This content is part of the Essential Guide: Mitigate IoT security risks with a strong defense strategy
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

I lost my identity at Money20/20 so you don't have to

Two of the main themes echoing throughout the halls of the recent Money20/20 finance conference in Las Vegas were trust and identity. Knowing that you are who you say you are has become trickier than ever. According to Javelin Strategies, in 2018, identity theft and fraud hit a new record high, costing the U.S. consumer $16.8 billion dollars. In 2018 we watched wild-eyed as everything came under attack, from our Facebook accounts to our mobile devices to our election votes.

The fastest growing fraud is in card-not-present transactions. Online purchasing by typing your credit card number or making a mobile payment is prime fraud frontier. Fraudsters have honed their “digital synth” skills to create fake digital consumers with false identities. Aite Group predicted that synthetic identity fraud will continue to grow from at least $820 million in payment card losses in 2017 to over $1.25 billion in 2020. Faster payment platforms will be prime targets as they continue to gain traction. The trick for retailers and institutions is to make the verification process for consumers feel natural and easy while doing their stuff better than ever.

As I walked the exhibit floor of Money20/20, I threw caution to the wind and became a personal experiment in just how many ways there are to verify your identity, especially for financial and retail transactions. I forked over my bodily credentials to more companies during that three-day conference than I had in the previous six months. I had at least two iris scans, four fingerprint checks, a voice check or two, a couple of face-detection sessions and numerous instant assessments of my creditworthiness.

In all seriousness, I walked away feeling somewhat reassured that new ways to use biometric, behavioral, big data and AI in combo will help us detect fraud with increasing precision and speed. Here’s some of what I learned:

  • Liveness is important. Jumio is a biometrics company that’s implemented reputable facial detection systems. It compares your government-issued ID to your selfie as part of the onboarding process for companies that include Airbnb. Now, through a partnership with Facetec, the company can suss fakesters with more accuracy. Facetec adds a sort of video selfie to the process, creating a 3D face map that’s much more difficult to spoof.
  • Two can be better than one combos. Many of the products combined biometric information. Sensory cleverly combines face recognition and voice detection. A voiceprint along with a video of the customer speaking a word is their authentication. Consumers can use this on their own devices. To try it out, go to the Google Play store and download Applock by Sensory.
  • Malware can be beautiful. My inner artist was intrigued by BioCatch’s “The Art of Fraud,” an online installation of art depicting the spread of malware and fraud. The company is best known for using about 400 behavioral biometrics, including your handedness and which way you swipe on your phone, to separate potential fraudsters from the real McCoys.
  • When to verify makes all the difference. Uniken takes a different attack. “Today,” said Bimal Gandhi, the company’s CEO, “our business MO is to connect and then verify, but we should be verifying and then connecting.” Uniken makes sure you are who you claim you are before the connection is made, hence minimizing the chance of damage.
  • A smarter network. At Cisco, financial services industry lead Al Slamecka focused on how, over time, more and more intelligence will make its way into the network with products like the company’s Clarity. Scanning the network will reveal data flaws so we’ll more quickly understand data flaws.
  • Am I an alien? It could have been the whirlwind speed of my “identity trip,” but I could not manage to get Princeton Identity’s iris scan to read my irises — it reminded me that iris scanning needs a well-lit room and wide eyeballs. Fingerprints are also problematic. Anyone who uses the fingerprint scanner on their mobile device knows there’s about a 20% failure rate whether it’s because of the angle of your finger or the smudge on your scanner.
  • Finally, little known security fact. Socure assesses your identity through a variety of machine learning rules and data sources that go far beyond traditional credit scores. I happily gave them the usual name, address and date of birth, but when I looked at my worthiness, I had lost points for having a VoIP line. Fraudsters, it turns out, have a higher likelihood of using a VoIP line.

Bottom line? There’s a saying that goes “If you want a job, go into IT; if you want a job for life, go into cybersecurity.” It’s always going to be an arms race to keep one step ahead of the unsavory, especially as more payment devices join the internet of things. The best defense is all defense. Personal protection on your devices, big data culling for anomalies, more intelligent networks and faster reporting systems all play their parts.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.

Data Center
Data Management