Over the past year, businesses have quickly turned to digital solutions during the pandemic. For many, it made the difference between keeping the lights on and closing the doors for good. But it has also brought new opportunities for hackers and crooks, who seek to exploit these new sources of income. This is clear from the research of Advice to citizens, who found that since January 2021, more than two-thirds (36 million) of the UK’s population have been targeted by scammers.
Our research corroborates the scale of the problem, with consumers claiming they receive three fraudulent messages a day – more than from friends and family – with half (49%) of UK consumers admitting they don’t. do not report fraudulent messages.
Increased security and privacy concerns
As we enter the fourth year of GDPR, businesses face some of the biggest fines to date and consumers are increasingly concerned about their privacy. Recent call sign research supports this, revealing that a third of respondents (33%) were concerned about the lack of transparency of organizations that collect their data.
A third claims it’s because they don’t know what data is being collected about them by organizations, and 29% say they feel they had to share more because the pandemic has forced more services and online businesses.
Despite these concerns, of the 64% of consumers who are not confident in the security of their passwords, only a third update them when asked to do so by an organization.
There have also been notable privacy developments among some large tech companies, with Google moving away from the established third-party cookie and Apple supporting transparency in application tracking; the tech giants are leveraging these consumer wants and needs to advance in the market.
With these new updates putting privacy in the hands of the consumer, it’s important that businesses approach privacy in the right way or risk paving the way for more security concerns. It can take months for organizations to redesign their entire security processes and infrastructure accordingly; therefore, it is essential that organizations start reviewing these processes as early as possible, otherwise they risk being left behind.
Towards the future of authentication
As crooks become more sophisticated, our ways of spotting them should change as well. With regulations coming up, such as the enforcement of Secure Customer Authentication (SCA), businesses need to choose the right technologies for the job. Although the deadline has been extended, vendors and card issuers must take the time to consider multiple moving parts.
Businesses need to ensure they are backed by solutions that address growing privacy concerns and GDPR requirements and satisfy all of their stakeholders – their customers, the FCA, and the ICO – by adopting a solution that prioritizes privacy and data minimization, while reducing friction in the user’s journey. through passive and positive identification.
Turn to technology
One method is to use behavioral biometric technologies to positively identify true users. Passive behavioral biometrics take into account millions of contextual data points such as how a user slides their phone, the angle at which they hold their device, keystrokes and mouse movements. These are behaviors unique to the user that are difficult to copy, unlike passwords, which scammers can easily steal and use. Overlaying these contextual data points with device and threat intelligence creates a more robust authentication process without adding friction to the user experience.
Behavioral biometrics data can also be masked, preserving a user’s privacy in a way that facial recognition and other biometric authentication methods cannot.
Following the announcement of the extension, the ICO also confirmed that behavioral biometrics can be used for PSD2 SCA compliance if providers and card issuers adhere to the broader requirements of privacy legislation.
Fraud detection and authentication – although interdependent – are two different things. Using behavioral biometrics to detect fraud is a given, but organizations should also consider a vendor’s ability to positively identify the user during the vendor selection process. Otherwise, they may need to opt for an additional provider to provide user authentication.
Clearly, businesses need to go beyond traditional security strategies to protect customers from fraud. With growing concerns about privacy and traditional often insufficient security methods, it has become a business imperative to establish a digital identity online. This helps ensure that businesses and consumers are not only protected but authenticated online.
Using technologies such as behavioral biometrics, businesses can re-establish a secure relationship where customers trust businesses and businesses protect customers, all without either party having to sacrifice their experience or privacy for it. to do. More than ever, businesses have a responsibility to protect consumers from fraud and preserve the digital identity of customers. Layering behavioral biometrics on top of other circumstantial evidence can both keep consumers safe and protect their privacy.