What needs to change to secure online identities: industry insight and predictions
Securing online identities is becoming a high priority for the global economy, and a major market for biometric and other identity technology companies. There were several major developments in the online identity space in 2018, including the World Wide Web Consortium (W3C) accepting the WebAuthn standard, which has resulted in browsers launching support for biometrics as a replacement for online passwords. Governments also made moves to support national digital ID schemes in several countries, including New Zealand, the UK, Thailand, Belgium, and the Netherlands.
With the digital ID landscape changing rapidly, Biometric Update asked several industry stakeholders to share their thoughts on the what the next developments will be, and what to expect in 2019.
Nok Nok Labs CEO Phil Dunkleberger says “zero trust will have zero value without strong authentication,” and that behavioural biometrics use “will surge beyond expectations.”
“While we’ve grown more comfortable using traditional fingerprint/voice/facial biometrics, major brands like Bank of America, Google, T-Mobile, etc. are now beginning to allow a ‘biometric gesture’ to be used to securely access online services and eliminating the use of passwords,” he writes in an email.
Dunkleberger also predicts there will be more fraud accelerate in the entertainment and sports industries in 2019. “From fake ticketing to even selling alcohol to minors, reform is needed here,” he argues. “You can’t return an experience.”
“Don’t expect social media fraud and political meddling to end: Facebook’s massive data breach and the election and political meddling continued to make headlines throughout 2018. Social media companies need to do more than just pay “lip service” to protect their customer identities. Without mandatory legislation, transparency and required metric sharing, these companies are allowing cyber attackers to continue their work without the fear of being identified and convicted.
He warns businesses to prepare for a “global tug-of-war on data privacy regulations.”
“The global regulatory environment will become more challenging as regulators and global governments continue to strive to implement better data privacy protection – as was done with GDPR,” Dunkleberger predicts. “While this is a great progress, we’re going to see these governments counter to gain more access to information. So essentially the message will be to not lose citizen data, but that you need to share with the government.”
Veridium executives agree that more data privacy regulation is coming.
“Overall, US consumers are going to stop taking data breaches on the chin,” Veridium CMO Lori Cohen tells Biometric Update. “Today, a month doesn’t go by without a company announcing they’ve been breached and personal information has been compromised. As Howard Beale said in the 1975 film classic Network, ‘I’m mad as hell and I’m not going to take it anymore.’ In response, we will start insisting US companies be held accountable with steep fines, rather than just a slap on the wrist, we will start calling for strict privacy laws similar to GDPR in Europe.
“In 2019, we will see advances in mobile biometric sensors,” Veridium CTO John Callahan predicts. “The industry has dipped its toe in the water in regards to fingerprint sensors being placed underneath phone screens as a solution to eliminate the ‘home button,’ expect to see these screen sensors cannonball into becoming the norm. We may even see Samsung extend their capability with Iris beyond phone unlock and Samsung apps. There will be a battle as to which biometric is best, face or fingerprint, with focus on usability rather than performance rates, ultimately this will come down to user preference as to which is more convenient for individuals and fits better with their use cases.”
Online authentication is quickly undergoing a dramatic transformation, according to Security Engineer Don Duncan of NuData Security, with traditional credentials becoming unreliable almost overnight. He cites the 13 billion data records lost, exposed or stolen since 2013 according to the Breach Level Index, and notes that Juniper Research estimates that from 2018 to 2023 criminal data breaches will grow at a rate of 22.5% per year and expose 146 billion records. Duncan says that a multi-layer authentication framework involving passive biometrics, behavioral analytics, and physical biometrics is now a necessity for online businesses.
“This seismic shift in the market is being pushed by the dynamic evolution of phishing, malware and techniques that cybercriminals use to steal data,” he writes. “Security needs are changing from a one-time install solution to an evolutionary, continuously changing mix of technologies, training, and procedures. In 2019, a high percentage of businesses are likely to become victims of a data breach of some sort, making a breach-response plan mandatory for all companies that store sensitive information. By reacting timely to data breaches or other types of cyber events, companies will be able to protect their reputation and brand.
Duncan also sees new regulations and protocols on the horizon.
“PSD2 will create a shift in how users bank online and GDPR will guide companies on how to best store and protect customer data,” he predicts. “User experience is becoming more important and the new protocol 3DS 2.0 is proof that customer and companies are being heard. The new 3DS protocol is set to provide a frictionless user experience with less false declines.
“2019 will be an interesting year to see how these new situations play together across the different industries but the main trend is towards making customer experiences more seamless while securing their information and asserts, which what we are all working towards with great success.”