With cyber breaches a common threat to organizations and individuals, passwords and PINs alone are proving to be insufficient when it comes to determining true digital identities.
Financial and government institutions have resorted to biometric solutions, such as facial recognition, to ensure that users behind digital transactions are who they claim to be.
However, a new threat is looming – deepfake technology. This new breed of cyber threat allows bad actors to manipulate video and even audio in a way that looks very real, and it has made leaps and bounds in recent years.
The threat of deepfakes have even prompted concerns regarding the upcoming US 2020 elections and has drawn the attention of tech giants such as Google, who have vowed to battle deepfakes with data that help researchers detect videos manipulated by artificial intelligence. Furthermore, the increase in popularity of novelty apps, such as FaceApp, have become potential conduits for criminals to attain user’s personal data and photos for manipulation.
As deepfakes become increasingly sophisticated and hard to tell apart from the real thing, it is increasingly important for organizations to protect themselves and to stay a step ahead of malicious hackers or manipulators. The question is how…
CybersecAsia posed these challenges to Frederic Ho, Vice President, APAC, Jumio Corporation, for his perspectives and possible solutions.
With the rise of digital banking and payments, what are the real and potential concerns related to digital identities and authentication?
Ho: Growing volumes of digital transactions have given rise to the need for more stringent measures to verify legitimate customers and weed out bad actors. Within the banking and finance sector, many industry players are currently exploring the deployment of electronic Know-Your-Customer (eKYC) technologies to verify the identities of their customers.
The top considerations for financial institutions in navigating this process are:
- It is very important to correctly identify and reject fraudulent applicants, but also speedily approve valid users. A key concern is that enterprises face difficulties in achieving both objectives in a very short window of time so as not to negatively affect the user experience.
- Keeping up with the latest online identity fraud practices and devising countermeasures is a constant challenge for businesses, especially given today’s evolving threat landscape. The rise of deepfake, for instance, goes to show that even high-resolution videos of a person can be faked.
- Relying on separate systems to secure the user enrolment process and subsequent authentication steps is a common but dangerous practice, which can result in potential cybersecurity gaps due to the lack of deep integration. Customers acquired via online account sign-ups that involve the collection of biometrics information should be subjected to subsequent authentication measures using the same biometrics.
- Some financial institutions also fail to take into account the scalability of their eKYC process, especially when the business grows and expands overseas. A DIY approach to eKYC technology deployment, such as integrating optical character and facial recognition tools into existing infrastructure, may not be sustainable in the long run, especially when it comes to handling high customer volumes and foreign ID documents.
- Another concern with eKYC is surprisingly high levels of online abandonment. Recent studies have found that more than 50% of applicants abandon the onboarding process. The typical reasons for abandonment are the time it takes for online verification, but also the amount of information required and confusing instructions and a non-intuitive interface as deterrents to completing the process online. That’s why financial institutions need to be mindful of best practices and really think through the user experience of the identity verification process to reduce the amount of friction and resulting customer abandonment.
What is the magnitude of risks to businesses? How should businesses mitigate such concerns?
Ho: There are a number of risk factors associated with the rise in digital banking from reputational risk, identity theft and account takeovers, compliance risk and abandonment costs.
Reputational risk caused by cybersecurity incidents or poor user onboarding experience could overshadow all innovation efforts of a budding fintech company. Even larger enterprises will have a tough time improving their brand image and regaining customer trust if caught in the same scenario.
Financial loss is another likely outcome in the event of fraud. In fact, 3 in 4 Asia Pacific banks believe that fraud will increase in 2019, thus underscoring the industry’s concern around the legitimacy and impact of online transactions.
Compliance Costs: Since the global financial crisis, bank compliance costs for financial crime have risen by 70%.13 The impact of financial crime on banks is extraordinarily large, from both a cost and operational perspective. Banks must manage huge data volumes, increasing regulatory requirements, and proliferating sanctions and cross–border risks.
AML compliance costs rose 9% to 10% during the past two years with growth expected to continue at a similar rate over the coming year. Midsize to large financial firms in Indonesia, Philippines and Singapore (assets totaling greater than $10 billion) have significantly larger annual average compliance outlays than smaller firms, ranging from $11.95 to $13.93 million for larger firms and $1.18 to $2.08 million for smaller firms (source: LexisNexis Risk Solutions, June 2019). Despite the labor-intensive nature of the AML function within financial firms, the report reveals limited use of newer technologies across smaller and larger firms in the region.
Opportunity Cost: Given the high rate of abandonment, another risk is the cost of lost customers who bail out of the online application process. If the lifetime value of a retail banking customer is $200, and the financial institution is losing 50% of online applicants because of a time-consuming, clunky onboarding process, the opportunity costs can be significant, especially given the high marketing costs of driving new prospects to a bank’s website.
Companies that are serious about growing a sustainable and profitable digital business should seek partnerships with reputable vendors specializing in online identity verification to secure their business environment.