According to the 2020 ACFE Report to the Nations on Occupational Fraud and Abuse, organizations worldwide lose an estimated 5 percent of their annual revenue to fraud.
November 14-20 is International Fraud Awareness Week. Fraud Week shines a light on the importance of fraud prevention focusing on anti-fraud awareness and education.
There are many technologies companies can use to protect themselves, their employees, and customers from fraud. The adoption of biometric technology is gaining momentum as businesses look for ways to deal with rising identity fraud and attacks that lead to data breaches and account takeovers.
Following are five ways biometrics help fight fraud:
#1 Address the weakest link in security – passwords
Verizon reports that 61% of breaches involved credentials in 2020. This includes passwords stolen through email account compromises and other forms of social engineering attacks, which were up 11% in 2020.
Unlike passwords, biometrics rely on something you are — not something you know. With nothing to share or remember, biometrics are the best defense against attacks that aim to trick users into divulging their credentials. Additionally, biometrics clean up bad password hygiene such as reuse of credentials across accounts and choosing easy passwords.
#2 Strengthen authentication without increasing friction for users
Multi-factor authentication (MFA) is the use of two or more independent factors to prove identity. Microsoft reports that using a second factor can block 99.9% of automated attacks. The good news is that 76% of people now say they use MFA for work and personal security. However, not all MFA is equally effective as some approaches still rely on weak methods such as passwords or SMS-based one-time passwords.
Additionally, MFA and two-factor authentication can result in friction that frustrates users and prevents broader adoption. Biometrics offer high security without negatively impacting the user experience. An MFA solution that uses biometrics can offer an even easier and faster solution than a single-factor password-based solution. For example, combining a user’s mobile device as a token with an enterprise-grade biometric provides strong authentication without adding extra steps to the process.
#3 Close gaps in the re-verification process to fight fraud
There are various reasons why a user may need re-verification, such as having a new mobile device or being locked out of their account. Today, the solution involves processes ripe for fraud, including password reset links, one-time passwords, and knowledge-based authentication.
Bad actors who access a mobile device, phone number, or email account can intercept password reset links. Another common fraud tactic is a hacker claiming they have forgotten their password and have a new device. In this scenario, a contact center agent may rely on knowledge-based authentication methods that are simple to circumvent — leading to account takeovers.
Enterprise-grade biometrics ease re-verification and fight fraud. First, they can’t be forgotten and don’t need to be reset. Second, they are not tied to a specific device and remain a reliable authentication factor even when a mobile phone is lost, stolen, or replaced. If a person has a new mobile number, an organization may require additional steps; however they won’t be relying solely on unreliable verification methods.
#4 Detect identity fraud during Digital Onboarding
The process of opening a new account online often requires validation that a person is whom they claim to be, especially true in regulated industries such as banking. As the days of going to a physical branch, office, or retail location fade, the need to virtually validate that the people we do businesses with are not committing fraud is more important than ever. Face biometrics strengthens digital onboarding fraud prevention by matching a selfie of the user to their photo on a government-issued ID. The layering of facial liveness detection prevents spoofing attacks by ensuring the selfie is of a live person and not a photo of a printed image, digital image, video, or someone wearing a mask. Face biometrics with liveness detection is one piece of a robust identity verification solution.
#5 Ensure presence of the authorized user with biometric liveness
Passwords don’t prove the presence of an authorized user — only that the person has the right credentials to authenticate against a claimed identity. Biometrics, including voice and face, are a unique authentication factor in this regard in that they confirm the person attempting to gain access is a match. At the same time, liveness validates the user is truly present.
All other forms of authentication involve something the user knows or has or knows and therefore, all can be compromised or shared.
As stated above, biometrics are one way to fight fraud. For additional resources to help your organization, or to support ACFE’s annual International Fraud Awareness Week, visit fraudweek.com.
ID R&D Blog Post: Can Biometric Data Be Stolen?
ID R&D Blog Post: 5 Reasons to Make Biometrics Part of Your MFA Strategy