharing app and a lower security threshold. Once you know what your level of acceptable risk is, you have determined your level of assurance or level of identity verification required. In the past, a simple password and Knowledge Based Authentication question (KBA) that asks something like “In what city were you born?” has been the standard. This is no longer sufficient for secure transactions. Today multi-factor authentication is recommended.

Multi-factor Authentication means that a user has successfully met 2 of 3 categories by presenting:

  • Something You Have (ID or Credential)
  • Something You Know (password, PIN or Answers to Questions – KBA)
  • Something You Are (Biometrics: Fingerprint, Facial Recognition, Voice)

Multi-factor Authentication

Use Cases and Considering the Customer Experience

While it is obvious that certain industries (healthcare, finance, gaming, etc.) must meet industry regulations, there is an important counterpart to consider:  customer experience. Businesses must identify the balance of security and assurance they need with the friction incurred by their customers. For example, a customer onboarding experience could be as quick and easy as scanning an ID from a mobile device or desktop scanner that will prove that an ID is not a fake. Acuant’s AssureIDTM accomplishes this in seconds using the industry’s fastest, most accurate capture technology. AssureID performs over 50 forensic tests in seconds to ensure an ID is valid. If the person is present, standing in front of an employee, this may be sufficient. Retailers, restaurants and other outlets often do a quick visual scan of ID’s, but that method is not validating an ID and does little to prevent fraud. The addition of ID scanning is a quick and easy way to add level of assurance in any environment with mobile, desktop scanner or self-service kiosk options.

What about transactions where a person is not present? These types of transactions are becoming increasingly common as people find it much more convenient transacting digitally and even use apps for things such as opening a bank account. In this instance, businesses may want a mobile capture of an ID to validate the ID and also require a biometric test such as Acuant’s FRMTM (Facial Recognition Match). Acuant FRM is as easy as taking a selfie and comparing it to extracted biometric data contained in the government issued ID.  Results are given in seconds by matching the face biometrics of a selfie to the face image on the ID and authenticating they match. In addition, Acuant FRM provides liveness detection to prevent fraudsters from using static images. This ensures that not only does the face match, but also there is indeed a live person in front of the camera. This provides two separate authentication factors and offers a higher level of assurance- that a person possesses a valid ID and that they match the photo on the ID. There may, however, be an instance where all you require is facial match for ongoing transactions such as a car sharing service app. In this instance you want to ensure the person driving the car is the one who signed up for the program by engaging Acuant FRM each time they use a vehicle. Both workflows are simple and speedy for customers.

Whether you are capturing an ID, engaging facial recognition match or both- you can be sure that Acuant provides the most user-friendly experience with the highest speed and accuracy. Acuant provides the utmost security for local, mobile and cloud services. No images or data is stored on devices, which means that customers do not have to worry about misuse of personal information with Acuant.

 

The Acuant Advantage

In addition to being a leading identity verification provider for over 20 years, Acuant possesses the largest ID document library in the industry recognizing ID’s from over 200 countries (including but not limited to passports, driver’s licenses, visas and military ID’s) which enables our unparalleled accuracy ratings. Our solutions are made for mobile and desktop environments, compatible with Windows, iOS, Android, Hybrid and HTML 5 and built to allow meeting the highest level security requirements and regulations such as KYC, PII, HIPAA and AML. Download our apps to see Acuant in action and test your selfie skills with Acuant FRM!

iOS App

Android App

HTML5

Biometrics Boom: Juniper Predicts 600M+ Mobile Devices will use Voice and Facial Recognition by 2021

 

Biometrics is one of the hottest security topics in 2017. Businesses are realizing they must supplement basic login credentials with much stronger authentication methods, such as fingerprint and facial recognition technologies. Juniper Research study, Mobile Biometrics: Consumer Markets, Opportunities & Forecasts 2016-2021, finds that biometric authentication is ready to move beyond fingerprints alone and use several different identifiers, including facial recognition and voiceprints.

The research notes that these methods will increase from being installed on an estimated 190 million mobile devices in 2016 to exceed 600 million devices by 2021. As biometric technology becomes more commonplace in the business environment and more accepted by consumers, industries can leverage it to ensure stronger identity security.

This will likely begin to transform security in a host of industries that are especially vulnerable to cyber-attacks. With the increase in popularity of mobile payments and mobile healthcare, the finance and healthcare industries in particular can benefit from using biometric technology to verify identities.

Here’s what to expect in 2017:

Consumers will Quickly Adopt Biometrics

When biometric technologies first rolled out, consumers were apprehensive and sometimes refused to use them.  However, this apprehension towards biometrics is being steadily broken down through consumerization. Technologies that were previously used only for official purposes are now available on the market for consumers to buy.

