Biometric authentication to continue gaining ground in next decade
Ongoing data breaches continue to expose usernames, passwords, payment information, health records and other personal information on the dark web, enabling cybercriminals to log into user accounts and commit account takeover fraud.
Traditional authentication methods such as SMS-based two-factor authentication and knowledge-based authentication make it impossible to truly know if a person logging in is in fact the actual account owner.
Account takeovers, bot attacks and spoofing attacks show no sign of slowing down, and as we enter a new decade we’ll continue to see enterprises realize that these traditional authentication methods can no longer be trusted to protect online accounts. We fully expect organizations across all industries to start exploring and deploying some sort of passwordless or biometric-based authentication to ensure a user’s digital identity matches their real-world identity, keeping data secure and out of the hands of fraudsters.
As organisations make the move to biometrics they need to concern themselves with something known as liveness detection.
Liveness detection is a necessary evil for modern biometric authentication systems in order to protect against increasingly sophisticated spoofing attacks. For instance, fraudsters are now using a photo, videos or even a simple mask to bypass the selfie requirement (which is often required to corroborate the digital identity to a government-issued ID document such as a driver’s licence or passport).
Most recently, deepfakes have entered the scene and represent a significant threat to biometric-based verification solutions. A deepfake is relatively easy to create by superimposing existing video footage or photographs of a face onto a source head and body using advanced neural network powered AI. In 2020, we will see an increase in deepfake technology being weaponized for online fraud as biometric-based authentication solutions become more widely adopted. Even more concerning is that many digital identity verification solutions are unable to detect and prevent deepfakes, bots and sophisticated spoofing attacks.
Because of these emerging threats, most of the leading automated players have embedded some form of liveness detection as part of the identity verification process. Liveness detection methodologies ask users to blink, smile, turn, nod, watch colored flashing lights and much more. Sadly, most of these legacy techniques are easily spoofed by deepfakes and advanced spoofing techniques. Certified liveness detection is performed by iBeta, a NIST/NVLAP-accredited lab and attests to a solution’s ability to defend against advanced spoofing attacks.
Enterprises continue to have some trepidation about moving on from password-based, single-factor authentication. Often, they believe their users won’t accept it or believe biometrics adds more complexity to their environments.
Neither premise is true.
But, in order for biometric authentication to go mainstream, three ingredients must be in place:
- Familiarity: Two-thirds (67%) of consumers are already comfortable using biometric authentication today, according to IBM. What’s more, 74% of global consumers are more confident that physical biometrics will protect their information over passwords, according to Experian. These trends have been accelerated by the broad adoption and familiarity of facial recognition integrated within the most popular smartphones, such as Apple Face ID.
- Need for Speed: While most users are willing to endure a bit of friction when creating an online account, they’re increasingly demanding identity proofing and authentication solutions that are fast (performed in seconds), intuitive and reliable.
- Cross-Platform Portability: Users can enrol using a laptop webcam and authenticate later from a smartphone or tablet (or vice versa), which means it’s now possible to use face authentication for everything from unlocking a car door to performing a secure password reset to accessing your bank account.
Because of these inherent advantages, more and more modern enterprises will start migrating to biometric authentication with certified liveness detection in 2020.
As CEO of Jumio, Robert Prigge is responsible for all aspects of Jumio’s business and strategy.
Specialising in security and enterprise business, Robert held C-level or senior management positions at Infrascale, Secure Computing, McAfee, Quest Software, Sterling Commerce and IBM.
Sponsored insights by Jumio