In the 1970s, federal regulations such as Know Your Customer (KYC) required financial institutions to establish stronger measures to defend their customers against data breaches and theft. In addition to encouraging stronger passwords, financial institutions began implementing multifactor authentication (MFA) to ensure legitimate identity. This extra layer of security requires users to provide an additional piece of information, such as a PIN or randomized, one-time password (OTP) sent to an object (an individual’s phone or computer) in the form of an SMS or email.
Security tokens – physical hardware such as a fob, USB drive or keycard – are also highly effective security tools. These connectionless devices, which cannot be duplicated, remotely hacked or spoofed, are activated in person and provide two-factor authentication by generating a new OTP for each login. The disadvantage of object-based verification is the possibility of loss, theft or damage, and the inconvenience of deactivation and replacement.
Currently, the highest form of security is biometrics. A personal device (such as a phone) is the token, and the verification is a unique biological trait (fingerprint, voice sample or facial feature) or a behavior (typing rhythm, signature dynamics or voice pattern). In addition to the strength of security they offer, biometrics provide significantly less friction; users no longer have to remember passwords or safeguard physical items.
While the specificity of biometrics makes it difficult to impersonate an accountholder, the risk of biometric data breaches still exists. It is crucial that organizations remain vigilant in their efforts to provide the highest level of security. It’s the only way to stay ahead of increasingly sophisticated cybercriminals seeking to exploit weaknesses in new software, platforms and devices.
New identification technologies are entering the development phase all the time. Some may never gain traction in the marketplace, while others will prove to be the right solution at the right time. Many will likely harness emerging technologies such as AI and biometrics for use in common applications, such as cameras and recording devices, to confirm identity and detect anomalies. Tech giants such as Google and Apple are working together to create stronger solutions to eliminate as much uncertainty in authentication as possible. Those new approaches include ways to identify users through a web browser.
In a fast-paced environment that requires both proactive strategy and flexibility, the core of identity verification is trust. Financial institutions that educate accountholders about the necessity of continuously evolving verification technologies will help address concerns and ease customer resistance to “what’s next.”
Learn more about providing ongoing protection from harm: