Preventing Financial Fraud: The Identity Crisis Facing Banks | GBAF

Preventing Financial Fraud: The Identity Crisis Facing Banks | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Banking > WHY BANKS NEED CONSUMERS TO DETECT IMPOSTERS

WHY BANKS NEED CONSUMERS TO DETECT IMPOSTERS

Published by Gbaf News

Posted on November 12, 2016

9 min read

Last updated: January 22, 2026

Graph illustrating China's lending rate cuts to boost economy amid COVID resurgence - Global Banking & Finance Review — This image showcases a graph depicting the recent cuts to China's lending benchmarks. It highlights the People's Bank of China's strategy to revive a faltering economy affected by a property crisis and COVID resurgence. The cuts aim to stimulate growth while managing inflation risks.

By Jeremy Newman, founder and executive director of ShowUp

In the first half of 2016 alone, there were more than one million incidents of financial fraud, an increase of 53 per cent on the same period last year; with identity fraud against individuals costing an estimated five billion pounds last year.

Identity fraud occurs when an imposter pretends to be someone else. To prevent this, banks ask customers for passwords, but judging from the fraud figures, this isn’t working and things are getting worse. The reason is simple: data cannot differentiate. A password provided by the true customer is exactly the same when that same password is provided by an impostor.

Banks need to reconsider the security practices they put in place so as to allow consumers to tackle this fraud. Rather than continuing to impose a practice that everyone acknowledges is fundamentally flawed, banks need to reach out to consumers for help.

Why banks are not doing enough

Over the past ten years or so, the response to the rise in identity fraud has exemplified Einstein’s definition of insanity: keep doing the same thing, just more of it. Passwords had to be longer, then they had to contain numbers, then with upper and lower case letters, and symbols. Along the way we had to provide random characters from a ‘memorable’ word, and ‘secret’ answers to an array of personal questions.

To be fair, banks are not alone in persisting with this broken method. They inherit an information technology practice that has persisted for fifty years. Passwords were first used in a system called CTSS developed at MIT in 1961, and we’ve barely moved ever since.

Attempts to try something different have involved the introduction of card readers, dongles and using your phone to send you a PIN. This so-called two-factor authentication (2FA) is intended to make it harder for those secrets to fall into the hands of impostors. The problem is that ultimately it’s still just data, to which the golden rule applies: if you can know it, a fraudster can know it too.

Although 2FA represents an improvement, it is not widely adopted. This has been highlighted in the last month, with five of the UK’s biggest banks scoring poorly in security tests and failing to invest in systems to better protect their customers. This is not without reason: apart from the weakness inherent in using data to distinguish between customers and impostors, these methods are costly and require customers to perform awkward tasks, such as fiddling with card readers and copying PINs from one device into another.

I believe banks have been trying to solve the problem, but in the wrong way. Attempts to fix it to date have made a bad situation worse. Consumers are unwilling or unable to remember long and complex passwords and instead choose to use the same password for everything, or write it down. Consumers are also warned not to put information on social networks, such as their date of birth, where they were born, went to school… But why shouldn’t they? The real question is this: Why is any bank using personal information as a guarantor of personal identity? The current system has always been destined to fail.

Banks can help not hinder

To increase identity protection, detect imposters and make consumers lives easier, banks need to disrupt the security industry, turn it on its head and drive change towards a better system. To do this, they need to consider the origins of identity itself.

People already have an excellent identity system that has been refined over thousands of years of human evolution. The ability to tell friend from foe has been a matter of survival. When someone comes in your house and you see your partner, you know it’s them. You don’t need them to wear a badge or give a password. It is all based on visual identity – our inbuilt facial recognition software, if you will.

Remarkably, information technology has overlooked this natural capability. By capitalising on visual identity, banks can help transform the practices around online identity and leave our broken system behind. A few years ago it would have been impossible to do online identity visually. However, with almost every consumer having a digital camera connected to the internet in the form of a mobile, now is the perfect moment to put this practice into place.

