Mum and Dad are our biggest security risk!
Your mother’s maiden name – the name of your first pet – the city you were born in. What do these all have in common? Not only are they popular security questions for online authentication but given the culture and our tendency to overshare on social media, they are no longer the most “secure” security questions.
With sites like Facebook growing in popularity with the over 55s, are our loving parents actually the weakest line of defence in protecting our digital identities? If they insist on posting personal information on our behalf, says Callsign CMO and go-to-market strategy head Sarah Whipp, have we exposed ourselves more than we realise? Will our proud, boastful parents have more to talk about on social media as they reminisce about our childhood and reveal the answers to our basic security questions? This could be the case and is becoming a dangerous reality that we face daily.
Growing problem
Identity fraud is a growing problem. Research by Cifas, the UK’s leading fraud prevention service, indicated in last year’s report that identity fraud continues to rise, hitting an all-time high of 174,523 cases in 2017 (up 1% from 2016). Furthermore, 95% of these cases involved the impersonation of an innocent victim. Therefore, it’s clear that as Generation Alpha grows up, we’ll need better authentication processes beyond these traditional security questions to mitigate this burgeoning problem.
So, if verification questions are becoming easier to compromise what is the solution? Firstly, companies should start to use deep learning techniques to combine behavioural analytics with multi-factor authentication, thus securing access to services whilst uniquely ensuring the most frictionless and transparent user experience.
By focusing on where hackers attempt to break the security barrier, companies can pin down the authentication requirement and catch criminals in their tracks.
Technology that combines hard (facial recognition, fingerprints, iris scanning) with soft (behavioural characteristics, how you type and hold your phone) biometrics will create a different, more intelligent approach that will sometimes remove the need for layers of active authentication.
Advances in Artificial Intelligence and Machine Learning means tools have been developed which removes the need for account verification questions, such as ‘what was the name of your first pet’. Rather than asking the user for information, this system relies on learning the customer’s patterns and behaviour, including location – where is the access request being made and behaviour; assessing the user’s interaction through the log-in process, from key strokes to the ‘style’ of their swipe.
Unique behaviours
This type of technology learns the unique behaviours of customers and online habits and facial recognition will help to determine whether someone’s behaviour is normal or not. If there are anomalies, then companies know to add another layer of security.
Not only is this type of solution more secure, it also adds minimal friction to the user journey. This means there is less danger of a customer upping sticks and moving to a competitor because they are frustrated with the number of security steps they must go through during a transaction.
In addition, it’s not always about completely removing the friction out of online payments and security authentications, sometimes it’s more about putting it in the right place and keeping customers satisfied. Increasing smooth payment journeys and cutting time off from transactions are some ways that can improve the customer experience to carry out online payments, whilst also using AI and Machine Learning in place of passwords and other log-in information.
If companies don’t address the verification question problem soon, then they are irresponsibly exposing their customers to risk of hacking. Security risks that we face in everyday life highlight that we need stronger authentication processes when using apps, logging into online banking or accounts and can come from the most basic source of places – Mum & Dad.
But, advances in technology have shown us that we are on the way to more intelligently and securely identifying individuals. Traditional authentication methods will be succeeded by far superior and more effective processes that ensure these traditional security questions that can be easily compromised by Mum & Dad’s effusive social presence are mitigated against.
The author is Callsign CMO and go-to-market strategy head, Sarah Whipp.
Comment on this article below or via Twitter @IoTGN