This golden age for fraudsters requires a new era of authentication
Covid-19 has been a goldmine for criminals, we need to get better at defending ourselves
2020 was heralded as the tipping point for technologies. A new decade with new beginnings and new opportunities. It hasn't quite started in a way any of us would have predicted of course, with Covid-19 resulting in an unprecedented impact on our health, workforces and global economies.
The spread of coronavirus has resulted in increased uncertainty for many. This feeling of ambiguity will trigger a variation of reactions. Many will call their banks to check on payments and seek reassurance. Some will dive into their work to stay productive and keep the feeling of progression going. Others might even want to ‘switch off' from the news and current affairs by diving into a Netflix box-set.
Yet irrespective of our instinctive reactions, we're all being targeted by other threat actors: fraudsters. And these actors are deploying increasingly sophisticated attempts to hoax individuals and get access to their sensitive data and information. From social engineering to email phishing and the creation of bogus websites, fraudsters are taking advantage of any lowered defences during this epidemic.
Indeed, we have witnessed a significant rise in the volume of fraud attacks - ranging from 200 per cent to 400 per cent in the past few weeks, depending on industry. Some of these relate directly to the pandemic, with recent reports suggesting there have been hundreds of coronavirus-related scams and thousands of phishing attempts so far. This is are figures which are only set to increase as time goes by.
The weakness of traditional authentication
Throughout these tougher times, and beyond, it's even more important to be able to offer customers peace of mind that your organisation is doing everything it can to protect them from fraudulent activity - and authentication plays a key role in this process. The Oxford English Dictionary defines authentication as "the act of proving that something is real, true or what somebody claims it is."
Traditionally, we've relied on knowledge-based credentials to prove we are who we say we are - the use of names and addresses, passwords or PINs, or your mother's maiden name, for example. Yet these means of identification are even more susceptible to social engineering in today's Covid-19 climate. Vulnerable customers are being targeted by fraudsters phishing for such information, whether it's by email, phone, text or in-person - and without sophisticated techniques to identify such fraudulent activity, they can use that information to get access to an individual's funds or accounts.
One Time Passwords via SMS give a false sense of security
'One Time Passwords' (OTP) via SMS for example, give a false sense of security but do not represent an effective way to stop ID theft and account takeovers. If a fraudster already has enough information on a victim to target their bank account, then they have enough to take over their telephone account and intercept any SMS sent to them.
Last year, even before the impact of coronavirus hit, fraud reportedly cost the global economy $5 trillion. Indeed, a global poll conducted by Nuance around the same time found one in four (24 per cent) people had fallen victim to fraud in the previous twelve months, losing an average of $2,000 (USD) due to inefficient passwords. This number is likely to be on the rise, given the volume of fraudulent activity tied to the coronavirus.
That fraud loss doesn't just hit the customer, or the bank's insurance premiums, either. Consumers are quick to act when this happens, with two thirds (62 per cent) noting they would likely change service providers if they fell victim to fraudsters through their services.
Enter biometrics
Biometrics could provide an answer for organisations looking to keep malicious actors at bay and ensure the security of both their contact centre customers and employees during Covid-19 and beyond.
Human voices are as unique as a fingerprint
A more powerful and effective alternative to passwords and PINs, voice biometrics, for example, cannot be compromised in the same way as knowledge-based security methods. This is because human voices are as unique as a fingerprint. By using sophisticated algorithms to analyse more than one thousand voice characteristics, voice biometric technology uses a caller's voice to not only validate their identity but also protect them against hackers. The authentication method through OTP for instance can be efficient if paired with biometrics and push notifications though.
Another protective layer on top of voice biometrics is behavioral biometrics. This technology measures how an individual interacts with a device - how they type, how they tap and how they swipe or even hold the phone - in order to identify whether they are who they say they are.
When biometrics is used alongside other technologies such as multi-factor authentication, end-to-end encryption and public key infrastructure, it becomes a powerful tool in an organisation's armory against fraudsters.
When prompted that biometrics technology is proven to help catch criminals in the act of trying to commit fraud and preventing it before it happens, a third (36 per cent) of consumers said they would do business with companies that offered biometrics. A similar number (25 per cent) even called for more businesses to be using it.
The golden age of authentication?
Biometrics could play an exponentially important role today, as the demand on contact centres increases, with customers calling for reassurance and critical services. Against this backdrop, agents are being forced to work from home, which could result in changes to service delivery if the provision of tech varies from ‘business as usual' in the contact centre. So when armed with biometrics to tackle the role of authentication, a contact centre agent can focus on the task at hand: customer service.
With today's circumstances forcing businesses to take extraordinary measures to re-mobilise their workforces, alter working styles and - in some cases - entirely reimagine business models, now is the time to consider how your organisation authenticates its users, and safeguards them from fraudulent activity. Uncertainty often imposes innovation. If that innovation helps protect customers from fraudsters, we'll have at least taken one step forward to reduce a growing threat during this difficult time.
Brett Beranek is VP and GM, security and biometrics at Nuance Communications