The increased use of digital banking tools spurred by the social distancing regulations and closing of branches during the coronavirus pandemic creates greater opportunity for hackers — and they are increasingly targeting online and mobile channels to carry out various forms of identity fraud.
Numerous, large-scale data breaches have compromised the personal data of millions of consumers, leaving many Americans susceptible to identity fraud in this moment of national crisis. Hackers armed with stolen personally identifiable information such as social security numbers create fraudulent accounts to file claims on behalf of real bank customers, which can go unnoticed for years.
Biometrics are one of the most secure and effective ways of authenticating customers. Contrary to what some may believe, facial and fingerprint recognition methods are not easily fooled by the use of spoofed fingerprints or photos — what is known as a presentation attack. In fact, many of today’s sophisticated biometric authentication solutions include liveness detection capabilities to fight presentation attacks.
There are two types of liveness detection to identify whether the presented biometric trait is from a real human or is a digital or manufactured representation. Active liveness detection requires a user to blink or turn their head, and passive liveness detection runs behind the scenes and uses algorithms to analyze a captured biometric sample for signs — such as detecting paper or digital screens.
Passive liveness detection is faster and less intrusive than active liveness detection and includes more advanced techniques for determining live presence making it the better choice in most modern deployments. Banks should use security solutions that combine multiple anti-spoof and liveness detection methods, since the liveness detection and anti-spoof capabilities of device-native biometrics built into consumer mobile devices are often less robust than third-party solutions.
By leveraging biometric authentication methods such as facial recognition technologies, banks can help customers create stronger digital identities than those based solely on personally identifiable information — much of which is widely available for sale on the dark web.
Relying on biometric markers for authentication makes it much harder for hackers to commit synthetic identity fraud because a government-issued ID is required. Facial recognition technologies typically do not store raw photos of customers for purposes of identification. Rather, they create a mathematical representation of the customer’s face, which is encrypted and kept on file for comparison when the customer logs in. Because it is reduced to a mathematical representation, the data is essentially useless to a hacker as it could not be used elsewhere and would not be worth selling on the dark web.
Additionally, biometric authentication does not rely on the secrecy of biometric traits but instead on the difficulty of impersonating the living person. In the future, banking customers with potentially compromised personally identifiable information data will be less prone to identity fraud if their bank uses ID verification along with biometric authentication methods.
The coronavirus pandemic has exposed many of the security flaws that are present in the digital banking ecosystem, highlighting the need for banks to find alternative methods for identity verification and authentication that do not rely on customers’ Social Security numbers or other sensitive data. With more than 80 percent of Americans owning a smartphone, this approach is a growing option and will help banks identify and reduce fraudulent claims in the future.
Sam Bakken is senior product marketing manager at OneSpan, a provider of digital identity solutions. You can reach him at [email protected].