Andrew Tierney is an adviser on credit, risk and governance and director of Sydney firm Balance Risk Management. He believes the use of biometrics is the best way to prevent online identity and fraud scams.
If someone in the street came up to you and asked for $1,000, would you give it to them? You don’t know who they are, you can’t tell what they have done in the past, and you certainly don’t know if they will return the money. What about if they asked to look inside your wallet, or your house?
Since the outbreak of the COVID-19 pandemic in 2020, more people have been accessing services and products online. Companies that are providing services or products cannot be certain who they are interacting with, unless they complete strict identity verification and fraud mitigation. On the consumer side, stolen identity is a huge risk online.
If we think of onboarding a customer in terms of its position on a spectrum of importance, verifying the identity of the individual must be considered as significantly high. If you give money, or access, to someone you haven’t verified, you are opening yourself up to all manner of indiscretions.
With online identity and fraud scams increasing exponentially across all industries, I look to biometrics as a way of reducing that risk. It may be a surprise to most people that the first recorded attempt at fingerprint matching, a type of biometrics, by police in a criminal investigation was in 1892.
Easy access to online victims means that identity takeover, fraudulent activity and cyberattacks on businesses won’t be going away any time soon. Just read the news to see the increase in both frequency and ferocity.
Biometrics covers a wide range of indicators, from signature through to physical movement. Investigators in 1892 would have boggled at the biometrics we have today.
The following key areas show the potential for biometrics.
Building a picture of real identity
Identifying that an individual’s identity exists is only half the solution. Identifying a person’s identity through document verification has provided a level of comfort historically. It isn’t a silver bullet, but it has been used by online financiers in their application process.
The problem is that fraudsters have become more sophisticated, and with increased traffic online, it is easier to ‘steal’ the identity details of an individual. It follows that an increased level of online identity verification is required.
One way that biometrics has shown it can level the playing fi eld is through ‘liveness’ testing. This uses a copy of a confirmed identity document and matches it against a video of the individual, comparing the video to the picture using a biometric-defined matching algorithm. This increases the window of confirmation significantly.
And ‘liveness’ is only one of the tools that can be used for geolocation of the device; the IP address and other data can be utilised to build a picture of where and how this identity is being confirmed.
Detecting suspicious access to data
Once you have allowed someone into your ecosystem, whether customer or employee, it is essential that layers of protection are embedded into the login process. How many times have we heard about unauthorised access, or hacked systems?
This has become an issue in modern times as more people are now working from home – a trend that’s likely to continue. To combat this, companies have introduced multi-factor authentication, and they monitor for suspicious activity to identify any illicit access.
Could liveness authorisation be a tool once suspicious activity is noticed? The answer is yes.
Even in identifying suspicious behaviour, biometrics offers additional ways to combat it. Biometrics is not just about facial recognition. Typing and engagement patterns are additional methods for highlighting suspicious activity. Navigation patterns can also pinpoint differences in behaviours, and then it’s a short shift to ‘who is this?’
The battle against rising fraud
Over the last decade it has been reported that fraud activity resulting in financial loss has cost Australians $2.5bn. In 2019, compromised business emails have become the highest category of loss at $132m.
I believe that biometrics can, and will, help prevent fraudulent activity. It will also provide a level of comfort to individuals who go online to do their grocery shopping, buy a pair of jeans, or log in to their bank accounts. Could we see this technology being used in marketing, medical services and the armed forces?
Anything that makes processes simpler for the customer, while protecting their data, is good for industry. I see the use of biometrics becoming more prevalent over time, with new ways of capturing and consuming this data in as little as five years.
With respect to the wider implications for privacy and protection of data, the biometrics industry has commented that “while there is a use for this technology in many different industries, we understand the need for privacy and consent. This is something that the biometrics industry fully supports”.
There are wider and more far-reaching use cases for this data, and we will have to navigate this carefully, but the benefits appear to be huge.