Throughout the pandemic, financial institutions were tasked with the responsibility of thwarting fraudsters while ensuring that customers experienced a streamlined process. Customer expectations have changed as technology continues to grow and evolve, though. They demand a better end-to-end experience.
To keep up with increased demand, banks have adopted solutions to speed up the verification process. They need to offer convenient access to accounts and highly sensitive personal data.
Biometrics, for example, gives banks the ability to move beyond simple identification. They no longer need to rely on what a customer knows or has in possession. Biometric technology instead drills down to identify the user based on physical characteristics; essentially, who the customer actually is, rather than what they have.
Biometrics provide stronger fraud prevention compared to traditional methods of authentication. However, criminals are finding ways to evade these advanced security systems. Social engineering scams can now target people directly and trick them into giving out personal or financial information.
In this article, we’ll look at one of the tricky ways that fraudsters are attempting to bypass biometrics and discuss how financial institutions can better protect their customers.
How is Biometrics Authentication Used in Practice?
As we previously mentioned, traditional methods of authentication have always relied on validating an individual’s identity based on something the customer has. Examples include a phone number or device identification, or something they know, like a password. Both are easily susceptible to fraud, leaving the customer exposed if that data is stolen.
Biometric technology goes a step further and authenticates someone’s identity based on physical characteristics. Voice biometrics, for instance, are becoming more popular.
Voice biometrics can help streamline transactional processes, especially within the banking industry. Customers are asked to verbally provide a passcode, which is then stored and retrieved whenever needed to compare a customer’s voice to the original.
The process of including a passphrase to validate a customer over the phone provides a much-needed layer of authentication. Voice ID has helped reduce telephone banking fraud by about 50%. Overall, biometric technologies have had a positive effect in combating fraudulent attacks on financial services.
Adopting Biometric Authentication Could Open the Door to New Fraudulent Tactics
The rise of biometrics has undoubtedly seen success in preventing fraud. However, there are some new threats on the horizon to keep an eye out for.
The process of manipulating videos and other digital representations by sophisticated artificial intelligence is known as “deepfake” technology. It can present completely fabricated images that look—and sound—like the real deal.
Because we’ve seen this used across the internet by people posing as celebrities, many are quick to write this off as an insignificant practical joke. The implications of what this kind of technological ability could mean, though, shouldn’t be taken lightly. In the wrong hands, deepfakes could be disastrous to the future of biometric authentication.
Criminals now have the technology to impersonate anyone from celebrities to chief executives. As technology improves and criminals have better access to images, videos, and social media accounts, highly fraudulent deepfakes are becoming increasingly popular.
When it comes to the biometric authentication being used in banks, it’s a threat we ought to keep an eye on.
How Worried Should We Be?
Deepfake technology might have the potential to be detrimental to the banking industry. To help us better understand the risks, though, let’s first look at how biometrics-based authentication actually works.
Voice biometric software can identify differences that the human ear simply can’t pick up on, making voice biometric ID an invaluable asset to fraud prevention. When compared to the real thing, deepfakes create a poor imitation of someone’s voice when analyzed at the digital level.
The ability for any deepfake to successfully fool biometric-based solutions will depend on the type of liveness detection. This identifies whether the user is a real person based on the way they blink, move their eyes, open their mouth, or nod their head.
There have been instances where a deepfake has bypassed systems that rely on liveness detection, such as videos created to replicate faces blinking or opening their mouths. However, hackers still have a difficult time successfully exploiting this technology for monetary gain.
What’s the Solution for Banks?
Amidst this new threat of deepfake technology, one of the best ways to ensure bank accounts and personal data remain secure is to implement multifactor authentication.
A PIN code by itself might be susceptible to attack. A combination of voice, face, and a PIN code, however, will prove a more formidable defense. Faking all three in the same instance would be almost impossible.
Banks should take care to utilize multiple authentication factors, as well as ensure their employees are trained to recognize deepfake technology. The more educated banks and their customer base are, the better chance they have of fighting back against these new fraudulent attacks.