How we can fix the broken digital identity system

News Desk -

Share

By Saeed Ahmad, Managing Director for MENA at Callsign

The online world is riddled with fraud and scams. Digital identity, as we currently know it, is broken. According to Visa’s 2022 Stay Secure Survey, around one in three online shoppers in the United Arab Emirates still struggle to identify fraud and scams. In the physical world, we identify people instinctively because of their characteristics: their face, voice, body language, and the way they walk. Online, however, it’s much harder to prove identity and easier for fraudsters to pretend they’re someone they’re not.

Additionally, using social engineering to lure people into revealing information that may be used to access bank accounts, fraudsters quickly obtain access to consumer’s passwords and personal information. Depending on account balances and the possibility that a password would work, bad actors can also access accounts by purchasing passwords on the dark web for a range of sums.  

Organizations have ramped up their identification requirements in response to the onslaught of more complex scams. While usernames and passwords were historically required, many firms now send one-time passwords to add an extra layer of security. Although this increase in security was designed to safeguard the customer, it does not prove they are who they claim to be. Furthermore, fraudsters have long exploited this channel. Consumers report receiving more text messages from fraudsters than from friends and family, according to Callsign’s research on the psychology of scams. However, adding an extra layer of ‘security’ also increases friction and inconvenience for the customer.

Passwords cause customer friction and depleted brand loyalty

When designing new authentication experiences, organizations must remember that customers expect frictionless online interactions and that not all authentication solutions are created equal. Businesses that rely extensively on authentication that requires constant user input, such as usernames, passwords, and one-time passwords delivered through SMS, risk adding unnecessary friction to the customer experience. In certain circumstances, customers report abandoning a cart due to password issues. Requiring customers to validate their identities often adds friction and reduces customer loyalty. According to Pindrop’s research, up to 30% of customers struggle with knowledge-based authentication questions (KBAs), but more than half of criminals can answer them.

A widening digital trust gap

Unfortunately, the fact that we still rely on flawed digital identity techniques has a negative effect on consumers’ digital trust in online businesses. Consumers’ trust in digital services decreases due to data breaches, ransomware attacks on businesses, phishing scams, social engineering, and other tactics. Even worse, they harm a company’s reputation, brand equity, and financial performance. 

Despite the efforts of banks and merchants to offer security to their customers by sending alert messages, making phone calls, and taking other preventative measures, fraud is still on the rise. Customers find it harder and harder to spot possible fraudulent behavior as scammers can now pose as bank employees to guide their victims past these security procedures. The disparity in viewpoints regarding who is accountable for preventing fraud among customers, financial institutions, and merchants demonstrates that identifying and combating fraud may require greater collaboration than we first believed.

Big retailers and banks may invest in security and risk-mitigation measures, but the public is still exposed to financial criminals’ evolving and increasingly complicated techniques.

We can only trust the services we want to interact with if we are certain of who we communicate with online. If we cannot be confident, we will turn to the physical versions of those services. As a result, the digital economy will suffer.

Reimagining the login experience

Instead of depending on passwords, which are incapable of determining whether a person is who they claim to be, other more advanced technologies can verify a user’s identity. Behavioral biometrics are individual muscle memories that can be used to confirm that the person is who they claim to be. A fraudster cannot replicate customer behavior. Organizations can fully identify and authorize consumers by collecting behavioral data through how a user swipes their phone, types on a keyboard, or moves a mouse. When combined with other intelligence, such as device fingerprinting, threat and malware detection, behavioral biometrics, these data points, create an online digital identity. Unlike fingerprints or face biometrics, users can vary the way they swipe, for example, using their left hand instead of their right.

What’s best? Because they can operate in the background without interfering with the customer’s path to their intended location or service, these technologies are non-intrusive. In addition to streamlining the customer experience, this also increases the consumer’s confidence in the company’s ability to protect their personal information. Passwords and one-time passcodes (OTPs), for example, represent a significant risk to the privacy of the actual consumer. A person’s data can be obfuscated but still verifies an individual’s identity without collecting personal information. 

Organizations must put online security first to win over customers and retain workers as users and organizations continue to move toward a more digital-centric mindset. Without digital identity authentication, organizations risk losing current customers’ loyalty and opening themselves up to vulnerability.


Leave a reply