Physical and passive biometrics: finding the right security balance
This is a guest post by Robert Capps, vice president and authentication strategist for NuData Security, a Mastercard company.
The use of biometrics technology for online authentication is picking up momentum in the cybersecurity industry. In fact, up to 90% of organizations will be implementing biometrics by 2020 according to a Spiceworks report, a professional IT Network. The adoption of these new authentication frameworks is also a reaction to the 1,579 data breaches in 2017 that have exposed over 179 million personal records. In essence, cybercriminals now have everything they need to commit online fraud, account takeover, open new lines of credit, and more.
Security Analysts at NuData Security found that, on average, account takeover attacks ratchet up to 50% of retailers’ web traffic – even more during peak shopping season. This is not surprising considering it only takes nine minutes for stolen data to be sold and used by cybercriminals, based on the Federal Trade Commission. Increasingly sophisticated attacks fueled by the exposed data have endangered traditional static authentication in record time. This critical situation is forcing online companies to rapidly adopt new technologies to verify customers online.
The physical biometrics boost
A growing trust in new technologies and biometrics-friendly devices are the key drivers behind the boost for biometrics. According to the Spiceworks report, fingerprint scanners top the list of the most popular physical biometrics in the workplace, followed by facial recognition, hand geometry recognition, iris scanners, voice recognition, and the least popular palm-vein recognition.
Physical biometrics are rapidly rising as they are a convenient way for consumers to verify themselves, and they can be used on different devices like smartphones, tablets, and computers. Ease of use and convenience are the fastest ways to drive adoption. It is easier for consumers to press their thumb on the screen for a fingerprint verification than it is for them to answer security questions and find an SMS code. Although fingerprints are not theft-proof, they are much harder to steal than passwords, dates of birth, and other static data.
Bridging physical and passive biometrics
The increasingly sophisticated attacks are making online businesses realize that one layer of security is not enough to protect their environment. Physical biometrics, as well as other types of security layers, are not bullet-proof when standing alone. To truly enhance online security, companies need to implement multi-layered solutions.
Additionally, solutions that include a passive biometrics layer can reduce unnecessary friction on good users. Passive biometrics and behavioral analytics verify customers by their behavior such as how a person holds their device, how hard they press the keys, how they navigate the sites, and hundreds of other behavioral signals that can be analyzed in real time to identify legitimate customers, machines, and imposters.
Multi-layered technologies that include passive and physical biometrics provide the right security balance. These technologies allow companies to let legitimate users go through while adding friction, such as a fingerprint scan requirement, only on those users showing high-risk signals. This balance between different biometrics technologies blocks fraudulent transactions even if hackers steal customer devices, identity, password or credentials.
Although there is no cybersecurity panacea, with different layers of security companies gain visibility into fraud threats and can stop them before they happen.
About the author
Robert Capps is a recognized technologist, thought leader, and advisor with over twenty years of experience in the design, management, and protection of complex information systems – leveraging people, process, and technology to counter cyber risks.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.