Securing Digital Identities in A Predominantly Remote World

COVID-19 and the subsequent uptick in targeted cyberattacks accelerate the need for biometric-based digital onboarding
By Bob Eckel, President & CEO, Aware, Inc.
As we entered 2020, organizations were beginning to undergo transformations to meet the growing demands of an increasingly digital marketplace. In adopting new technologies to streamline and accelerate business operations, banks and other consumer-focused businesses aimed to drive steady increases of biometric-based digital onboarding methods. These industries were striving to remove friction from onboarding processes at the same time they needed to address growing security threat concerns where biometrics were gaining trust as a secure, passwordless option for a broad range of authentication practices.
Then we witnessed the criticality of businesses reprioritizing their digital transformation processes as the impacts of the COVID-19 pandemic unfolded. As organizations across the world were forced to move their entire businesses online in a matter of weeks – some for the first time – they had to rapidly shift their business models to accommodate a predominantly remote workforce. With many unprepared to handle the IT and security challenges, identities became more vulnerable and in turn protection more valuable than ever. As 2021 kicks off, it’s important that businesses understand the benefits behind biometric-based digital onboarding to ensure organizational integrity as they continue to secure the digital identities of employees and customers alike.

Enhance remote authentication against increased cyber activity

Since the beginning of 2020, there have been more than 445 million cyberattacks reported, which is double when compared to the entirety of 2019. When the pandemic forced millions of employees into remote work settings, it opened up huge opportunities for cybercriminals to take advantage of any security weak points to attacks aimed at stealing personally identifiable information (PII). In March alone, phishing attacks related to COVID-19 surged 667% as hackers aimed to separate consumers from their credentials, looking to leverage fraudulent pandemic-related information and many individuals’ initial entry to the all-online world to gain access. Still, today, as the large majority of the world remains remote and people do more shopping, learning, and working at home, hackers are looking harder for ways to take advantage of weakened security.
Biometrics makes the identity proofing process more robust and secure. They can’t be stolen in the same manner as your login credentials or lost like a password. They leverage unique personal data – such as the face, voice, finger, or iris prints – that people can store and then match later as a single or multi-factor authentication process. With facial recognition being 99.7% accurate and improving yearly, according to NIST, biometrics provides that extra layer of defense to ensure identities remain protected. Regardless of increased threats targeting users who don’t have the security training to help them to flag phishing emails and other related scams, their identities are more secure.

Ensure your customer is who they say they are by keeping fraudsters out

While facial recognition is a particularly useful biometric modality for mobile onboarding and authentication – with nearly all mobile devices having built-in cameras and microphones – the method is still vulnerable to so-called “presentation attacks” – otherwise known as “spoofs.” In short, a fraudster can try to spoof the biometric data on file by presenting a facsimile, such as a photo, video recording or mask. In mobile un-proctored onboarding, a fraudster can try to impersonate a victim using a false match presentation attack. In doing so, they can falsely use their victim’s identity to open a new account. By registering a false image – a picture of a random person, a smudged image that wouldn’t be biometrically searchable – a fraudster could work to open up new fake accounts.
To protect against these ploys, it’s essential to apply robust liveness detection when using facial recognition for unattended or un-proctored mobile applications. There are a couple of ways in mitigating the risk of facial presentation attacks through liveness detection algorithms: by analyzing facial images to determine whether they are of a live human being or a reproduction or by adding a second biometric modality, such as voice or speaker recognition. “Passive” liveness detection addresses this issue by distinguishing between a live person and a spoof without forcing the user to participate in the matching process.

Provide a touchless onboarding process to meet social-distancing guidelines

Part of the appeal of biometric authentication technologies during a pandemic or Flu season is the touchless access they provide. Voice biometrics and face recognition enable hands-free authentication and access, eliminating the need to use on-site PIN pads, card readers or kiosks. To limit the spread of the virus, businesses need to shift more of their onboarding functions online. By focusing on implementing frictionless authentication processes through the use of biometrics, organizations can ensure that customers remain safe, physically, at the same time that they verify that customers are who they claim they are when in-person verification is not an option.
Additionally, providing a positive onboarding experience can be a critical business differentiator. This is especially true for banks, which are facing pressure from online competitors and seeing their services commoditized. If they get the onboarding right, they can secure a customer’s loyalty for a lifetime. Forcing a customer to provide physical identification multiple times or answer too many questions can sour a relationship from the start. Biometrics work better in onboarding settings when it doesn’t slow the user down.
As the world continues to leverage technology to provide a more secure, seamless, and now touchless experience for users, we can anticipate biometrics will be a driving force. Growing at a faster rate than non-biometric technology, they will be instrumental in enterprises’ moves to make the onboarding process more efficient as organizations bring identity verification to the forefront of their business operations.
About the Author
Robert A. Eckel is the Chief Executive Officer & President of Aware, Inc. He also serves on the board of directors for the International Biometrics + Identity Association (IBIA), as a strategic advisory board member of Evolv Technology, and as a consultant for Digimarc Corporation. Over his distinguished career, he has held many positions of note within the biometric and identity space, including Regional President and Chief Executive Officer of IDEMIA’s NORAM Identity & Security division from 2017 to 2018; President and Chief Executive Officer of MorphoTrust USA, LLC from 2011 to 2017; Executive Vice President and President of the Secure Credentialing Division of L-1 Identity Solutions Company from 2008-2011; and President of the Identity Systems division of Digimarc Corporation from 2005 to 2008. Mr. Eckel has received his Master’s degree in Electrical Engineering from the University of California Los Angeles, and his Bachelor’s degree in Electrical Engineering from the University of Connecticut. Robert can be reached online on Twitter and LinkedIn and at our company website: https://www.aware.com/