The online world and its role in our daily lives has expanded enormously over the last 18 months. People of all ages have embraced online-first living and the advantages it offers, whether that’s cutting down commutes, receiving online food deliveries or setting up bank accounts from home. However, this online activity comes with substantial risk. There is more personally identifiable information (PII) being used to register and utilise online services than ever before. And, unfortunately, fraudsters are getting savvier at finding ways to exploit this.
The Accellion hack from well over six months ago reminds us of this. Despite some time passing since the breach occurred, it’s only just been confirmed that attackers stole personal information belonging to Morgan Stanley’s customers, including addresses and Social Security numbers which likely will have been sold on the dark web for as little as $12-$20. This data can then be used by fraudsters to set up new, and access existing, accounts. This means that it’s no longer a certainty that someone using an online service is who they say they are. For this reason, businesses must take steps to protect themselves and their customers. One crucial way to do this is by investing in strong identity verification across ecosystems.
Embracing digital transformation
Many companies have used the last year to jumpstart their digital transformation efforts, but with a digital problem of this scale, it is vital that organisations continue to accelerate the transition and build in the necessary operational resilience. One area which continues to be overlooked somewhat in corporate digital transformation strategies is digital identity verification. This is massively worrying as it holds the key to combating the threat of stolen PII and can ensure that a person’s digital identity matches their physical identity when conducting any business online.
Industries prime for overhaul
One industry that needs to be particularly cautious of the threat of stolen PII is healthcare. With 67% of UK healthcare organisations having experienced a cybersecurity incident in the last decade, and with 2,550 healthcare breaches having impacted more than 175 million medical records, healthcare is particularly vulnerable. This is due to the significance and the volume of the information available. Medical records can be listed for up to USD $1,000 on the dark web, 10 times more than the average credit card record, making it a tempting target for fraudsters.
Progress is being made and a new study by iGov and BT reveals that the majority of the UK’s leading health providers are accelerating their digital transformation plans this year. However, organisations in the sector must address this important aspect of identity verification to be completely protected.
Verifying your customers
The problem now is quality, not quantity. While data breaches fell by 48% in 2020 compared with the previous year, the volume of records compromised by these breaches jumped by 141% to a whopping 37 billion, the largest number seen by RSB since 2005. The impact each breach can now have is unlike what we have seen before and therefore, being able to accurately establish and authenticate an identity is the key to keeping people’s data safe.
Identity verification can be conducted quickly and easily at account opening stage and on an ongoing basis. The process starts with the customer photographing their government-issued ID (e.g., driver’s license, passport) via their smartphone or webcam and then taking a corroborating selfie. During the selfie-taking process, a biometric face template is created to ensure the person behind the ID is the person creating the account. The identity verification solution ensures that the ID document is authentic and that the person in the selfie is the same as the ID. This method can then be used to verify users as they make further transactions. All the user has to do is take a fresh selfie to generate a new biometric template which is then compared to the original. This then verifies the user’s digital identity in seconds thanks to AI advancements.
Security doesn’t have to stop here. For businesses dealing with more sensitive data, such as financial services organisations or healthcare providers, they can layer in several identity services to improve the level of assurance. However, if the business employs multiple methods, being able to orchestrate them all seamlessly, in line with regulations, is essential.
The growth in how much we use the online world is matched by the growth in opportunity for fraudsters. While companies have taken significant steps to revolutionise the way they work online, it is still not enough. Identity verification continues to be a sticking point and with hacks like Accellion’s causing damage across ecosystems, this technology must become a priority. Companies need not live in fear of fraudsters infiltrating their systems with stolen PII as long as the right systems are put in place to protect them.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.