It’s no secret that incidences of fraud are increasing, with the Government reporting that it is now one of the most prominent crimes in the UK. Our Fraud & Risk report found that in 2016, two-thirds (65%) of large organisations detected a cybersecurity breach. In addition, the biggest concern cited by UK businesses in our report was organised cybercrime (75%).
With global ransomware costing British consumers £4.5 million per year, leveraging technological advancements has never been more important to enable organisations’ to instantly verify customers, identify risks, and ultimately stay ahead of the fraudsters.
Identify theft – a growing threat
The question about how to identify and authenticate customers with confidence is not new – but is becoming increasingly important. Cifas member organisations recorded 173,000 cases of identify fraud in 2016 alone. It’s clear that the Personally Identifiable Information (PII) that is still standard for identity verification across the industry - such as names, addresses, birth dates and phone numbers – and the ‘what you know’ element of the process often falls into the hands of fraudsters and is being exploited. 50% of the fraud professionals we surveyed believe that name and address data will not need to be provided as a verification measure in the future as companies move towards the linkage of digital attributes such as email addresses and devices to physical identity. Our research also shows that organisations are looking to biometric technology to help add security and convenience to authentication processes with 53% of organisations expecting to significantly increase their investment in biometric tools such as voice recognition systems.
Biometrics: The next big thing
Although it is too early to predict where, how, and in which form reliable biometric services will eventually be delivered, we’re already seeing how they are becoming more prevalent in the UK, particularly for authentication of a known identity. In fact, investment in biometric technologies has been the most significant expenditure increase out of all anti-fraud expenditures in recent times. When investing in this type of technology, firms should ensure they fully understand the fit to the use case and the expected performance of the technology. Biometrics used in isolation can have all the security vulnerabilities of other solutions and should only be considered as part of a multi layered fraud prevention strategy.
The key biometric technologies that organisations are planning to introduce as part of their ongoing fraud prevention efforts include biometric screening techniques (26%) and voice recognition systems (23%). Combining biometrics with advanced analytics will go a long way in strengthening the authentication process and reducing risks for businesses, by allowing the verification of a person and their behaviour rather than just a credential, such as a password.
Biometrics can also deliver value at the front end for anti-impersonation checks of new customers. Electronic document verification is becoming increasingly popular as a way to bring an offline identity process online and facial recognition biometric technology adds the ability to compare a document phot to a real-time photo or video of the person.
Consumer trust in biometrics
There are clear benefits from a consumer point of view too, as biometric technology is a more convenient identification method for accessing accounts and devices. It, for example, eliminates the need for consumers to remember a growing number of (often easy to crack) passwords.
Yet, according to a report from HSBC, there is some work that needs to be done to help consumers understand and, more importantly, trust biometric technology. It found that, of the 12,000 people surveyed, less than half (46%) said they trusted fingerprint recognition to eventually replace traditional passwords, despite obvious benefits such as convenience.
Encouragingly it seems that here in the UK, consumers are more open to embracing biometric technology than their international counterparts, particularly in banking. The report found that Brits are most receptive to replacing traditional passwords with, for example, iris identification.
Obstacles to implementation
Despite the aspirations of most businesses to implement biometric systems before 2020, our research revealed that less than one in five organisations are currently regularly using voice recognition systems (17%). Instead, the most common identity verification technique used by organisations is still document verification (44%).
29% of fraud and risk professionals cite a lack of investment in technology as an obstacle to fraud prevention within their organisation and a further 28% point to a lack of employee knowledge or education about security threats. Businesses will need to ensure that these issues are addressed - employing the technology without the know-how will not be enough.
What’s more, consumers today expect an online transaction to be completed far quicker than ever before, leaving organisations with a much smaller window to perform the necessary fraud checks. If their methods are lax, the risks are significant. If too strict, revenues may be lost due to customer frustration. As such balancing customer experience with organisational requirements should continue to be a key theme in all aspects of an organisations’ digital fraud strategy.
Beware: caution needed
Although biometric technology is on the rise, fraud professionals and businesses should tread with caution. Criminals have shown that in their quest to get hold of customer and business information, they’re able to steal biometric identities quite easily. A prime recent example of this was when German hacker, Starbug, hacked Apple’s Touch ID just a day after its launch. Two-factor authentication, using a number of completely different components including biometrics, could be the answer. For example, a consumer could use voice or fingerprint verification as well as a password to access an account.
Future biometrics boom
There’s no doubt that biometrics-based authentication will play an increasing role in the future for many organisations. It’s positive that 91% of boards have now adopted a risk-based cybersecurity framework, with 45% now participating in the formation of overall security strategy, up from 42% in 2014.
Thought, however, still needs to be given to the establishment of best practice and standards across the industry. This will ensure that these powerful pieces of biometric information can be safely stored and reliably matched, in order to be leveraged to their fullest in the fight against identity fraud. And this has to happen now – before incompatible processes become too deeply embedded in systems to be able to do anything about it further down the line.
John Cannon, Commercial Director Fraud & ID, Callcredit Information Group
Image Credit: Anton Watman / Shutterstock