By Dr. Nima Schei, founder and CEO@ of Hummingbirds AI
Banks and financial institutions are growing their businesses in a complex digital ecosystem that needs more robust and comprehensive user authentication tools. The forefront technology to achieve this is biometrics, with its next step in the evolution to leave the selfie behind: on-device video-based user authentication.
Banking and finance are the industry leaders when it comes to cybersecurity requirements. Banks such as the Bank of America spend over a billion dollars a year on IT and cybersecurity and in the last ten years, banks have spent $100 billion on technology, including technology-focused on security. The industry understands the importance of keeping customers safe and knows that the real cost of not securing financial and private information is not only money but customers’ trust, and this is the first and most important thing any company loses after a data breach. This is a general concern, as proved by the very recent 2022 Cyberthreat Defense Report by the CyberEdge Group, carried out in 17 countries and with 1200 IT decision-makers. According to it, intrusion detection and response are two of the most demanded cybersecurity issues: 38% and 41% of companies utilize a security service provider (MSSP) to manage them. This is not surprising at all because account takeover (ATO), PII harvesting, and credential abuse attacks come as the major concerns for companies after malware. In fact, according to CyberEdge Group, from 19 sectors involved in the report, 86% of companies in banking and finance are expecting the worst cyberattacks in the near future. Understandably, banks have been quick adopters of multi-factor authentication to add barriers against hacking for their identity and access management control methods (IAM).
Password-based identity access is losing power
For some time, password-based access was the answer but at present it is proving short when it comes to protecting against account takeover, especially when bad actors and hacking techniques do nothing but improve. In fact, a report from Gartner already predicted a few years ago the decline in the use of passwords. It stated that by 2022, 60% of large and global enterprises, and 90% of midsize enterprises, would implement passwordless methods in more than 50% of use cases, and it was not wrong. The reasons are many.
As users ourselves, we know that usernames can be relatively easy to find out, passwords are hard to remember, and to avoid the frustration of trying, the same password is shared among various platforms. This common user behavior leads to a “Domino Effect” which allows hackers to breach and get hold of multiple accounts just by cracking one single password.
With the eye set on cybersecurity, and specifically to prioritize fraud detection and secure payments, banking services are deploying a way to make accounts more secure and fraud-proof: multi-factor authentication. Technology moves so fast that we get used to incorporating concepts without thinking about them too much, so it is worth mentioning that when we talk about a factor in authentication, we refer to a way of confirming access by sign-in. A password for access is a factor and if more than one factor is required, then we are talking about multi-factor authentication.
The factors applied for multi-factor authentication are aligned under three concepts: something the customer knows (a password or pin), something the customer has (a second device such as a smartphone), or something the customer is or has inherited (a biomarker such as a fingerprint or the facial features). As a result, multi-factor authentication comes from the combination of these factors and the idea that this second factor is something hackers cannot get hold of.
So, if an impostor had the username and password of a customer and tried to sign in, the second step of authentication would automatically block the attack because the hackers would not have access to the second credential. This can work because banks assume (and customers as well) that the bad actor trying to break in is not using the user’s device and the sensitive information is safe because hackers would steal passwords, not devices. But then, the easy question arises: what if? Considering it improbable that hacking comes from a stolen customer’s device is narrow-sighted, unsafe, and exposes customers unnecessarily.
Biometric multi-factor Authentication: a step further
For organizations who see beyond, biometrics has proven to be the way to stand one step ahead of cyberattacks. Making biometric technology part of multi-factor authentication eradicates the threat of having the device stolen. Even in that case, hackers would be neutralized because they have no access to the second-factor authentication: usually a fingerprint or the face features. And organizations are not the only ones to see the benefits.
According to a report by a global technology specialist in fraud, GBG, consumers are open to increasing the use of biometrics in order to be identified and verified swiftly and be better protected against fraud. Accordingly, AI and machine learning for detecting fraud cases go up in demand by financial institutions, which consider them to be the number one tool for future-proofing fraud detection. AI has a double power: the ability to onboard customers frictionless and set the appropriate friction to bad actors.
In fact, according to this year´s Cyberthreat defense Report, 40% of respondents are planning to acquire biometric services in the next 12 months. Many banking services already use the passive liveness detection process for identity authentication applied to onboarding and logging in on mobile devices because of identity accuracy and low friction. It is a method with an array of benefits, the main of them being the possibility to authenticate identity in a completely frictionless and passwordless way with just one customer´s picture or selfie. Several survey companies including Gartner foresee the expansion in the use of biometric authentication and believe that 50 percent of all business transactions and 20 percent of customer authentication events will be passwordless within the next three years.
