Apart in the long-term effect on society, the COVID-19 pandemic leaves many other legacies. One of those is the question of methods we authentically verify online identities.
When we moved online, authentication processes from the physical world were digitized instead of re-designed for that digital world. The processes businesses digitized lack security, are cumbersome and don't preserve privacy. And also the increase in online fraud, scams, social engineering and artificial identities over the last year indicates us just how broken the process is – our digital identities are clearly broken.
Solving this problem is paramount to fast and sustained economic recovery around the world. But exactly how do we start?
We've recently seen various governments, regulators and sector organizations aim to enhance online customer authentication through legislation like the digital identity bill, regulation and much more robust technology and procedures.
Often these measures leverage different forms of biometric technology to help using the struggle of reliable identity verification, even though physical biometrics can certainly improve the process, it’s almost not a quick fix.
Businesses, governments and consumers need to be cautious when following a technology for a lot of reasons:
- Computer says no
Physical biometrics – facial recognition or fingerprints – works by asking a closed question: Is that this the user's face? Is that this the user's fingerprint? Yes or no. Even though a user can move their finger around when reading on the phone, it can be difficult and time intensive to obtain facial readers to operate. If biometrics may be the only method of authentication and also the computer doesn't recognize you, what happens next?
- Technology bias
Authentication solutions have to work with everyone, and also the utilization of biometric technology can exclude pockets of people and perpetuate inequality through racial or religious bias and technology elitism.
- Security limitations
There are security limitations around facial biometrics that use simple photos and one type of biometrics on its own to authenticate people. Knowing this limitation, fraudsters will falsely claim their biometrics methods are broken simply to circumvent the authentication process.
- Appropriate or inappropriate friction
While most businesses try to offer consumers a friction free process, there are some cases where friction is required. Depending on when biometrics is used, it may add unnecessary friction to the consumer journey. In a few instances, like opening a brand new banking account, consumers understand that they will need to verify their identity, so using biometrics here is an appropriate authentication method. However, if your facial ID is needed every time, you buy something from an online retailer, you will probably bring your business to another vendor where it is easier and faster to make a purchase.
- Privacy
Technology usually becomes ubiquitous when consumers understand how and why it's used. For example, a Facial ID is used on many modern smartphones to access apps and services on the telephone. The concept of biometrics as a unique identifier is well understood by consumers, but perhaps not good enough. Biometrics as a form of authentication is intrusive, as it often winds up invading people's privacy. Biometrics uses Your personal data , so permission is needed to collect, store and process this in lots of countries. As a result, most people will not authenticate themselves with this particular form of identification because they will want to know how their information is getting used. This challenge is potentially the largest barrier to a large-scale adoption of biometrics as authentication methods.
So, with these issues in your mind, what tools can we depend on to seamlessly authenticate people online? The answer lies with behavioral biometrics.
Behavioral biometrics provides privacy preserving, frictionless, accessible, and inclusive techniques to authenticate users in robust and failsafe ways.
So, just what differentiates behavioral biometrics why is it vastly better than physical biometrics? Are they all well suited for governments, regulators and businesses desperately attempting to balance security and user experience?
- Technology equity
Unlike physical biometrics, behavioral biometrics works across multiple devices and machines. Users just have a basic smartphone, keyboard or a mouse, therefore the price of highly specialized technology is not a barrier for adoption. Behavioral biometrics profiles are also device agnostic. This is useful if a consumer loses their phone and requires to re-register for online services. Despite the fact that it’s a new device, a consumer can download all of their apps and obtain going immediately as their behavior remains the identical. Whereas with physical biometrics, the consumer will need to re-enroll for the biometrics service by repeating the registration process, so taking facial biometrics at different angles of the users face.
- Contextual data
Behavioral biometrics considers countless contextual data points to verify if the user is reputable. So, while a person as well as their device might be within an unusual location – on vacation for example – the way they swipe on their own phone can be used to accurately identify who they really are. Layering intelligence from multiple sources means there's no anchorman of failure in the authentication process when using behavioral biometrics. Being an added bonus, while behavioral biometrics looks for characteristics of genuine users, additionally, it may recognize typical fraudster behaviors encountered previously – perhaps simultaneous login attempts on multiple devices.
Suddenly, you’ve now got fraud behavioral patterns, for instance it's unusual for genuine consumers to copy and paste their current email address or password in an authentication process.
- Friction free
Behavioral biometrics is passive, meaning it doesn't add friction to the user journey. Data such as typing speed and pressure when inputting a password are analyzed in real time during an online journey, meaning no extra steps are required just like physical biometrics. This will make behavioral biometrics useful at any point in the consumer’s journey, whether during the time of login or downstream when they're making purchases or payments.
Therefore, as opposed to a customer needing to develop a step-up authentication with friction, the user would be passively authenticated simply by using the service 'as is' today- removing the requirement for unnecessary friction.
- Robust security
While it is possible for a fraudster to steal physical biometrics for their own use, it is more difficult for bad actors to replicate and mimic genuine user behaviors. The way an individual interacts using their devices on the internet is unique, and when the behavior doesn't match the consumer's usual patterns additional authentication methods can be introduced.
- Prevent the privacy tsunami