There is no doubt that cybersecurity is improving, especially when it comes to spotting consumer fraud. But is it improving fast enough to keep up with professional fraudsters working at the business of stealing your identity on a 24/7 time clock?
As more and more purchases and banking move to mobile platforms, most of the innovation to protect consumers is being done on the mobile platform. Today 50% of fraudulent actors are targeting mobile devices (up from 41% in 2018 and 21% in 2017, according to Molly Hetz of Iovation). As we move from more static authentication like passwords and secret answers it may be safer to transact on a mobile device. But much of the protection is happening through the merchants where you shop or the banks where you transact.
A walk through this year’s Money2020 conference in Las Vegas showed new products tackling cyberfraud using three emerging technologies: multi-factor authentication, behavioral verification, and AI-based prediction. The endgame is to verify, in as many ways as possible, that you are who you say you are and are authorizing a transaction. One of the creepier consequences? Carrying a mobile device is like wearing a wire. You are constantly broadcasting who you are, where you and what you’re doing to a score of companies, their partners, and would be bad actors.
On exhibit at Money2020 were dozens of products being sold to merchants or banks to provide solid proof that you and your payment are good. The big idea is to verify your personal information through multiple channels. Something you know like a password or PIN, something you have like a token on your device and something you are like a fingerprint or facial recognition, and most recently something you do, like regularly hit a Starbucks at 9:00 AM.
A Dash of Multifactor Authentication
Jumio specializes in super-accurate facial recognition by mapping the structure of your face and matching it against some form of government ID. The buzzword is “liveness detection”, discerning that you’re not a photo or a 3D mask posing as a person. Ingenico’s new Pick Me program lets a merchant grab a photo of you and keep it on file for cashless payments as it recognizes your face the next time you enter the store. Uniken’s REL-ID has a mix and match approach that allows organizations to choose which authentication mechanisms they want to use. Socure’s Aida’s platform adds other identifiers like your social media score to the verification mix.
Behavioral biometrics is the analysis of patterns in human activity – the way you hold your phone, the pressure of your taps, the way you swipe, are all silently working in the background proving that you are you. Iovation’s Fraud Force, for example, looks at disparate factors like accounts and devices, past history, geographic anomalies, and suspicious behaviors. BioCatch claims to look at over 2,000 user patterns from hand tremors, to the pressure of a tap or direction of a swipe to establish a mobile usage pattern of a true user. Payfone also looks at a mobile device’s overall “health” and assigns a trust score.
Ultimately these techniques combined with machine learning about patterns of behavior will be used to predict fraudulent behaviors. The blockchain will also play a role in verifying customer identities. Products like Authenteq let you build and claim your own Digital ID which is stored on the blockchain and allows you to receive information from only those you have deemed acceptable.
What does do all of these behind the scenes transactions mean to you? You’ll shoulder less and less of the burden of fraud spotting as companies embed these third-party tools into their transactions. But that leaves us Increasingly at the mercy of what merchants do on their end (which not coincidentally is where most identities are now stolen). Combating fraud today is sort of like combating unwanted pregnancy — if you were to let the guys take care of it for you.
The takeaway from Money2020? Your mobile device is an extension of who you are, constantly transmitting “tells” based on how, when and where you use your device. As merchants and banks depend on third party partners to add these verification and authentication technologies you are increasingly at their mercy. Hopefully, they get a high trust score.