Over the last several years, major data breaches have shaken the corporate world. In 2018, for example, 30 million Facebook accounts were compromised, 150 million records were stolen from Under Armour, and 500 million records were swiped from Marriott. Not only can these breaches wreak havoc on business operations, they can also be prohibitively expensive. In 2017, global identity fraud accounted for $16.8 billion in financial losses.
The growth of identity and account takeover fraud is fueled by the advancements of bots capable of performing upwards of 100 attacks per second—essentially supporting limitless account takeover.
Many of the compromised records end up being sold on the dark web for a few cents. Unscrupulous actors then buy the records, creating the foundation for other more targeted security attacks on companies and individuals. According to TrendMicro, 550 billion individual documents exist on the deep web today—and all of those records contain data that can be used to forge more sophisticated attacks with consequential financial losses.
What’s at stake? Tons of money, your company’s reputation, and your customers
When identity fraud occurs, the company purse takes a hit. In fact, losses from online transactions are expected to reach $26 billion by 2020. Unfortunately, this fraud is becoming increasingly widespread; 89% of financial institutions executives agree that account takeover fraud is the main source of financial losses across digital channels.
But the aftereffects of identity fraud don’t stop there. Companies lose more than just millions. Their reputations and clients are also at stake.
A recent Forbes report found that 46% of breached organizations also experienced a damaged reputation. For publicly listed companies, brand image may be the most significant asset.
Marriott’s recent breach ended up costing the chain $28 million in expenses. Making matters worse, the hotel chain was then hit with a fine of more than $120 million for violating British citizens’ privacy rights under the GDPR. In turn, Accenture, the consulting firm which oversaw Marriott’s tech infrastructure, is being sued for allegedly playing a part in the data breach, precisely, a “failure to maintain adequate security controls to detect and neutralize known and obvious security threats.” The consultancy’s reputation is taking a hit, too.
ZDNet estimated that between direct costs and indirect losses caused by customers shying away from the company in the future, Marriott could ultimately see billions of dollars in lost revenue. This makes sense because, as Twilio informs, 86% of customers stop patronizing companies who have been breached.
How companies can protect against fraud: Security by design
No matter the industry, identity fraud and account takeover can translate into a ruined business. With so much on the line, it is critical that businesses do everything in their power to protect against breaches.
One way to do that is by implementing security measures during the account creation process with sound identity verification proofing technologies. The username and password should never be the only security mechanisms in place. Instead, they should always be complemented by other security measures such as biometric authentication.
Experian’s Global Identity and Fraud Report indicates that 74% of consumers already believe biometrics protect their information better than a password. This is good news, as 90% of respondents to the EMA survey have experienced significant password policy violations in just the last year. The most frequently reported violation was using identical passwords to support multiple accounts (39.06%).
As such, educating users about the importance of password hygiene and the dangers associated with password recycling is a much-needed step in the right direction. Companies should always assess risks and implement various security mechanisms depending on their users’ rights and switch to dynamic fraud prevention like continuous authentication.
Changing attitudes toward biometric authentication alternatives
⇒ 86% of CIO, CISO, and Security VPs would abandon password authentication if they could, according to a 2019 study by IDG.
⇒ 67% of consumers are comfortable using biometric authentication today, while 87% say they’ll be comfortable with these technologies in the near future.
⇒ 75% of millennials (consumers between 20 and 36 years old) are comfortable using biometrics today, according to the 2018 IBM Future of Identity study.
Corporate biometrics authentication to protect against identity fraud
Consumers’ attitudes are changing alongside corporate identity and access management (IAM). In fact, 88% of global security leaders believe that mobile devices will soon serve as a digital ID for accessing enterprise apps and data. What’s more, Juniper Research estimates that more than 1.5 billion people will use mobile biometric software by 2023.
As time goes on, cyberattacks are becoming more frequent and more sophisticated, which has resulted in ever-increasing corporate security budgets. From both a user and a security standpoint, the password has often proven obsolete, and security experts are looking for new authentication methods.
Hardware tokens, also regarded as an additional security layer, have largely been seen as detrimental to the user experience when compared to biometric authentication on mobile devices, which has already proven very popular on the consumer side.
As a result, 72% of security leaders see biometrics as more user-friendly than passwords versus just 58% favoring tokens over passwords for ease of use. The majority of IT departments are actively evaluating biometrics, with 82% of respondents identifying at least one of the basic biometric approaches as a passwordless solution.
Typing biometrics passwordless secure authentication alternative
TypingDNA has developed proprietary AI algorithms to authenticate people based on how they type on their keyboards. Typing biometrics can be used to upgrade authentication in businesses worldwide across all industries. Our experienced engineers have developed a customizable solution able to complement any authentication need, regardless of size or use case.
With TypingDNA, companies can choose the most suitable authentication factors and define the authentication flow opting for typing biometrics, SMS one-time password (OTP), email OTP, or on-device protection with continuous authentication solution. TypingDNA’s mobile authentication is also suitable for native implementations on iOS, Android, and React Native.
Created with a high focus on user experience, this stealth, and secure solution can prevent fraud and money loss and comes with the benefit of decluttering customer support to allow better service for critical tasks.