CSOs and CISOs are struggling to control the escalating number of digital identity threats as the fraudsters are coming up with more and more sophisticated tricks to blur and abuse the enterprise security systems
Deepfakes have come up as the easiest and the most popular way to legitimize fraud identitIES and trick people into making transfers. Trust is the most crucial aspect of any transaction – making Deepfakes the most dangerous tool in every cyber criminal’s toolkit when it comes to identity theft.
According to McKinsey, the digital identity market increases the overall economic value of a nation by up to 13%. However, the Javelin Strategy reported that in 2018, imposter scams became the most frequent complaint that was reported to the Federal Trade Commission. And, with the emergence of new technologies like facial recognition to augment people’s identity offerings, new challenges in security have soon followed.
Verified identity frauds are related to breaching verification and authentication technologies to create assurance levels to perform fraud transactions. A KYC survey conducted by Thomson Reuters estimated that the KYC processes cost around $500 million each year. Also, it concluded that the KYC process is time-consuming, and the verification process is very tricky too. A verified identity is also a valuable commodity to the cybercriminals. The fact that the ID fraud plagues financial transactions with 2018 witnessed about a 55% increase in online fraud – clearly proves the point.
Synthetic IDs create “blended” identities patched together from fragments of data identification that are selected from data breaches. The initial months of 2019 saw about a 54% increase in data breaches – cybercriminals used the process of “channel separation” to conduct frauds. Channel separation is a process where the fraudsters take multiple pieces of ID data–e.g., names, Social Security numbers, birth dates –and mix them up to avoid doubt or detection.
From a fraud perspective, both verified and synthetic options seem lucrative and safe. But, if a cybercriminal uses a verified identity, the likelihood of success is more. So, it is essential to create verified identities robustly so that they are difficult to crack. This is a challenge to the service providers to maintain high assurance level IDs.
Facial recognition is also gaining popularity as voice and face are a natural fit for the consumer’s digital identity use cases. The reason for such popularity is that it enhances user experience and makes it fun too. However, biometrics is easy for fraudsters to crack. The Deepfakes can wreak havoc on the digital identity industry if the security systems are not rigorous enough.
If the security officers don’t buckle up, the time is not far when deep fakes will help in the creation of a verified credential, which can be misused to build a high assurance identity. It will take synthetic IDs to entirely new heights, crossing the gap into the verified identity land. Once that happens, online transactions will be exposed to an unexpected level of abuse. In effect, they will become fraudulently legitimate.
Digital identity, by definition itself, is a central point of failure in any online transaction. Ensuring high levels of assurance within the complicated structural requirements of consumer systems is a severe challenge. While inputting face and voice biometrics into the digital identity platforms and services, one must keep the deep fake fraud in mind. Firms must harden their digital identity application design against all possible types of attacks. Deepfakes will make it challenging for systems to use them to verify and perform identity checks and to carry out biometric-assisted transaction authentication. And, the security leaders need to start thinking like the hackers to combat this situation.