More than 400 data breaches have been reported in 2019 thus far, resulting in over 11 million records exposed in this year alone. This relentless flood of data breaches has given fraudsters access to endless consumer login credentials, enabling criminals with everything they need for account takeovers that allow them to commit fraud and identity theft.
Most banks and financial institutions understand the risks posed by malicious cyber activity but, because most of this activity takes place in the shadows of the dark web in underground forums, few institutions recognize how rapidly the threat environment has evolved — and risks continue to grow.
Account takeover attacks are a particularly devastating tactic for identity theft. It’s a method in which criminals use a legitimate customer’s stolen data or personally identifiable information, like usernames and passwords, to access their existing account for fraud. While most have taken the necessary precautions to secure their network, traditional methods of authentication, such as the run-of-the-mill username and password paradigm, SMS-based two-factor authentication (2FA) and knowledge-based authentication (KBA), are no longer a reliable means of thwarting account takeover fraud.
In this cat-and-mouse game, companies are playing with cybercriminals, biometric-based authentication is emerging as the reliable answer for verifying that a consumer’s digital identity matches the real-world identity.
Account Takeovers Are Increasing
In the past year, the number of accounts compromised by credential theft and fraudulent transactions tripled. Losses from these account takeovers topped $5 billion in 2017, up 120% from the previous year, according to the research firm Javelin. And, 89% of financial institution executives pointed to account takeover fraud as the most common cause of losses in the digital channel, according to Aite Group.
A few factors are contributing to this growth. To start, data breaches have sadly become a near-daily news event. These massive breaches often involve usernames and passwords, which are almost immediately made available on the dark web. It’s estimated that there are 550 billion ID documents on the dark web, which is being fed by large-scale data breaches.
It doesn’t help that individuals often use the same password across multiple sites. The vast majority (91%) of people know that password recycling poses security risks, yet more than half (59%) still use the same password across multiple websites.
Cybercriminals Are Becoming Smarter and Better-Equipped
The dark web is raising the IQ and skillset of cybercriminals, which has given rise to a sophisticated ecosystem of fraudsters with specialized skills. It also provides a haven for cybercriminals to collaborate on a variety of cyberattacks — with some offering a complete as-a-service bundle for their specialty – such as account takeovers.
Not only that, advancements in technology and the rise of automation are also fueling the sophistication of cyberattacks. Bots can perform upwards of 100 attacks per second, making it easier and faster for fraudsters to commit limitless account takeover fraud, according to the Forter 2019 ATO report.
Unless banks and financial institutions make a concerted effort to address this activity, they and their customers will become increasingly vulnerable, as most financial accounts are only protected by a customer’s username and password.
AI and Biometric Authentication Can Give Financial Institutions a Leg Up
In many ways, cybercriminals have the upper hand, with access to millions of usernames, password combinations and sophisticated toolsets that can find and exploit loopholes in a bank security. But not all is lost.
Artificial intelligence (AI) is increasingly becoming a viable solution to better protect banks and their consumers from dangerous account takeover attacks. Financial institutions using AI-powered identity proofing solutions can thoroughly verify users during the account setup process. By using biometric-based digital identity verification during the first step in this process, financial institutions can use advanced 3D face map technology to quickly and accurately authenticate users’ identities. The only requirement is a quick video selfie on a mobile device.
While selfie-based authentication may not make sense for all logins, it makes a ton of sense for high-risk transactions such as large money transfers or password resets (a tactic used by fraudsters to gain control of accounts). This means that criminals are no longer able to execute account takeover attacks at-scale to divert bank funds, secure credit card numbers or targets because the original account owner must be physically present at the time of the transaction.
AI-powered digital identity verification and biometric authentication are emerging as the most secure way of ensuring online identities match the real-world people they claim to be. With the amount of personally identifiable information now available at a cybercriminal’s fingertips, companies must build trust with their customers and ensure that their accounts are safe online. AI paired with biometric authentication will provide financial companies with a reliable method to keep cybercriminals at bay and maintain long-term banking customers.