The digital world has a major problem regarding digital identity. Despite the best authentication efforts by businesses, this problem leads to increased cyber threats and a lack of digital trust. Bill Sytsma, SVP, North America, Callsign, discusses the actual problem with digital identity and the possible ways companies can fix them.
Rampant online fraud and scams are a daily occurrence, the cause? Broken digital identity.
When we moved online, we just transferred our identity know-how from the physical world, believing it would work the same way. But it does not. In the physical world, our eyes and brains take in thousands of signals to identify people, whether it is the likeness on our photo ID or just perhaps their voice and other physical characteristics. However, these do not work online; pins and passwords do not prove that you are the person you claim to be, just that you know a pin or passcode. Facial biometrics can be biased and exclude people. They can also be compromised.
Additionally, fraudsters can easily gain access to others’ personal information and passwords through social engineering scams, where they trick people into sharing information that can be used to access bank accounts. Bad actors can also gain access to accounts by purchasing passwords on the dark web for various prices depending on account balances and the likelihood of a password working. Some dark web vendors also offer return policies if passwords do not work.
In answer to the onslaught of more sophisticated scams, organizations have chosen to step up their authentication requirements. Where once usernames and passwords were required, many organizations now automatically send one-time passcodes aiming to add a layer of security. While this step up in security was intended to protect the customer, firstly, it does not prove that they are who they say they are. Further, fraudsters have long since managed to compromise this channel, with consumers saying they receive more text messages from fraudsters than their friends and family, according to Callsign’s research on the psychology of scams. But, adding an extra layer of ‘security,’ in fact, adds friction and inconvenience for the customer.
See More: Is Behavioral Biometrics the Answer for Digital Identity Crisis?
Passwords Cause Customer Friction and Depleted Brand Loyalty
As businesses design new authentication journeys, they must remember that customers look for seamless online interactions and that not all authentication platforms are created equal. Businesses that rely heavily on authentication that requires constant user input, such as usernames, passwords, and one-time passcodes via SMS, risk putting too much friction into the customer journey. In some cases, consumers report abandoning a cart because of friction with their passwords. Asking consumers to authenticate their identities multiple times creates friction and negatively impacts a customer’s loyalty to a business. In fact, according to Pindrop’s research, up to 30% of customers struggle with knowledge-based authentication questions (KBAs), while more than half of criminals pass them.
A Widening Digital Trust Gap
Unfortunately, because we continue to rely on flawed digital identity methods, it is negatively impacting consumers’ trust in online services — digital trust. Any information breach, ransomware attacks on organizations, consumers falling victim to phishing, social engineering, and more cause a consumer’s trust in digital services to fall. Even worse, they cause a business’ financial performance, customer loyalty, and brand equity to decrease.
According to the research above, consumers tend to overestimate their ability to detect and prevent fraud: 50% of those surveyed claim it is easy to avoid fraud because it is just ”common sense.” However, despite the efforts of banks and retailers to provide security to their customer base by sending warning messages, calls and other preventative measures, fraud is still on the rise. Scammers nowadays can imitate bank personnel to coach their victims through these security measures, making it increasingly difficult for customers to detect potentially fraudulent activity. In some regions, fraud is nearing pandemic levels. The disconnect on who bears responsibility for avoiding fraud between customers, financial institutions, and merchants proves that both detecting and preventing scams may be more of a collaborative effort than we originally thought.
While big banks and retailers can spend on security and risk mitigation protocols, the public is left vulnerable to the evolution and growing complexities of financial criminals and their methods. In fact, 65% of people believe that both they and their banks should bear responsibility for avoiding scams.
If we cannot know beyond doubt who we are interacting with online, we cannot trust the services we want to interact with, and if we cannot trust the services we want to interact with, we will revert to those services in the physical world. This means our digital economy will suffer.
Reimagining the Login Experience
Instead of relying on passwords that are incapable of identifying if a person is who they say they are, other more sophisticated tools verify a user is who they claim to be. Behavioral biometrics are unique muscle memory for each individual and provide a way to identify the user is really who they say they are. Customer behavior is impossible for a fraudster to replicate. By collecting behavioral data through the way a user swipes their phone, types on a keyboard or moves a mouse, organizations can truly identify and authorize consumers. Layered with other intelligence such as device fingerprinting, threat and malware detection, behavioral biometrics, coupled with all these data points, can build a digital identity online. Unlike fingerprints or facial biometrics, users can choose to change how they swipe, perhaps using their left hand instead of their right, for example.
The best part? These tools are non-intrusive because they can work in the background without disrupting the customer’s journey to their desired destination or service. This not only streamlines the customer experience but simultaneously reinforces the trust the customer has in the business to keep their data secure. Other identity authentication methods, such as passwords and one-time passcodes (OTPs), pose a great risk to the genuine customer’s privacy. Behavioral biometrics is privacy-preserving; the data can be obfuscated but still verifies an individual’s identity without collecting personal information.
As businesses and users continue to adopt a more digital-centric approach, it is imperative for companies to prioritize online security to build trust with customers and keep employees happy. Without digital identity authentication, businesses risk the loyalty of their current customers and leave their companies vulnerable to security breaches.
How do you think we can fix the problem with the digital identity system? Let us know on Facebook, Twitter, and LinkedIn.
MORE ON DIGITAL IDENTITY:
Image Source: Shutterstock
Read More: www.spiceworks.com