By Hal Granoff, Head of US Market Development at Callsign

The pandemic has drastically altered the way businesses view security. In an effort to keep sales up and maintain customer services when the world shut down, businesses rushed to adapt and survive. But in doing so, they may have inadvertently created larger problems.

It's not uncommon for businesses to trade privacy and security for convenience, but these compromises during the pandemic ultimately impacted the ill-equipped, misinformed end-user more than anticipated.

The Impact

As business shifted online, we've also seen an unsurprising spike in fraud. In fact, since the pandemic's onset, fraudster threats against businesses have increased by nearly 50 percent. And traditional security methods like passwords and one-time passcodes (OTP), which have become targets for bad actors, only further the problem.

Recent research from Callsign indicated that out of 1,000 US respondents polled, 73 percent of consumers lack confidence in the security of their passwords, and yet only a quarter of those people update their passwords when prompted. Overall, since the COVID-19 pandemic, 40 percent of consumers are more concerned about their privacy online, but nearly 30 percent of respondents still feel that normal passwords are the most secure and trustworthy way to log in to online accounts, despite more sophisticated technology available.

And, it's not just consumers who lack confidence in the strength of the password. The recent large-scale cyber attacks on Colonial Pipeline, SolarWinds and Exchange Server have shown just how vulnerable organizations can be and made this issue a priority for the current administration. In early May, President Biden announced an executive order that mandates that government agencies implement multi-factor authentication based on risk and a Zero Trust security network. While these measures are currently directed at public sector organizations, it's an important proof point around why passwords aren't enough.

The role of the password has changed dramatically in the last few years - accelerated by the pandemic - and the fact that consumers are worried about privacy highlights how businesses need to make digital identification more streamlined and secure without compromising privacy for security or user experience.

The Solution

It's time to stop focusing on passwords as the sole way to authenticate users. Instead, businesses need to build other verification methods into their customer security strategies, including biometric technology.

In the past decade, biometric technology has evolved by leaps and bounds, diverging into two specific types of user verification technology - static biometrics and behavioral biometrics. Static biometrics include fingerprints, facial recognition, voice recognition, etc, while behavioral biometrics assess unique dynamic inputs of the consumer like the speed at which they type in a password or the pressure used when swiping a cell phone screen.

But there are distinct nuances businesses need to keep in mind as they assess their biometric authentication methods to ensure consumers' needs and privacy are considered at every step. In point of fact, static biometrics are not fully privacy preserving and far from perfect. They are typically based on providing a consumer's physical attributes (like a profile picture) over third parties like Facebook or Google, and there is inherent bias against customers with Black Asian and Minority Ethnic (BAME) backgrounds. 

On the other hand, behavioral biometrics are fine-tuned to the individual, learning and adapting with the consumer as the business relationship progresses. These technologies seamlessly add many levels of security to give consumers access to services like online banking without disrupting the user experience. Particularly in industries like retail, adding too many complex, time consuming layers can result in lost sales with each second of friction added.

Digital identity verification is vital to continued economic growth and both business and consumer protection, but with so much broken trust in passwords and a lack of education among the general public, the entire approach needs to shift. It may sound like an oxymoron, but in an effort to get a handle on the skyrocketing fraud instances across the country, behavioral biometric technologies will help the entire ecosystem become more transparent in a privacy forward way.

##

ABOUT THE AUTHOR

Hal Granoff - Head of US Market Development

Hal is leading the strategy and expansion of Callsign's Intelligence Driven Authentication in the United States.  Previously, Hal was a Sr. Director at Early Warning where he was responsible for developing Authentication solutions to protect FIs from the threat of fraud in the mobile and online platforms. Prior to that, he served in leadership roles at Cendant Corporation (currently Affinion Group) - where he managed account relationships for top credit card issuers - and MasterCard International - where he contributed to the company's growth of global acquiring initiatives in Asia, South America and Canada. He earned his undergraduate degree from the University of Wisconsin at Madison while serving as Regional Director of AIESEC, an International student-run organization.