By Hal Granoff, Head of US Market Development at Callsign
The pandemic has drastically altered the way businesses view
security. In an effort to keep sales up and maintain customer services when the
world shut down, businesses rushed to adapt and survive. But in doing so, they
may have inadvertently created larger problems.
It's not uncommon for businesses to trade privacy and
security for convenience, but these compromises during the pandemic ultimately
impacted the ill-equipped, misinformed end-user more than anticipated.
The Impact
As business shifted online, we've also seen an unsurprising
spike in fraud. In fact, since the pandemic's onset, fraudster threats against
businesses have increased by nearly 50 percent. And traditional security methods
like passwords and one-time passcodes (OTP), which have become targets for bad
actors, only further the problem.
Recent research from Callsign indicated that out of 1,000 US
respondents polled, 73 percent of consumers lack confidence in the security of
their passwords, and yet only a quarter of those people update their passwords
when prompted. Overall, since the COVID-19 pandemic, 40 percent of consumers
are more concerned about their privacy online, but nearly 30 percent of
respondents still feel that normal passwords are the most secure and
trustworthy way to log in to online accounts, despite more sophisticated
technology available.
And, it's not just consumers who lack confidence in the
strength of the password. The recent large-scale cyber attacks on Colonial
Pipeline, SolarWinds and Exchange Server have shown just how vulnerable
organizations can be and made this issue a priority for the current
administration. In early May, President Biden announced an executive order that
mandates that government agencies implement multi-factor authentication based
on risk and a Zero Trust security network. While these measures are currently
directed at public sector organizations, it's an important proof point around
why passwords aren't enough.
The role of the password has changed dramatically in the
last few years - accelerated by the pandemic - and the fact that consumers are
worried about privacy highlights how businesses need to make digital
identification more streamlined and secure without compromising privacy for
security or user experience.
The Solution
It's time to stop focusing on passwords as the sole way to
authenticate users. Instead, businesses need to build other verification
methods into their customer security strategies, including biometric
technology.
In the past decade, biometric technology has evolved by
leaps and bounds, diverging into two specific types of user verification
technology - static biometrics and behavioral biometrics. Static biometrics
include fingerprints, facial recognition, voice recognition, etc, while behavioral
biometrics assess unique dynamic inputs of the consumer like the speed at which
they type in a password or the pressure used when swiping a cell phone screen.
But there are distinct nuances
businesses need to keep in mind as they assess their biometric authentication
methods to ensure consumers' needs and privacy are considered at every step. In
point of fact, static biometrics are not fully privacy preserving and far from
perfect. They are typically based on providing a consumer's physical attributes
(like a profile picture) over third parties like Facebook or Google, and there
is inherent bias against customers with Black Asian and Minority Ethnic (BAME)
backgrounds.
On the other hand, behavioral
biometrics are fine-tuned to the individual, learning and adapting with the
consumer as the business relationship progresses. These technologies seamlessly
add many levels of security to give consumers access to services like online
banking without disrupting the user experience. Particularly in industries like
retail, adding too many complex, time consuming layers can result in lost sales
with each second of friction added.
Digital identity verification is
vital to continued economic growth and both business and consumer protection,
but with so much broken trust in passwords and a lack of education among the
general public, the entire approach needs to shift. It may sound like an
oxymoron, but in an effort to get a handle on the skyrocketing fraud instances
across the country, behavioral biometric technologies will help the entire
ecosystem become more transparent in a privacy forward way.
##
ABOUT
THE AUTHOR
Hal Granoff - Head of US
Market Development
Hal is leading the strategy and
expansion of Callsign's Intelligence Driven Authentication in the United
States. Previously, Hal was a Sr. Director at Early Warning where he was
responsible for developing Authentication solutions to protect FIs from the
threat of fraud in the mobile and online platforms. Prior to that, he served in
leadership roles at Cendant Corporation (currently Affinion Group) - where he
managed account relationships for top credit card issuers - and MasterCard
International - where he contributed to the company's growth of global
acquiring initiatives in Asia, South America and Canada. He earned his
undergraduate degree from the University of Wisconsin at Madison while serving
as Regional Director of AIESEC, an International student-run organization.