Giving Your Mother's Maiden Name Is Old News to Fraudsters
NEW YORK -- Fraudsters are becoming increasingly savvy by mining social media for their victims' personal details, forcing banks and other financial institutions to turn to more sophisticated technology to thwart cyberattackers.
When consumers call their bank to make changes in their accounts, the software used by financial institutions is going beyond asking basic questions such as a consumer's mother's maiden last name since that option is becoming obsolete rapidly now that hackers already have this data.
By employing other technological advances in the biometrics sphere such as voice authentication, fingerprint ID and iris authentication, banks are striving to impede hackers and slow down their efforts to hack into their systems to retrieve sensitive financial and personal data.
Authenticating legitimate customers has been a challenge for businesses. Around 85% of customers tell companies they dislike the current methods of verifying who they are, because the process is cumbersome and wieldy, said Nadav Doron, head of real-time solutions at NICE Systems, a Ra'anana, Israel-based software solutions provider. On top of that, ensuring that customers themselves can remember their complex usernames and passwords is no longer a simple task with three out of four people who have failed the log-in process at least once, he said.
Voice Biometrics Stymies Fraudsters
Technology such as voice identification will help determine whether it is the actual customer calling, instead of a fraudster who is part of team of hackers targeting a specific bank. A handful of U.S. banks have started using NICE System's software to compare a legitimate customer's voice with the one they have in their database, said Doron.
"The software can compare the incoming call with a watch list of fraudsters and tell the company if it is a high risk call in real time," he said.
If there is a hint of a doubt, the customer service representative can follow up with additional personal questions to ensure it's the right person. The software works by recognizing an individual's voice or also analyzing a particular phrase, Doron said. The technology can break down the voice on the phone and analyze the lexicon being used.
"It's a better experience for customers and reduces their risk of being hacked," he said.
Identify theft is becoming one of the largest growing industries globally and has risen to $200 billion in lost data and fraud, according to the Identity Theft Resource Center. Combatting this issue has become essential for banks in light of the major hack at JPMorgan Chase.
Hackers are only becoming more steadfast and relentless in their efforts, since the black market for data is growing. At a major bank, a known perpetrator would call 15 times daily, because he was familiar with the bank's protocol and knew exactly what personal details he needed to provide to gain access into someone's account, said Doron. Similar to other hackers, this one had most likely purchased a list of customers from the bank, complete with the last four digits of Social Security numbers and spent only $1,000 for 1,000 people, he said.
Once additional fraud software is installed at a bank or insurance company, the hacker will "realize the door is closed at bank A," Doron said. "They will keep buying lists from websites to manipulate agents. It's an open buffet."
The majority of customers have responded positively to voice authentication technology, because staying one step ahead of the cybercriminals is an endless and formidable task, said Doron.
"Customers will wise up to it," he said. "Voice authentication is more intuitive and efficient."
Behavioral Biometrics Is Better Than Big Brother
Beyond how a person speaks, technology is now capturing how people hold and type on their smartphones, interact with websites and respond to subtle hidden challenges. Another method to thwart cybercriminals is to use biometrics to determine the individual's behavior on a website or app.
"Much like a person's signature, people have a distinct way in which they touch the screen, hold a device or type on a keyboard," said Oren Kedem, vice president of product management of BioCatch, a Tel Aviv, Israel-based software company.
In turn, the technology can create a behavioral biometric for the actual user and use it for comparison when a person goes online to validate their identity. BioCatch is working primarily with banks and e-commerce sites in the U.S., Latin America and Europe. The software does not collect or store private data and is installed by the bank or e-commerce site so it does not require any download from the customer.
"Our behavioral biometric technology is a continuous one, meaning there is no single point of authentication," Kedem said. "We continue to authenticate the customer through the entire session."
Using SmartPhones to Authenticate People
Leaving your bank card at home may prevent more fraud from occurring. The latest software can detect if you are the actual user by using an app from your smartphone to distinguish you from an image or video. This technology means you can also skip remembering complicated passwords or utilize extra gadgets.
Withdrawing cash from an ATM could prove to be safer for customers who use a biometrics-based mobile app called 1U, invented by Hoyos Labs, the New York-based software company. Once you download the app, it will link the ATM with your bank account. The camera in your phone will identify a person through the shape of his face and iris of his eyes. Hoyos Labs is currently in discussions with major financial institutions in the U.S. who plan to implement the technology soon.
This technology bypasses other types of commonly used methods of fraud such as skimmers or hacking into a username and password combo. The latest technology is to use your smartphone as the "something that you have," said Hector Hoyos, CEO of Hoyos Labs.
"It's convenient as most people have their phones with them and every smartphone is uniquely identifiable," he said.
How the Technologies Compete With Others
oice biometrics will continue to play a greater role beyond financial institutions, because technology such as iris and vein scans can be intrusive to consumers and cannot be used in all situations, Doron said.
%VIRTUAL-pullquote-We think that a number of biometrics show considerable promise, including iris, face and fingerprint recognition.%Smartphones will continue to play a key position, because their sensors and processing powers are sufficient to provide a "convenient biometric capture platform," Hoyos said. Indeed, smartphones can perform both facial and fingerprint ID, eliminating the need for username and password combos in the future, Hoyos added.
"We think that a number of biometrics show considerable promise, including iris, face and fingerprint recognition," he said. "We are in the process of developing a new way of working with fingerprints to provide a system that is more reliable than reading a single fingerprint."
The best way to combat fraud is to combine the various biometrics options, said Mark Cornett, chief operating officer of NexID Biometrics, a Potsdam, New York, fingerprint liveness detection software company.
The NexID Biometrics technology is currently used at scanners in airports for passengers and is expected to be available to consumers in their portable devices such as tablets and smartphones by the first half 2016, he said. The company dedicates its research to come up with the best spoofs so that its technology can "stay head of the bad guys," Cornett said.
"Our technology is not a cure-all," he said. "We see ourselves as a piece of the puzzle since it is more convenient."
Using multiple types of authentication methods will become the norm as more biometric options are added onto mobiles, said Geoff Sanders, CEO of LaunchKey, a Las Vegas-based mobile authentication platform. Fingerprint scanners are now popular on Apple and Samsung phones because of "their ease of use and enhanced security, while iris scanners are beginning to hit the market," he said.