However, just like the password by itself has become insufficient to prove account security and identity protection, in the light of the current cyber events, passive biometric multi-factor authentication needs to be reviewed and replaced by a biometric technology that provides continuous deeper anti-spoofing identity verification that can run not just at login but all throughout the interaction of the customers with their banking providers. Hackers and their hacking techniques keep improving day by day. Account takeover fraud is a major concern in the industry and so are phishing attacks, and stolen credentials.
So, if adding a second factor for authentication was a game-changer for the industry, considering the customer’s needs and current cyberthreats, isn’t it time for the next step into cybersecurity and customer access control? Moving towards a technology that can provide deep biometric and progressive access with continuous user verification and fraud prevention would answer many of the questions the industry is starting to ask itself, and that technology is video biometrics.
Video-based biometric user authentication: the industry game-changer
Through the combination of facial biometrics and password, enterprises can achieve multi-factor authentication that is robust, reliable, and effective. Besides, it offers a seamless and friendly user experience, and it does not require much from the customers. However, to take this technology for granted, thinking that it is enough to provide the best security and services is a comfortable position that companies cannot afford, especially in banking and financial services. As a consequence, it is almost an obligation to start looking for optimizing this technology. Replacing passive selfie detection for continuous video authentication is clearly the next step, which in combination with a password, provides improved security with an equally frictionless interaction.
Actually, 32% of FI are looking to integrate a continuous fraud detection process across customer journeys as the main security feature. Using biometrics from video adds extra security control to every customer process for a number of reasons: this technology is tested under highly unrestricted environments in order to recreate assorted real-life contexts when it comes to light, environment, and distances. By performing on movement, it captures more facial biomarkers, and so it offers a more accurate definition of the facial print, which results in more highly precise face detection compared to a static picture, making the registered user less vulnerable to impostors. Video-based biometrics also provide systematic real-time detection and protection. Banks cannot feel safe just guaranteeing user-proved access, because that doesn’t take into account visual hacking and all the vulnerabilities still threatening the customer around the device. Applying video biometrics means making frame-by-frame identity verification from the beginning to the end of the interaction and alerting the customer of intrusion attempts during this process. The US Cybersecurity and Infrastructure Security Agency (CISA) highlights identity as one of the five pillars of its Zero Trust Maturity Model and emphasizes that organizations should validate identities continuously, not just when initially granting access.
On the organizational level, the benefits couldn´t be bigger: improved customer trust, reduced operational costs, boosted conversion rates and of course, a higher security and protection level. The video-based biometrics technology we develop particularly, has the power to allow or refuse access for the authorized user but also reject intruders automatically, without the user’s action, by running in the background. It is totally customizable to the users or organizations’ needs. This precise type of cybersecurity allows FI to offer reactive and proactive protection at the same time. This way the financial customers and their information receive truly holistic protection with no extra requirements, devices, or costs because this technology works with regular RGB cameras.
Video-based MFA: deep AI user and payments protection
Video biometrics represent the present and future of user protection because it goes hand in hand with the need for zero-trust architecture (ZTA) and the most current cybersecurity standard the USA government is willing to implement from now on, as mentioned in a recent executive order, which emphasizes on stronger enterprise identity and access controls, including multi-factor authentication (MFA). It is fundamental that solutions prioritize and consolidate identity systems with consistent real-time monitoring and vulnerabilities prevention.
Video-based MFA is so robust that it can be implemented even in ATMs for example, making skimmers devices useless. Its applications in the industry are many. But there is one very important ingredient to be part of this technology, and that is privacy. I consider privacy the ultimate right any person has, and therefore, I have always placed privacy at the cornerstone of any of our AI innovations. So how can we build privacy-first technology? Firstly, keeping facial biometric features stored locally, which means they are kept on the customer’s device, and secondly, being GDPR compliant and making sure to be updated on new privacy standards. This way customers are not giving in to their privacy through biometrics but profiting from its use when necessary.
Banks and financial businesses should not wait to have their customers asking for better security because when that happens, it means it is too late. The technology is already available and expanding. This is their choice and opportunity to be ahead of the race against cyberhacking.
About the Author:
Nima Schei is a visionary AI entrepreneur and animal rights activist. He is the founder and CEO@ of Hummingbirds AI, home of the Guacamole Platform at the intersection of AI, cybersecurity, and biometrics. Nima is a pioneer of emotional AI and the creator of BEL emotional machines. He is also a keynote speaker on ethical human-centered AI, advocating democratizing access to AI. His leadership thought articles have been published in cyber security magazines, as well as media outlets such as The Huffington Post and Fast Company. His vision is to create a nature-centric future with respect to our consciousness and intelligence through ethical human-centered AI.
This is a Sponsored Feature.