Keeping balance between security and convenience – is biometrics the answer?

This interview was first published in our Web Fraud Prevention and Online Authentication Market Guide 2017/2018. The Guide is a complete overview of the fraud management, digital identity verification and authentication ecosystem provided by thought leaders in the industry from leading solution providers (both established and new players) to associations and experts.

Account takeover causes now more than USD 7 billion in losses per year. What needs to be done to protect banks, ecommerce companies and their customers?

Account takeover occurs when a fraudster is able to obtain personal information and gain unauthorised access to a customer account. This can happen for any type of online account, including financial, email, social media or online retail accounts. Often phishing and malware are used to steal this information.

Cybercriminals have become particularly adept not only at breaching the security systems of large companies, but also at breaking into the online bank accounts of individual internet users.

There is no magic ‘silver bullet’ to stop all fraud, but companies that employ a multi-layered fraud security strategy that addresses threats at every stage of the attack lifecycle have the best way to thwart fraud

The critical components of a multi-layer anti-fraud strategy include: proactive monitoring of external threats, online navigation protection, user authentication and user behaviour analytics.

Since you mentioned biometrics, could you please explain what the main benefits of this technology are? 

Biometric authentication technology is likely to be a game-changer. It uses the unique physical characteristics of an individual and is increasingly being employed as a way to confirm online purchases, payments, and bank transactions. Next-generation biometric fingerprint, facial, and voice recognition technology is highly secure, and best of all, it’s easy for customers to use and doesn’t require them to memorise a username-password combo or input a business-transmitted passcode. Nevertheless, like any other authentication solution, biometrics is most secure when coupled with other authentication layers, like push notifications, one-time passwords, QR-codes, device identification and more.

How is biometric authentication superior to other kinds of end-user authentication solutions?

For the average customer, there is always a need of a balance between security and ease-of-use. Some other authentication systems are highly secure, but are rigid and require the user to follow many steps before they can log in or make a purchase or transaction. This leads to frustration so users avoid using the security because it’s so inconvenient. If a user authentication system is too lenient, it’s liable to be compromised by hackers. Biometrics strikes this balance naturally, as it is highly secure, extremely difficult to crack, and easy to use. It’s also better than some types of one-time passcode (OTP) authentication; SMS-delivered OTPs, for example, are vulnerable to capture by cybercriminals. And, of course, biometrics is by far a better authentication system than the old username/password combo.

What would you say to an organisation that is considering adopting biometrics as part of their current security strategy?

I’d say that they’re quite a forward-thinking organisation. It’s definitely a good idea to do your research, as there are a lot of different types of biometric systems that are meant to secure different things. Also, it’s a good idea to audit their current user-verification system, and ask: is it as secure as it could or even should be? Have there been breaches in the past? How have compromised customers reacted? Or perhaps their current user authentication system is highly secure but is a hassle to use it. If companies want low-friction security for their customers, then, I’d say, biometric authentication is right up their alley.

What do you predict that future of fraud will look like?

It’s not easy to predict the future, but within our lifetimes, I think that both fraud security and online commerce will be barely recognisable when compared to the way they are today. Biometrics has the potential to make things that we’re used to – credit cards and logins, for example – obsolete. What if you could log into an account with a touch of your fingerprint, make a transaction simply by saying it, or purchase items by taking a ‘selfie’ photo? That might be what the future holds. And the next generation of hackers, like their forefathers, will use all their ingenuity to find and exploit system weaknesses, however slight or small those weaknesses may be. But, just as the digital transaction systems of tomorrow will be more able to detect, block, and neutralise the most potent of fraud attacks we know of today, fraudsters themselves will innovate, and other, more advanced attack methods are likely to emerge. What those attack methods are, could be anyone’s guess.

About Ricardo Villadiego

Ricardo Villadiego is the CEO of Easy Solutions, a Cyxtera Business and leading provider of fraud detection and prevention solutions to financial institutions and enterprises around the world. Villadiego has spent the last 20 years helping organisations to overcome electronic fraud challenges under a holistic vision: Total Fraud Protection.

About Easy Solutions

Easy Solutions is a security provider focused on the comprehensive detection and prevention of electronic fraud across all devices, channels and clouds. Products range from digital threat protection and secure browsing to multi-factor authentication and transaction anomaly detection, offering a one-stop shop for end-to-end fraud protection.