People know people

This means that a person requesting access can present themselves to the camera on their mobile, so allowing natural, real-world identity to be brought into play. Verifying identity becomes a social activity – as it always has been. If the account holder shows up they will be recognised, but if anyone else shows up, the imposter will be detected. This not only prevents fraud from occurring, it also catches the criminal in the act – a significant deterrent.

By relying on visual identity, banks can help people protect one another from fraud using the identity system they have been using for millennia – their eyes. The reality is that organisations don’t know people, people know people. When it comes to personal identity, the customer really does know best.

By Jeremy Newman, founder and executive director of ShowUp

In the first half of 2016 alone, there were more than one million incidents of financial fraud, an increase of 53 per cent on the same period last year; with identity fraud against individuals costing an estimated five billion pounds last year.

Identity fraud occurs when an imposter pretends to be someone else. To prevent this, banks ask customers for passwords, but judging from the fraud figures, this isn’t working and things are getting worse. The reason is simple: data cannot differentiate. A password provided by the true customer is exactly the same when that same password is provided by an impostor.

Banks need to reconsider the security practices they put in place so as to allow consumers to tackle this fraud. Rather than continuing to impose a practice that everyone acknowledges is fundamentally flawed, banks need to reach out to consumers for help.

Why banks are not doing enough

Over the past ten years or so, the response to the rise in identity fraud has exemplified Einstein’s definition of insanity: keep doing the same thing, just more of it. Passwords had to be longer, then they had to contain numbers, then with upper and lower case letters, and symbols. Along the way we had to provide random characters from a ‘memorable’ word, and ‘secret’ answers to an array of personal questions.

To be fair, banks are not alone in persisting with this broken method. They inherit an information technology practice that has persisted for fifty years. Passwords were first used in a system called CTSS developed at MIT in 1961, and we’ve barely moved ever since.

Attempts to try something different have involved the introduction of card readers, dongles and using your phone to send you a PIN. This so-called two-factor authentication (2FA) is intended to make it harder for those secrets to fall into the hands of impostors. The problem is that ultimately it’s still just data, to which the golden rule applies: if you can know it, a fraudster can know it too.

Although 2FA represents an improvement, it is not widely adopted. This has been highlighted in the last month, with five of the UK’s biggest banks scoring poorly in security tests and failing to invest in systems to better protect their customers. This is not without reason: apart from the weakness inherent in using data to distinguish between customers and impostors, these methods are costly and require customers to perform awkward tasks, such as fiddling with card readers and copying PINs from one device into another.

I believe banks have been trying to solve the problem, but in the wrong way. Attempts to fix it to date have made a bad situation worse. Consumers are unwilling or unable to remember long and complex passwords and instead choose to use the same password for everything, or write it down. Consumers are also warned not to put information on social networks, such as their date of birth, where they were born, went to school… But why shouldn’t they? The real question is this: Why is any bank using personal information as a guarantor of personal identity? The current system has always been destined to fail.

Banks can help not hinder

To increase identity protection, detect imposters and make consumers lives easier, banks need to disrupt the security industry, turn it on its head and drive change towards a better system. To do this, they need to consider the origins of identity itself.

People already have an excellent identity system that has been refined over thousands of years of human evolution. The ability to tell friend from foe has been a matter of survival. When someone comes in your house and you see your partner, you know it’s them. You don’t need them to wear a badge or give a password. It is all based on visual identity – our inbuilt facial recognition software, if you will.

Remarkably, information technology has overlooked this natural capability. By capitalising on visual identity, banks can help transform the practices around online identity and leave our broken system behind. A few years ago it would have been impossible to do online identity visually. However, with almost every consumer having a digital camera connected to the internet in the form of a mobile, now is the perfect moment to put this practice into place.

People know people

This means that a person requesting access can present themselves to the camera on their mobile, so allowing natural, real-world identity to be brought into play. Verifying identity becomes a social activity – as it always has been. If the account holder shows up they will be recognised, but if anyone else shows up, the imposter will be detected. This not only prevents fraud from occurring, it also catches the criminal in the act – a significant deterrent.

By relying on visual identity, banks can help people protect one another from fraud using the identity system they have been using for millennia – their eyes. The reality is that organisations don’t know people, people know people. When it comes to personal identity, the customer really does know best.