• Joe Palmer, Chief Product & Innovation Officer at iProov


• 10.01.2024 11:00 am
#security #digitalidentity

Over the past year, there’s been a significant shift in the financial services sector towards more remote digital access, largely driven by the escalating customer demand for seamless and on-the-go transactions. While this transition has undeniably enhanced user convenience, it has also widened the digital attack surface, creating a fertile ground for fraudsters to exploit vulnerabilities.  

The US financial services sector has taken a more tentative approach to adopting digital identity technologies compared to some of its global counterparts. This hesitancy is partly attributed to the challenges surrounding the regulation of interoperability and data exchange. However, a looming threat in the shape of synthetic identity fraud, which is often created using generative AI tools, is compelling the sector to reevaluate its approach. Projections estimate that this form of fraud could result in losses exceeding $23 billion by 2030. In the era of digital services the biggest challenge when a remote user applies for an account, product, or service, is how can an organization verify that they are the real owner of a genuine identity? What’s more, how can they ensure that an existing remote customer is the same person each time they return – rather than an imposter or a spoof. 

So pressure to act is mounting from all angles. Consumers, accustomed to the convenience of remote account opening and service access, expect speed and ease in their financial transactions. Simultaneously, fraudsters exploit online channels, siphoning money and posing a constant menace to the integrity of financial systems. Beyond financial losses, there is a critical threat of non-compliance with Know Your Customer (KYC) and Anti Money Laundering (AML) regulations, which garner substantial fines and even the potential for criminal proceedings. The heightened risk of bypassing sanctions and financing state adversaries only adds to the urgency for robust security measures. 

Financial institutions are compelled to take decisive action. The focus has shifted towards revamping onboarding processes and replacing outdated authentication methods such as passwords and passcodes which can be easily stolen, lost, or compromised and lack usability. Users can’t be expected to remember complex passwords for every application and password resets are painful and fraught with risk. Consequently, there is a move to adopt more advanced technologies that facilitate remote onboarding and authentication for existing online banking customers. 

Leading the way is facial biometric verification technology. Its appeal lies in the ability to deliver convenience and accessibility to customers, through a swift and secure authentication process. The security of biometrics relies not on the fact that faces are secret - they’re not - but that they’re unique, non-shareable, cannot be stolen, and never need to be reset.  

Face verification can bind digital identities to real-world users by matching a selfie with a government-issued ID. However, this convenience comes with its own set of challenges for financial institutions – the heightened security risks posed by adversaries seeking to exploit remote identity verification processes and striking the delicate balance between enhancing security and ensuring a seamless customer experience. 

The Imperative Shift: From Traditional to Biometric Authentication 

The need for financial institutions to strengthen their security measures has never been more pressing. With fraud levels at an all-time high and the rising threat of synthetic identity fraud, the industry is at a crossroads where traditional authentication methods are proving inadequate in safeguarding against evolving cyber threats. Synthetic identities can be used to create accounts that appear legitimate so they don’t get flagged by fraud detection systems. Synthetic identity fraud can work with deepfakes to exploit and bypass a bank’s remote onboarding processes. So once successfully enrolled the attacker can return time and time without being detected - indefinitely. 

Face-to-face video call verification is one method that has been used by financial institutions but this means the onus is on staff members to determine whether a person is real or synthetic imagery. As deepfakes become more sophisticated it’s no longer possible to rely on humans’ ability to detect them. A study by the IDIAP Research Institute revealed that only 24% of their participants successfully detected a ‘well-made’ deepfake when shown progressively more convincing deepfakes interspersed with real videos and asked, ‘Is the face of the person in the video real or fake?’. 

The digital injection of synthetic imagery, in particular deepfakes, is one of the fastest-growing threat vectors and the technology used to circumvent systems is widely and inexpensively available through Crime-as-a-Service (CaaS) networks. While the majority of face biometric technology solutions use liveness technology to verify and authenticate users, many are unable to detect digital injection attacks. Passive, science-based authentication using one-time biometrics has shown to be the most effective method of defense while also providing security, enhanced user experience, and inclusivity. One-time biometrics can’t be replicated, shared, or predicted, making it extremely resilient to threat actors’ attack methodologies. 

The threat of digitally injected media such as deepfakes is defrauding financial institutions and their customers. According to the Federal Reserve gaps in the credit process and the potential for large payouts have made synthetic identity fraud highly attractive to criminals and crime rings which, in some cases, is being used to facilitate drug and human trafficking and fund terrorism.  

As these challenges continue to persist, the benefits, including enhanced security, streamlined customer experiences, regulatory compliance, and the mitigation of synthetic identity fraud, position facial biometrics as the cornerstone of security protocols. As 2024 unfolds, financial institutions will recognize biometric face verification as the most secure way to verify new and returning users and set new standards for secure, customer-centric financial services.