Consumer frustration with breaches is biometrics' tipping point
Consumers are going to say enough is enough when it comes to data breaches. They’re going to take the wheel, and demand better protection from the companies with whom they do business. Taking matters into their own hands means opting for biometrics when it is available.
Each week we continue to see headline-grabbing data breach news. In fact, Javelin Strategy & Research reported that account takeovers tripled over the past year, resulting in $5.1 billion in losses.
Biometrics enable companies to validate customers’ identities in a secure and frictionless way, while significantly curbing fraud losses. For example, a single vendor’s biometrics offering saved organizations more than $1 billion in total fraud costs in 2018 alone – a true testament to the security that it offers businesses and their customers.
Facial recognition and fingerprint ID on smartphones and other devices have paved the way for making consumers comfortable and accustomed to biometric identification – rendering voice and other biometrics methods a natural extension, as well as convenient for companies to adopt because they don’t have to redesign physical systems or devices.
What’s different about biometrics versus traditional PINs or password methods is that they provide the power to secure individuals based on who they are rather than what they know. And, if hacked, data in the form of voice or behavioral biometric templates is far less valuable than stored passwords because these biometric algorithms are almost impossible to replicate – making them useless to fraudsters, and deeming them safer for payments and other financial transactions.
While we expect growing consumer demand for biometrics, we also expect to see payments industry players move toward these types of future-proof technologies and away from legacy password-type systems for several reasons, including the need to stave off their own financial losses due to fraud, pending regulatory standards, as well as the underlying desire to raise the bar in corporate social responsibility.
Just like when Europe implemented the EMV standard and chip cards gained momentum across the globe, we expect the Payment Services Directive 2 (PSD2) in Europe to spark similar initiatives worldwide. Under PSD2 – which aims to better align payment regulation with the current state of the market and technology by introducing security requirements for the initiation and processing of electronic payments, and protection of consumer financial data – biometrics is the most seamless and reliable way to add a second factor to payment authentication.
Companies additionally have a responsibility to stop the broader implications of fraud that go beyond their bottom line and their brand perception. And we expect to see a shift in how they tackle this issue. It’s not only about preventing customer information from being stolen; it’s about preventing fraudsters accessing organizations with information stolen elsewhere.
We are seeing a number of companies allocating more resources to understanding the growing sophistication of fraudsters and the latest fraud attack vectors – from SIM swapping to mules, scripting, and other creative criminal hacks. And there is growing collaboration in sharing fraudster information between companies, payment providers and law enforcement – all part of the necessary effort to disrupt the fraud business on a bigger scale.
We expect an increasing number of companies to follow suit in the next year – digging deeper into the consequences of criminally acquired credentials (from it being sold to the highest bidder on the dark web to oftentimes fund the most heinous of crimes), and better understanding the technology and best practices to protect against fraud.
And while some organizations will take these steps based on financial and operational ROI alone, many will make this a priority based on a broader organizational mindset that fraud isn’t just a “cost of doing business” any more — it’s the right thing to do.