Why financial institutions need a multi-layered security approach to survive the digital transformation

By John E. Ahrens, CEO of Veratad Technologies

In August 2003, hackers breached Yahoo’s secure personal records, impacting 3 billion accounts. The company did not reveal the breach to the public until three years later. It was the largest data breach to date and temporarily derailed a major acquisition.

Fast forward to the present. In August 2021, T-Mobile, a telecommunications company confirmed that hackers gained access to the personal data of 54 million users. That included names, addresses, dates of birth and — perhaps, social security numbers. The latter are the Holy Grail for identity thieves because they can be used to unlock financial services, government benefits and private medical information.

These massive data breaches expose personal data on a large scale, rendering hundreds of millions of Americans more vulnerable to identity theft. And it exposes financial organizations to a consumer confidence deficit.

Security experts maintain that the government does not need to entirely do away with social security numbers as personal identifiers. The answer, rather, is simpler. Organizations must start requiring more than a single form of ID as proof of identity.

Business risk

The explosion of digital banking technology has sparked a digital revolution towards touchless transactions and managing their assets absent of retail outlets.

And although cybersecurity threats are on the rise, there’s new evidence consumers may be letting down their guard. Many still use the same passwords for multiple accounts. As nearly 75 percent of consumers believe their financial institution will protect them, banks and credit unions could be put in a tough spot.

But with so many emerging players and connection points come cybersecurity risks. And there are sobering statistics that extend those risks beyond data security to business risks.

In 2020, the Federal Trade Commission recorded 1.4 million reports of identity theft, costing victims an estimated $56 billion.

Complacency might play a role. The number of people who are not worried about security rose to 15 percent from 8 percent in 2019, according to a Harris poll.

The implications for businesses are dire.

Almost half of people surveyed would abandon their financial institution in the event of a data breach. That makes the data risk a serious business risk.

And in PricewaterhouseCoopers’ 2020 Global Economic Crime and Fraud Survey, nearly half of the more than 5,000 respondents reported a fraud in the past 24 months. The respondents lost $42 billion in assets.

The challenge

Banks and financial institutions are under pressure to get on board with the rapidly changing world of digital financial services ― and to do it right.

Fraud attacks are becoming more sophisticated. Yet, consumers want convenient authentication and verification options that keep their data safe. Banks and financial institutions need to embrace advanced technologies that will address these issues while simplifying digital onboarding and transactions, maintaining their customers’ trust, and preventing fraud.

And all the while, making the process simple and seamless to consumers.

We must build complex, multi-layered security strategies that use several different robust forms of identity verification, from Two-Factor Authentication (2FA) to biometrics, document verification and more.

New avenues for verification

Today’s technology allows us other ways to verify identity: A password manager can generate a long, hard-to-guess password for each account, and this type of program often makes it easy to change those passwords in the event of a data breach. A USB key can be plugged into a computer to authenticate its owner. Biometric information, such as a fingerprint or facial recognition, can be scanned by a smartphone.

Yet, experts do not recommend replacing the social security number with any one of these methods alone; the most secure option is to protect identity with multiple factors.

Instead of focusing our security risks on this single data point, we need to develop these more holistic and multilayered approaches to identity management. So if any one or two elements of that identity are compromised, it doesn’t compromise the entire identity.

Knowledge-based authentication, or KBA is the practice of proving an identity with a personally known fact, such as a social security number. But these are vulnerable to hackers. Other KBAs, such as birthdays or mothers’ maiden names, may even appear on social media for anyone to find.

For effective multifactor authentication (MFA), to simply require two or more pieces of knowledge is not enough. In fact, breaches like the one at T-Mobile release a variety of data about each victim. Some have suggested a physical USB key or even a phone, which can receive a text message with a unique one-time code. The latter category can include physical traits, which can be measured by biometric scans.

As an example, a multifactor authentication process might require a person to enter their social security number and follow-up with a code word texted to their phone. Another version might involve them entering a password and then scanning their fingerprint.

How to choose a verification solution

Choosing an identity verification solution is a big decision and one that must not be rushed. Stakeholders would do well to seek out a company that understands modern identity challenges and knows how to embrace the latest verification technologies and methods to keep you and your customers safe.

The only way to truly protect your business from the likes of fraud, money laundering, underage signups, and regulatory penalties is with a comprehensive solution that can flex to your needs. Every transaction must be considered independently; every threat vector assessed. Only then can you call upon and leverage the right verification methods for the situation.

What kind of methods should you look for? And what matter of delivery works best? Leading platforms should be able to provide everything you need to start verifying identity information under a single API. This includes methods that utilize:

1. Identity documents:

Verifying customers with automated identification document capture and certification that includes an optional manual document review;

2. Identity data:

Verifying customers with fast, global and cost-effective age and identity verification based on trusted and verified data for over billions of citizens worldwide;

3. Knowledge-based authentication:

Verifying customers with knowledge-based authentication (KBA) multiple choice “out of wallet” question sets;

4. “Smart” Two-Factor Authentication:

Leveraging ID verification and Two-Factor Authentication for the highest level of surety in customer onboarding;

5. Biometrics:

Adding a layer of biometric authentication alongside your verified identity documents with liveness and selfie checks.

The importance of staying flexible

Data risk is multi-faceted. And preventing and overcoming it requires flexibility. Holistic approaches that harness multiple methods and technologies for verification are the only way forward when it comes to protecting your business and customers from external threats.

About the author

John E. Ahrens is CEO of Veratad Technologies, the leading provider of global identity verification solutions. Veratad provides a full suite of trusted and highly flexible solutions designed to verify an individual’s identity and/or age while protecting sensitive personal data and promoting a high level of consumer privacy. Veratad’s goal is to keep clients safe without losing focus on their goals of increasing business profits, reducing costs, preventing fraud, enhancing compliance and creating a seamless online experience for customers.

DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.

Article Topics

biometrics  |  cybersecurity  |  data protection  |  digital identity  |  document verification  |  financial services  |  fraud prevention  |  identity verification  |  KYC  |  multi-factor authentication  |  onboarding  |  Veratad