FB pixel

Strengthening biometrics to fight against sophisticated payments fraud

Strengthening biometrics to fight against sophisticated payments fraud
 

By Tim Brown, Global Identity Officer at Prove

Biometrics have become a part of consumers’ everyday lives. Long celebrated for its many advantages, this technology adds convenience, speed, and ease to a wide variety of uses. In light of the ongoing evolution of newer, savvier cyber threats, it’s becoming increasingly clear that relying solely on biometrics for payments may not offer sufficient protection and calls for additional sophisticated solutions.

Cyber criminals are using technology designed to manipulate or generate fake images, videos, and audio with increasing sophistication, bypassing systems’ security with ease. In fact, the problem is so pervasive that Gartner research predicts 30% of enterprise companies will no longer rely on face biometrics and similar technology as reliable, standalone identity verification and authentication methods by 2026. Deepfakes and digital injection attacks are particularly problematic.

Navigating new dangers: deepfakes and digital injection attacks

As bad actors deploy increasingly sophisticated threat tactics, including deepfakes and digital injection attacks, the financial industry’s go-to cybersecurity solutions will also need to evolve. It’s time to alter the industry’s current reliance on biometrics when it comes to online payments.

Deepfakes are images, live videos, or sound files that have been altered, manipulated, or produced by artificial intelligence (AI). Fraudsters are deploying this generated or manipulated content to attack remote identity verification systems, and they’re escalating in quality, scale, and complexity. There are a number of ways fraudsters submit this data — from video replay to digital injection attacks. While the former generally involves high-quality video/audio replay from a secondary source, the latter is much more nuanced.

Video/audio injection uses access to applications and website APIs, exposing vulnerabilities in their code to inject AI-generated content into the application or website. This fools the system, masquerading as content originating from a known source. Systems that rely on media capture for remote onboarding are uniquely vulnerable to deepfakes because they require the capture of such data from devices outside of the onboarding entity’s control. What’s more, remote onboarding systems that rely on image capture, such as document authentication and selfie capture, are inherently full of user friction.

When biometrics are used for remote payments, cyber criminals can trick these systems with deepfakes and wreak havoc with large-scale, remote attacks. According to the aforementioned Gartner research, in 2023, digital injection attacks increased by 200%.

Reducing fraud with safer, user-friendly authentication

Fortunately, there are newer low-friction, low-fraud options available that can bolster biometric security measures.

Device trust is key in preventing image and audio-based attacks. Customers’ identities may be verified with their phones without the need for document scans or such biometrics as selfies. Instead, device intelligence combines smart personal information verification and real-time risk scoring for more trustworthy results. For example, phone signals can be analyzed during transactions to detect such concerns as phone takeovers, SIM swaps, and synthetic identity fraud. By simply ensuring that the onboarding user is actually in possession of the device, that the device is trusted, and that the onboarding user owns that device, financial institutions can ensure a secure capture for more dependable identity verification and authentication.

There is also great potential in AI, cybersecurity’s double-edged sword. For example, the previously mentioned vulnerabilities could one day be addressed by using techniques being pioneered by D-CAPTCHA to augment liveness detection, using machine learning techniques to change up the liveness prompts in real time. This challenges the deepfake model to generate content on the fly, which exceeds its capabilities. Such technology is still nascent and not yet available for commercial use, however, they shed light on new avenues the industry could one day explore.

While biometric technology alone might be appropriate for certain uses, when it comes to online payments, today’s high-tech attacks call for the additional support of alternative, sophisticated solutions. Unfortunately, incidents involving AI-generated media are only expected to increase. This is the time to act — before a cyber criminal or cyber-criminal organization has the opportunity to victimize more customers or financial institutions. The financial industry has the power to offer customers fast, convenient, frictionless ways to pay, all while protecting against fraudsters’ latest tactics.

About the author

Tim Brown is the Global Identity Officer at Prove and a well-respected expert in biometrics, authentication, and identity. He has led product architecture and development and is a frequent SME participating in numerous standards organizations, round tables, conferences, webinars, and podcasts on subjects ranging from biometric and forensic data interchange to identity verification and the impact of mobile driver’s licenses on the vertical markets. Brown holds multiple patents in authentication, biometric liveness, and identity acquisition.

Related Posts

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

BorderAge promises 100% anonymous age assurance with hand gesture modality

Imagine a magician who waves their hands not to conjure a white rabbit, but to provide age assurance without collecting…

 

euCONSENT’s tokenized age verification set for PoC at upcoming age assurance summit

The European Union has its own ideas about how age assurance should be carried out for restricted online services, and…

 

Humanity Protocol launches Humanity Foundation ahead of ‘big moves’

Humanity Protocol, one of the emergent contenders in the market for proof of personhood (PoP), has announced the launch of…

 

J.P. Morgan adds 2 biometric authentication terminals to payments ecosystem

J.P. Morgan Payments (JPM) has announced the release of two new proprietary biometric payments terminals for retail, restaurant and entertainment…

 

Prove acquires reusable digital ID verification firm Portabl

A post on Prove’s blog says the acquisition of digital ID startup Portabl “will enable Prove to enhance its industry-leading…

 

Socure: Nation-state fraud ramping up in 2025

Socure, a leading digital identity verification platform, believes 2025 will be the breakout year for digital identity verification in the…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events