Identity fraud is currently higher than ever, recent figures from fraud prevention organization Cifas revealed. In 2017, the organization recorded more than 300 000 cases of identity fraud in the UK alone. It is this worrying increase that formed the basis for the requirement in the revised payment services directive (PSD2) for strong consumer or two-factor authentication. Safety has now become the number one priority for many financial organizations, and if it isn’t, it should be.
Identity fraud can have serious consequences on everything from your finances to all other areas of your life. So, how can identity fraud happen, and how do we deal with the challenge of overcoming it? Could the mobile phone be the answer to counteracting the threat of identity fraud?
Synthetic identities
Today, most of us have very active lives online; for example, we use our cards to buy goods and services at home and abroad. As a result, our personal data is stored in a number of different locations by a variety of organizations. Many of these databases are unconnected, which makes it possible for fraudsters to create synthetic identities. They do this by combining a little bit of real data from the dark web with some fake data, putting the mix into the ecosystem, and before you know it, a completely new identity is generated.
New channels
In this rapidly innovating digital economy, consumers and businesses are always looking for new channels to build onto existing channels or services. Unfortunately, when a company expands the number of channels it offers to its consumers, it also makes more channels available to fraudsters to attack.
Fraudsters can use some of the methods described here to commit identity fraud. Using the synthetic or stolen identity, a fraudster can falsely place orders, transfer and withdraw funds, and open fake trading sites. Another way of committing fraud is by intercepting digital communication between banks and customers, and pretending to be the hacked person at a later stage.
The challenge
The challenge now facing the financial industry is protecting consumers’ data while still allowing them the freedom to transact online. Traditional approaches to protecting data are clearly no longer effective in this age of digital innovation. One way of solving this challenge is to make the consumer an active participant in identity protection.
As previously mentioned, the PSD2 requires strong consumer authentication to ensure the identity of consumers when conducting digital financial transactions. This takes the form of a two-factor authentication process, which requires consumers to authorize a payment by identifying themselves using at least one of the three following factors: something the user has, something the user is and something the user knows.
Smartphones as secured identity devices
In today’s digital age, almost everyone owns a mobile phone, which they usually keep close to them. This makes the mobile phone ideal for use as a possession factor (something the user has). To make a transaction, the user needs to physically be in possession of the phone, so now not only do fraudsters have to hack into the digital channel or account of the user or financial institution, they also have to have the mobile device. To be successful, the deception must take place both physically and digitally, which is much more difficult.
As well as acting as a possession factor, a mobile phone can be turned into a strongly secured identity device. An extra secured channel can be integrated into the banking system so that the payment channels are leveraged and secured. These channels are continuously leveraged in real time, meaning that consumers can be alerted immediately, by a push notification, that a transaction has been requested. Consumers then have to actively verify whether the transaction is legitimate and authorized. Institutions using this two-factor authentication method have seen fraudulent transactions decrease significantly.
Finally, smartphones can also embed the two other factors that can be used for strong consumer authentication: ‘something the user is’, for example, fingerprint scanners, and ‘something the user knows’, for example, passwords or PINs.
By turning smartphones into strongly secured identity devices, they have become the best security measure we have to date against identity fraud. Financial institutions especially, which are being increasingly targeted by fraudsters, should benefit from this solution.
About Claudius van der Meulen
Claudius van der Meulen has been working with Entersekt since 2013 and is their Senior Vice President of Europe since 2017. He manages Entersekt’s European business from its offices in the Netherlands. Claudius is a seasoned salesperson with two decades’ experience working in IT at companies like Sun Microsystems and ACI Worldwide.
About Entersekt
Entersekt is a globally operating, innovative fintech company that offers proactive customer authentication and app security to financial service providers. Entersekt is a pioneer in security solutions for transactions and combines the power of technology and the convenience of the smartphone to offer financial service providers and their customers effective protection against digital fraud.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now