By Stephen Stuut, CEO of Jumio
In today’s complex cybersecurity landscape, the notion of utilizing a password to validate a
The user’s authenticity is rudimentary.
Cybercriminals can retrieve passwords in a variety of ways. One of the more common
processes is via a breached network or public Wi-Fi services found in public areas like
transportation venues and restaurants. And it’s a simple three-step process:
The fraudster creates a Wi-Fi hub that’s identically named to the venue’s legitimate Wi-Fi
hotspot.
Customers then log onto the fraudster’s hotspot, which contains malware that allows the
fraudster to access their machine.
The fraudster then accesses the customer’s online accounts, at the same time hacking
their password using fraudster cryptography tools.
Recently, a large search engine provider experienced a major data breach in which a hacker
was able to steal login information for 200 million email accounts. The stolen records are
currently up for sale on a darknet marketplace that offers illegal goods. For 3 bitcoins, or $1,824, anyone can buy the stolen records and, once retrieved, can likely access personal information for each user. Passwords remain a vulnerability within the threat landscape. To combat this threat, companies need to implement more secure means of verifying the person making the transaction is in fact who they say they are. Biometric facial recognition with liveness combined with a government-issued form of identity is the next trend in securing individuals and businesses.
A password is a secret string of letters, numbers, and symbols that validates someone’s identity, and allows that user to access proprietary information such as email messages, medical records, social media accounts and more. However, passwords remain targeted by
cybercriminals because of their value. When breaches occur by cybercriminals or hackers,
passwords are often released to their “dark” network and can be sold or purchased for malicious intent. The cyber tech industry needs to do more to maximize consumers’ security; starting with replacing passwords with facial recognition.
Facial recognition is quickly helping address fraud issues within a number of industries, such as financial services, travel and transportation, businesses that fall within the sharing economy, online gaming and more.
With online and mobile transactions on the rise, there are more ways to pay than ever. Whether it’s opening a new account, transferring money, or adding a payment card to an application that’s used frequently (such as shared ride services), online and mobile payments are skyrocketing. This growth also comes with an increased security risk, and companies offering these payment methods are continually challenged to provide processes that will build trust, ensure safety and reduce fraud, while simultaneously maintaining convenience.
In a recent Business Insider article, Malcom Marshall (Global Head of Cyber Security with
KPMG International) sheds light on the problems with passwords: “It’s time we found ways to get rid of the password. They are no longer viable and considering the extent of how much we live our lives online, we need to find ways to make ourselves more secure. After all, think of how many passwords we use and how hard it is to remember them all. Even I have had to constantly reset my passwords because I keep forgetting them,” said Malcolm Marshall, Global Head of Cyber Security practice at “Big Four” accountant and consultancy KPMG International. While a step in the right direction, multi-factor authentication methods are missing the mark; the use of a password or security code is not a secure way to confirm an individual is the said owner of an account. Password and codes passed via mobile devices can be hacked and there is no proof that the mobile device is in the passion of the owner.
A recent report from the National Institute of Standards and Technology referred to the process of multi-factor authentication as insecure because the phone may not be in possession of the number and the SMS may be interrupted. However, for a better approach, utilizing a combination of one or two government-issued IDs with live photo and facial recognition, companies can ensure that an ID is valid and the person in possession of the ID is in fact the genuine ID owner.
Facial recognition is also the first step in knowing a business’s customer – and ensuring that the person trying to access private information is, in fact, the appropriate person attempting to do so.
Facial recognition providers can turn a smartphone or computer into an ID scanning terminal that captures and verifies an ID and other credentials to meet Know Your Customer (KYC) requirements – and ultimately reduce fraud. The missing piece within the password puzzle is one that offers digital identity verification – or facial recognition that includes liveness. This technology can replace passwords by identifying and authenticating users for all online services, including commerce and banking. It enables apps, websites and other services to recognize users, and therefore dramatically changes how we make online transactions all while decreasing the potential for fraud and identity theft.
About the Author
Stephen Stuut, CEO of Jumio
