More companies (beyond those required by law) will adopt stronger identity verification methods to combat continued data leaks says Alain Meier.
Massive data leaks continue apace. While the types of information collected in each hack / data breach varies, it’s becoming clear that data source verification – with just a Social Security Number, date of birth, address, or knowledge-based authentication – isn’t sufficient security for most account sign-ups. Bad actors can buy this data quite easily on the dark web.
In 2022, we will likely see other industries beyond financial services start to require additional methods of verification for new customers when they sign up for an account. The technology is here: it’s now incredibly easy for a customer to verify that they physically possess the required ID documents, and that they are a real live person signing up for a service.
Importantly, advances in AI and machine learning mean this verification process can be entirely automated and completed in seconds, so there’s no additional burden on customers for this added layer of security.
Covid revealed the fragility of “human in the loop” verification methods, where an actual human must review each selfie or document. One verification company, for example, uses humans around the world to verify passport documents for airline check-in kiosks. We expect that companies will move to more automated solutions, which also benefit end-users with far faster verifications.
Synthetic identities will pose an even greater risk to identity security in 2022
An unintended consequence of the Social Security Administration randomizing SSNs has been the rise of synthetic identity fraud. As a result, many of today’s fraud detection systems can’t quickly verify the authenticity of an SSN.
Synthetic identities are often either valid SSNs combined with valid personally identifiable information (PII) from another person, or entirely fabricated SSNs and PII, like a shipping address.
The insidiousness of synthetic identity fraud is that it is often “victimless,” in that there is no specific person they are looking to defraud. Instead, it’s usually the platform itself. With no personal victims, these fraud attempts are far harder to detect, because there is no one to alert the platform.
Once again, requiring multiple forms of ID verification can solve this problem – specifically, requiring a liveness and documentary verification can help ensure that the person signing up for the account has a real document, that the data on that identity document matches what they entered, and that the person is a living human (whose photo also matches what was on the identity document). In 2022, we expect to see more organizations adopt this multi-factor ID verification to thwart synthetic identity fraud on their platforms.
Conclusion
It may seem like the threat of fraud and bad actors is greater than ever before, especially as the pandemic has pushed much of our financial lives online. The good news is that the technology exists today to help thwart these bad actors, without introducing any real burdens to legitimate customers. With widespread adoption, we believe that 2022 will be the beginning of the end of online identity fraud.
About the Author: Alain Meier if a Cofounder and CEO of Cognito.
Cognito is an automated way to reliably verify the identity of your customers using just their name and phone number. Our API is used by businesses to verify the legitimacy of customer data to reduce fraud and to comply with Know Your Customer (KYC) and anti-money laundering regulations (AML).
Source: Helpnetsecurity.com
