It has been an unusually active year for fraudsters. According to the Federal Trade Commission (FTC), 2020 saw payments fraud increase by 47 percent as the sudden shift of consumers to almost entirely digital lifestyles presented a host of new targets.
“We’re also seeing more fraud rings and more sophisticated fraud happening, whether it’s going after governmental secrets to social engineering or just classic onboarding and attacking accounts and taking over accounts,” Kevin Trilli, chief product officer of Onfido told PYMNTS in a recent conversation, noting that fraudsters are “putting in a lot of overtime” these days looking for new entry points to places where they aren’t supposed to be.
Onfido is a digital ID verification firm, and as Trilli noted, biometrics technology — and its wide accessibility to consumers through mobile devices — offers a significant weapon in battling back fraudsters and securing consumers through various digital journeys. Sounds simple enough, but it actually isn’t — doing biometrics right isn’t as easy as it appears from the outset, and consumers as of yet don’t fully trust it.
“People are still hesitant to participate in these newer technologies because they don’t trust where the data sets are going,” said Trilli. “In many cases, they don’t realize that the data never leaves their device. So I would say the user experience is a big piece of this wariness of the data once it’s being released into the cloud.”
And that wariness, he said, isn’t entirely wrapped around concerns that consumers’ data will be stolen or breached in some way — they are equally wary of it being sold to marketing interests.
Progress With Consumers
Consumers, however, are getting more comfortable with using biometric methods to add capability alongside security, which enables the buildout of new and better use cases. By way of example, Trilli offered the case of the consumer who has lost their card and calls in looking for a replacement. The challenge is knowing that the person isn’t a fraudster looking to get illicit access to an account. But if that firm has captured a biometric at onboarding, it’s easy to send along a code to that user’s phone and have them send back a positive scan of their face or fingerprint. Once that is verified against an original, said Trilli, that account can be opened with confidence that the owner is who they say they are.
There are built-in challenges, particularly around storing those biometrics in a careful and secure way. “You don’t want to have a centralized database of biometrics anywhere, and how you store that is very important,” Trilli said.
And biometric data and good biometric data isn’t necessarily the same thing, he noted. At this point, he said, it’s a well-established fact that many of the early systems that used biometric artificial intelligence (AI) were built upon white Caucasian data sets. That tends to make outcomes inaccurate, hence a move toward representative data sets that better represent a global audience.
Trilli noted that it’s the right thing to do, as security ought to be all-inclusive. Moreover, it’s just the smart thing to do, as no firm wants to have a bias that pushes bad decisions on different racial groups.
“All of this has to be embedded within the philosophy of the company and the technology early on, and it’s not something you fix later,” Trilli pointed out.
That’s because with fraudsters working overtime to break into consumer accounts, baseline imperfections are unacceptable. In fact, said Trilli, the race is on to continually upgrade and advance these systems as the cybercriminals are upgrading and enhancing the tools they use to break them. Stealing people’s voiceprints, making fully digital mock-ups of faces — these are the tools and tactics becoming more common in the fraud industry, he said. That means the biometric AI business must consistently and constantly update itself to stay ahead.
“It comes down to the type of biometric that’s being used, how it’s stored and manipulated in a private and secure way, and being able to use it to confirm that you are actually a real human being as these more sophisticated tools are being leveraged to fool it,” Trilli explained.
It’s complicated work — and small to medium-sized businesses (SMBs) will need to partner to make it happen. But it’s work that has to happen because the fraudsters aren’t going to stop elevating the level of their attacks. That means those tasked with fending them off can never stop elevating the level of their defenses.