With a smartphone in every pocket and a WiFi connection never far from reach, our interconnected world provides instant access among individuals, institutions, and nation-states around the globe. Unfortunately, this fast-growing network is increasingly difficult to protect from digital fraud, as cybercriminals continuously adapt their tactics to outpace security efforts across organizations and services alike.
Even with newer defenses such as two-factor authentication (2FA), savvy fraudsters are far from being foiled for good. In 2018, the Federal Trade Commission received more than 3 million identity theft and fraud reports totaling more than $1.5 billion in consumer losses. Corporate entities also are susceptible to breaches through vulnerable digital security systems, as U.S. financial institutions were forced to spend $3.25 for every dollar of fraud loss last year in recovery expenses, legal fees, and investigative costs in the wake of cyber attacks. Organizations have seen a spike in fraud attacks during the COVID-19 pandemic, a result of at-home workforces creating remote-access security challenges.
Fortunately, new advances in technology and cybersecurity strategies are paving the way for a more fortified digital future. Harnessing the power of AI, data science, and biometrics, novel solutions for ID verification may hold the key to keeping our digital connections strong—while keeping nefarious agents locked out.
Given that phishing scams and stolen credentials are the most common causes of data breaches, personal and corporate cybersecurity often rests with a system's ability to correctly confirm the identity of each individual interacting with it. Consequently, institutions are starting to turn away from older, fraud-prone ID verification tools such as passwords and SMS notifications, and instead embracing more comprehensive and adaptive methods. Some of the most promising approaches extract entirely new ID attributes created from an individual's physical features and behaviors.
At the heart of this methodology are biometrics, the increasingly exact measurements and calculations of humans' biological and behavioral characteristics—not merely how we look, but how we sound, feel, and even move. While the term may evoke spy-film retinal scans (and does, in fact, include such tools), the field has produced other tactics that have practical uses for consumer interactions as well as those within corporate networks.
For example, some of the latest smartphones leverage voice- and facial-recognition software for security, and digital fingerprinting has become easier and cheaper to implement for enterprises of all sizes. Using gyrometers in mobile devices, biometrics software can capture nuanced movements to determine hand dominance, eye-hand coordination, and normal speed of motion. These observational tools can even detect the size and pressure in the press of a touch screen and a user's "velocity" (how fast they complete applications, for example).
By combining biometrics with a user's online footprint, geolocation, and device-specific metadata, a complete picture can be formed and referenced in every subsequent instance of ID verification. While an initial assessment may take time to complete, these combined behavioral variables can ultimately serve as a low-friction, high-certainty identification tool. This allows cybersecurity systems to evolve from static, one-time login controls to dynamic, continuous authentication that mines prior activity data and monitors user behavior to confirm their holistic digital portraits.
With such complex, interconnected data sets, AI is increasingly being used to assess and aggregate these myriad ID variables. By applying machine and deep learning methods, identity screening teams can now develop enhanced risk-based scoring systems that feed directly into application, onboarding, and authentication processes―providing real-time feedback and anomaly detection at an unprecedented level of accuracy. Going beyond the login screen, real-time feedback from session data, user actions, and contexts creates a seamless, continuous authentication process. This also enables customization of security controls throughout a user’s journey—for example, higher-risk operations could deploy additional checks at set stages of access.
Consequently, cybercriminals hoping to fool security systems will find a new level of identity fidelity too detailed to impersonate. Taken together, these innovations form an exciting foundation for forward-thinking institutions looking to adapt and evolve their ID verification and cybersecurity efforts for our modern digital ecosystem. But the adoption of these technologies and tactics by an individual institution is only the first step toward a truly robust future—especially within the banking and financial industry.
There is further evolution taking place in this area as some platforms are developing consortiums of financial institutions and corporations, and building shared databases of known identities for fast, secure, and more holistic verification. In addition, identity screening firms are combining their areas of expertise through partnerships or acquisitions, expanding their coverage by screening multiple identity attributes and verification methods with the same engine.
The benefits of a new ID verification system are clear. More importantly, the combination of these innovations in biometrics, artificial intelligence, and consortium partnerships isn't merely powerful in theory—in practice, their application has already significantly increased accuracy and created value across multiple industries.