The number of identity fraud cases increased 16 percent between 2015 and 2016, according to Javelin Strategy & Research.
The finance sector still struggles to combat fraudsters. Despite increased adoption of EMV cards and robust password creation policies, banking customers are still falling victim to fraudsters, and it’s costing banks big. U.S. financial institutions alone lost $16 billion last year as a result of fraud.
The problem goes beyond North America. ACI Worldwide found 49 percent of Brazilians and 56 percent of Mexicans fell victim to card fraud last year.
What’s the solution? Pioneering financial institutions are starting to improve upon conventional authentication methods such as passwords and PINs. Many feel that facial recognition software and other biometric solutions are the keys to improving banking security.
The Problem with Passwords
Using passwords comes with a serious caveat: They’re based on what people know. Hackers can use any number of tactics to obtain that knowledge.
Furthermore, the more complex they become, the easier they are to forget. When a banking customer forgets his password, he may receive a temporary code via email to reset it. The problem is, someone could use a man-in-the-middle attack to intercept that email and use the code himself.
Even security questions aren’t completely foolproof. A cybercriminal could peruse a customer’s social media profile to learn key information. So, in an attempt to change a customer’s password, a hacker may be able to answer questions such as “Where were your born?” or “What was the name of your first pet?”
Social engineering is also a popular tactic among hackers. Symantec noted how fraudsters trick Gmail users into disclosing verification codes by creating messages that look like their from Google.
Long story short: passwords aren’t enough to deter fraudsters. What makes facial recognition different?
How Facial Recognition Combats Fraud
Facial recognition technology on a mobile device authenticates customers based on who they are as opposed to what they know. Facial recognition on a mobile device offers a second factor of authentication, with the first being possession of the device itself, and the second being a live facial image. Multi-factor authentication presents more barriers to fraudsters.
While facial recognition can be considered among the most convenient of biometric modalities, it does pose a higher risk of impersonation, given the higher availability of facial images of a given victim. A hacker could try to use a picture of someone they’re impersonating, often called a “spoof”. This is why it’s important to employ means to detect spoofs by assessing the “liveness” of the facial image. This is often called “liveness detection” and applies to many biometric modalities, including fingerprint.
Let’s look at other ways that biometrics can be used to help prevent fraud. One is how facial recognition can prevent hackers from opening fake accounts. Suppose a fraudster walks into a bank and asks to open a line of credit using a fake driver’s license with a customer’s real information. As part of the onboarding process, the teller prompts them to stand in front of a camera for a photograph, which is then used to compare with the known customer’s biometric record and detects a non-match. As a result, the teller notifies management of the issue so that a more thorough investigation can be pursued.
Facial biometrics can also be used to access accounts from a computer. Many computers, for example, have built-in webcams. Every time a banking customer logs into his online account, they can use their facial biometrics as an additional security factor to login to their accounts and to request transactions. .
Manufacturers are expected to purchase 1.6 billion fingerprint sensors in 2020, according to IHS Markit. So, if a bank wanted to require both facial recognition and fingerprint images for customer authentication, they have the option of doing so.
Obtaining Access to Facial Recognition Technology
For banks with the resources to build custom applications, biometrics providers offer software development kits (SDKs). They give organizations the freedom to create biometric systems that comply with their unique processes.
Biometrics-as-a-Service (BaaS) offers a cost-effective way for financial institutions to integrate facial recognition technology into their operations. The web services run from a cloud enable organizations to perform biometric comparisons without installing software. BaaS allows banks to acquire biometric capabilities without investing in a custom solution. Financial institutions access the technology by paying monthly subscription fees instead of up-front license payments.
Fraudsters are never going to stop, but biometrics have demonstrated that they can make their jobs a lot more difficult.