It seems like every week we are faced with news of another critical data breach at a major service provider or retailer. The number and scope of these breaches is shocking. New reports say it is likely personal info from T-Mobile US stolen last month from the servers of credit bureau Experian is already showing up for sale on the Dark Web.
As we increasingly shop, work and play online, people are rightfully asking: Are businesses really doing all they can to protect our money and safeguard our personal information? In fact, because of rising fraud, most of the world's merchants are now using the new Europay, Mastercard, and Visa (EMV) standards, which obligate retailers to replace magnetic-stripe credit card systems with those that read chip-and-pin cards.
Unlike magnetic stripe technology, a chip is extremely tough to crack and card authentication and PIN verification can be performed automatically and objectively. Each transaction even carries a unique “digital stamp”, which prevents data from being reused if it is stolen from the database of the business.
These and other measures resulted in a steady migration of fraudsters to the online world, where there is a perception that authentication standards are weaker, a trend that is going to continue. Ron Atzmon, Managing Director of AU10TIX, thinks more must be done. The widely recognized firm provides advanced back-end authentication for major money movers like PayPal, TransferWise, Google and Payoneer.
He says weak authentication in the online world is definitely responsible for a rash of recent data breaches and identity thefts. In fact, identity theft has been the top complaint to the U.S. Federal Trade Commission for years. Much of that theft could have been avoided if an extra layer of authentication, such as being asked to provide additional ID for online purchases, had been utilized. Nowadays, even online, customers are increasingly being asked to provide additional ID even for services like PayPal or Amazon.
“The common practice of relying on data alone to authenticate customer identity is risky and problematic, so be warned,” says Atzmon. “The problem is that when that data is compromised, fraudsters are armed with legitimate records that will check perfectly at the next verification. It’s the ease of it that motivates so much fraud.”
The move to digital also brought about a first-generation of technological solutions, like Jumio, which tries to read a document using Machine Readable Zone (MRZ) lines and barcodes, and run some security checks to ensure data has not been altered.
Atzmon thinks that what exists is still not enough. Documents must be analyzed at multiple levels: data can be extracted from the document (without being dependent on the barcode) and checked; and the document can be forensically analyzed along critical points for signs that suggest manipulation.
More importantly, all of this must be done without undermining a positive customer experience. AU10TIX actually uses a simple, keyboard-free system that requires no customer input other than having to submit an ID image, which means online merchants can authenticate documents like passports, identity cards, and driving licenses, in just a few seconds.
“Multi-factor identity authentication is the inevitable best practice, and advanced ID document authentication technology is the logical choice for raising the barrier far beyond the reach of most fraudsters,” says Atzmon. “Businesses know that. Fraudsters know that. And regulators know that, too.”