Passwords have long been an archaic form of access security. A recent survey showed that one in 10 people would rather get a root canal or a filling than create a unique password for every online account they have. It’s not surprising to learn then that 50% of those surveyed reuse passwords and one in five have a core password that they adapt to meet brands’ password strength requirements.
But what hadn’t come under such scrutiny – or at least until the NY Times broke the story – was the question: what happens when you forget the password to relatively new assets such as cryptocurrency? Stefan Thomas is the man who has two guesses left to figure out the password to his IronKey, a small hard drive that contains the private keys to his digital wallet. A wallet that contains 7,002 Bitcoin, which at the time of writing is worth around $220 million. The problem is, Thomas can’t remember what the password is. And with an IronKey, there’s no reset button.
The past year has ushered in dramatic changes in expectation in how consumers interact with finance. From account opening to transaction approval, consumers want ease of access coupled with strong security. Let’s look at the lasting effects of the pandemic and how financial services companies are leading the charge in putting an end to passwords.
COVID-19 and the surge in online identity fraud
What we’ve seen over the last year is that COVID-19 has dramatically accelerated the wave of online fraud. Most businesses are now operating at least partially online, providing a perfect landscape for attackers looking to harvest and exploit valuable data. It may be no surprise to learn that financial services have been most impacted by identity fraud, followed closely by professional services. It’s an understandable parallel that as the amount of sensitive information being passed online has increased, so has the number of attackers trying to intercept it.
The level of ‘easy’ fraud, i.e. low-quality fraud often conducted by first-timers, has grown 23% year-over-year, from 57% to 70%. This suggests that financial uncertainty brought by the pandemic is pushing people towards fraud as a new side hustle.
Many businesses previously operated on a face-to-face basis with their customers. For example, bank branches are a mainstay of the high street, bustling with activity from taking out mortgages to day-to-day banking. Those branches could not open during the pandemic, meaning customers were pushed to other channels, chiefly online and telephone, overnight. And many companies won’t go back to offering in-person experiences to the same degree, continuing to work with customers remotely. British high street banks, for instance, are planning more branch closures for 2021 than in 2020, as lenders focus more on their digital offering. This means that now more than ever, we need fail-safe know-your-customer and fraud prevention policies.
The added pressure from Bitcoin and NFTs
On top of the rising wave of identity fraud is the rising value of digital hauls up for grabs in the form of digital currencies, assets and the newly-embraced Non-Fungible Tokens (NFTs). Fraudsters will often go after the most lucrative targets, so it’s unsurprising that these platforms are already seeing a surge in fraudulent attempts. At Onfido, our analysis has shown that identity fraud has increased 2.3x year-on-year, following the 4x increase in the price of Bitcoin.
But it’s not just identity fraud that investors have to worry about. As Stefan Thomas found with IronKey, many digital asset holders are locking themselves, as well as the fraudsters, out of their digital wallets. Managing the increased risk of fraud while balancing customer convenience makes the balance of “friendly friction” much harder for cryptocurrency marketplaces to achieve – particularly when relying on traditional processes, like passwords.
Biometric technology as the new standard
With rising levels of fraud and the increasing shift to digital services, businesses need a better solution for the consistent problems that archaic passwords introduce.
Onboarding and identity verification services that leverage AI and facial biometric analysis offer digital currency and trading providers the high assurance they need that their customers are who they say they are, no matter where they are in the customer journey. At the same time, they offer a quick and easy way for users to verify their identity in an increasingly mobile-first world. Take, for example, Bitcoin marketplace LocalBitcoins, which enables its users to sign up with just a picture of their ID and a selfie, offering greater security than traditional passwords, as well as an improved user experience and account recoverability.
When dealing with digital assets and payments, trust is the key to unlocking new revenue – both for the marketplace and the customer. That’s why it’s time to move beyond traditional passwords that fall short for all parties by embracing the next iteration of security and identity protection.
Ed Ackerman currently serves as Director of Alliances and Partnerships at Onfido. He joined the company in 2016 as Head of Client Management and has been instrumental in driving the company's commercial strategy and revenue growth. Prior to Onfido, Ed led a high performing team as Head of UK Channel Partnerships at Google.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.