By Lisa Baergen, Director of Marketing for NuData Security
Recognizing and verifying customers online is one of the biggest challenges for companies around the globe. It is similar to playing blind man’s bluff with cybercriminals trying to trick you at every turn. Consumers have lost more than $16 billion to Identity theft and fraud in 2016 alone, according to Javelin Research.
The job of identity proofing and consumer authentication needs a variety of personal identifiers to allow companies to make reasonable decisions as to whether to allow certain transactions or to review or block them. The trick is to introduce more security without inconveniencing customers. Therein lies the real balancing act.
In the race to find the perfect identifier, a variety of solutions have been introduced, many of which may not work well and will only serve to frustrate the consumer. Some are widely popular, like taking a selfie. However, after the novelty wears off, taking selfies in different environments might not be as convenient or appropriate – such as in an office setting. For two-factor authentication, receiving an SMS text with a password or number is just not available at all times and add annoying steps.
Security researchers have already demonstrated how to get around two-factor authentication as well as selfies, fingerprints and more. The solution is for companies to align their risk posture and implement a layered security approach so if one authentication point is circumvented, then another takes its place.
The Secret Handshake
The secret password no longer holds the cache it once did. More than 3 billion user name and passwords were stolen last year alone, and estimate 8.2 million passwords being stolen every day, in an effort from hackers to game online transactions. Even the inconvenience of having to remember a password and the pushback from consumers is driving companies to rethink the whole authentication process.
Video courtesy of www.nudatasecurity.com
The consumer environment is also impacted by the rapid adoption of smart TV ‘s, cord cutters moving to IPTV, Android TV (NVidia Shield), smart thermostats and the evolution of the connected home are forcing the move away from the standard user ID and password combination that people are familiar with. While passwords and accounts continue to be a favorite target for hackers and cybercriminals, the security industry at large still hasn’t found a suitable replacement for the standard username and password authentication scheme.
Emerging technologies such as passive biometrics combined with behavioral analytics are now taking center stage and picking up in adoption. Biometric technologies measure personal physiological characteristics for unique identification and security. They are also used to identify people in an accurate, repeatable manner. Physiological characteristics used for biometrics include the face, fingerprints, voice, or even DNA.
Physical biometrics can and should be combined with passive biometrics that integrates signals generated by how a person behaves, such as the way they hold their device, the cadence of their typing and other behaviors unique in all of us. Combined with behavioral analytics allows an online business to identify the correct human behind the device, without requiring any personal information, or to add additional friction to the consumer interaction. While hackers can use stolen passwords and credentials, they are not able to mimic individual behaviors, biometrics or habits. The use of passive behavioral biometrics also addresses many of the gaps in existing mobile user authentication process making exploits much easier to spot. This is true when the device is being impersonated or has malware, or when the data is farmed via intercepted SMS messages and later used for identity crimes.
Passive biometrics and behavior analytics is a distinctive way to not only identify the actual customer but is also a convenient method that allows customers to do business quickly and easily.
About the Author
Lisa Baergen is Director of Marketing at NuData Security, an award-winning, passive biometrics and behavioral analytics company. Their flagship product, NuDetect, helps organizations form digital trust by identifying users based on their online interactions – behavior that can't be mimicked or replicated by a third party.