For example, in the US, the use and collection of fingerprints is often correlated with law enforcement, but Apple now allows users to unlock their devices through their fingerprints, which has helped break down the apprehension of using biometrics for everyday use. The use of selfies in general has allowed people to use photos in a variety of ways, and Facebook and Instagram have capitalized on that by using facial recognition. Biometric technologies that consumers once rejected have become the norm for many consumers, paving the way for much tighter security processes.

 

Companies will Seek to Build Stronger Authentication Continuums

As consumers embrace and adopt new technology, it’s beneficial for that technology to be more interconnected. Businesses are able to leverage this interconnected technology by using it throughout the enterprise or with their products. Utilizing biometric technology with their products, allows consumers to have a higher degree of customization and personalization. Further, an authentication continuum based on biometrics will result in a higher level of overall security, which is key for companies that prioritize robust security.

For example, just doing facial recognition by itself isn’t sufficient most of the time. Tying facial with identity, document authentication, other attributes and biometrics will build a stronger authentication continuum that will lead to a greater level of security.

With biometric technology continuously evolving and the increasing sophistication of hackers and identity thieves, the future of identity verification may more closely resemble science fiction than our current reality.

Identity Fraud Prevention in Today’s Digital Economy

With cyber criminals becoming increasingly sophisticated and hackers making headlines regularly, it is imperative that businesses employ advanced security technology. Identity proofing is a term for identity verification that is being adopted by analysts such as Gartner. From Gartner’s study1:

Identity proofing, a process that demonstrates with sufficient confidence that the user is who he claims he is, helps to establish and maintain trust in the identity throughout the relationship.

Identity Proofing Process

Collecting and verifying information about a person, provides businesses with another layer of assurance. Financial institutions can use identity proofing to prevent financial fraud and money laundering, while ecommerce companies can rely on it to combat card-not-present fraud. And with today’s technology, businesses can ensure that their processes are user-friendly, adopting technology that users are familiar with (i.e. fingerprints and selfies for facial recognition).

According to research by Aite Group, card-not-present (CNP) fraud in the U.S. is expected to reach $7.2 billion per year by 2020. Government agencies need sophisticated identity proofing for security clearances. Identity proofing also helps organizations in the healthcare industry prevent HIPAA violations. As identity fraud becomes a concern across industries, identity proofing solutions are needed to establish trust in digital relationships.

Organizations that need to proof identities are turning to third-parties to build solutions. According to the Gartner study1, third-party solutions have come up with various options for companies to use to verify identities, including:

  1. Knowledge-based verification: In this approach, the user is asked a series of questions that they would need to know the answer to in order to confirm their identity. Examples of these questions include past mailing addresses, mortgage amounts, and lender names. Knowledge-based questions aren’t entirely secure, though, since the answers to these questions can be obtained through a hack. Back in 2015, scammers were able to steal tax refunds by figuring out the answers to these questions.

 

  1. Secondary passwords: ID proofing services can issue temporary one-time-use passwords to verify identities. Users are sent a one-time password via an “address,” like a home address or email address. They then have to enter the one-time password to verify their identities. Organizations may ask users to bind themselves to an identity associated with a known trusted online account, like their social media accounts. The risk with these other accounts is that social media profiles and email addresses can be hacked.

 

  1. Biometrics: In countries with fingerprint registries, organizations can require fingerprint scans to verify identities. However, some users may take issue with this method if they are concerned about privacy. Organizations can also use voice recognition and facial recognition to verify identities, although facial characteristics change throughout life. As biometric technology becomes more commonplace in the business environment and more accepted by consumers, industries can leverage it to ensure stronger identity security.

Proofing identities in other countries can be challenging since different countries use varying forms of government-issued IDs. According to the Gartner report1, some of the problems global companies can run into are:

  1. Social Security Numbers Create Vulnerabilities: In the U.S., citizens are often identified by their Social Security Numbers, but this method of identification doesn’t translate over into countries. Some countries also do not have official national IDs. Instead, these countries will issue out IDs for specific purposes like access to healthcare or tax collection, which may not be considered sufficient for identity proofing.

 

  1. Different Global Standards: Privacy and data protection legislation vary between countries, which limits the information identity proofing services can capture, gather, and store. This legislation can even block companies from sharing data across borders.

 

  1. Technology Verifications Often Falls Short: Technology limitations and regulations can prevent identity proofing providers from being able to conveniently verify information against government lists like registries of births, marriages, and legal permits.

Although fraud is an increasing concern for global companies, the good news is that options for solutions are also increasing with a wide range of identity proofing services that can be adjusted to fit different industries.

 

1Source Gartner Identity Proofing Is the Cornerstone of Trust in a Digital Relationship, October 2016