Over the past year, businesses have rapidly shifted to digital solutions during the pandemic. For many, this has been the difference between keeping the lights on and closing the doors for good. But it also brought new opportunities for hackers and scammers, who seek to exploit these new sources of revenue. This is clear in research from Citizens Advice, which found that since January 2021, over two-thirds (36 million) of the UK population have been targeted by scammers.
Our research corroborates the scale of the problem, with consumers saying they receive three scam messages a day – more than from friends and family – with half (49%) of UK consumers admitting they don’t report fraudulent messages.
Rising Security and Privacy Concerns
As we enter the fourth year of GDPR, companies face some of the largest fines yet, and consumers are increasingly privacy-conscious. Recent Callsign research supports this, revealing that a third of respondents (33%) were concerned about the lack of transparency from organizations collecting their data.
A third claim it’s because they don’t know what data is being collected about them by organizations, and 29% say they feel as though they’ve had to share more as the pandemic has forced more services and businesses online.
Of the 64% of consumers who lack confidence in the security of their passwords, only a third update them when prompted to do so
Despite these concerns, of the 64% of consumers who lack confidence in the security of their passwords, only a third update them when prompted to do so by an organization.
There have also been notable privacy developments among some big tech firms, with Google moving away from the established third-party cookie and Apple taking on app tracking transparency; the tech giants are leveraging these consumer wants and needs to get ahead in the market.
With these new updates putting privacy in the hands of the consumer, it’s important businesses approach privacy in the right way or risk opening the path to more security woes. It can take months for organizations to redesign their entire security processes and infrastructure in response; therefore, it’s critical organizations begin looking at these processes sooner rather than later or risk getting left behind.
Moving Towards the Future of Authentication
As scammers become more sophisticated, so too should our ways of spotting them. With upcoming regulations, such as secure customer authentication (SCA) enforcement, businesses need to choose the right technologies for the job. While the deadline has been extended, vendors and card issuers must take the time to consider several moving parts.
Businesses must ensure they rely on solutions that meet rising privacy concerns and GDPR requirements and satisfy all their stakeholders – their customers, the FCA and the ICO – by adopting a solution that prioritizes privacy and data minimization, as well as reducing friction in the user journey through passive, positive identification.
Turning to Technology
One method is using behavioral biometrics technologies to positively identify genuine users. Passive behavioral biometrics considers millions of contextual data points such as how a user swipes their phone, the angle they hold their device, keystrokes and mouse movements. These are unique behaviors to the user that are difficult to copy, unlike passwords, which fraudsters can easily steal and utilize. Layering these contextual data points with device and threat intelligence builds a more robust authentication process without adding friction to the user experience.
Data from behavioral biometrics can also be obfuscated, thus preserving a user’s privacy in ways that facial recognition and other biometric authentication methods can’t.
Following the news of the extension, the ICO also confirmed that behavioral biometrics can be used for PSD2 SCA compliance if vendors and card issuers adhere to the wider requirements of privacy legislation.
Fraud detection and authentication – while interlinked – are two different things. Using behavioral biometrics to detect fraud is a given, but organizations should also consider a vendor’s ability to positively identify the user during the vendor selection process. Otherwise, they may need to opt for an additional vendor to deliver user authentication.
It is clear that businesses must look beyond traditional security strategies to protect customers against fraud. With increasing concerns around privacy and traditional security methods often insufficient, it has become a business imperative to establish digital identity online. This is to ensure businesses and consumers are not only protected but authenticated online.
Using technologies such as behavioral biometrics, businesses can re-establish a secure relationship where customers trust businesses and businesses protect customers, all without any party having to sacrifice experience or privacy to do so. More so than ever, the onus is on companies to keep consumers protected against fraud and safeguard customers’ digital identities. The layering of behavioral biometrics with other circumstantial evidence can both keep consumers safe and protect their privacy.
Amir Nooriala CCO, Callsign | infosecurity-magazine.com