Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/10/2021
10:00 AM
Shai Cohen
Shai Cohen
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Digitally Transforming Trusted Transactions Through Biometrics, ML & AI

The pandemic has increased the appetite for e-commerce and contactless payments, and biometrics and artificial intelligence are playing a larger role in securing those transactions.

COVID-19 has accelerated the need for companies to digitally transform. The more mature a company's digital transformation, the greater its advantage at reaching consumers and offering smooth transactions.

The pandemic has also changed the way consumers transact. According to research from Statista, monthly e-commerce traffic increased globally from 16 billion e-commerce website visitors in January 2020 to 22 billion in June 2020.

Related Content:

Vulnerability Management Has a Data Problem

Special Report: How IT Security Organizations Are Attacking the Cybersecurity Problem

New From The Edge: Securing Super Bowl LV

Also due to COVID-19, consumers are less willing to exchange money or even touch unsanitary credit and debit card machines. According to PYMNTS.com's September 2020 "Small and Medium Business Reopening" report, more than 50% of US consumers were using contactless payments (payment transactions that require no physical contact between the consumer's payment device and a physical terminal) by July 2020. Also, contactless card options (such as mobile wallet or app payments) had become the go-to method for 30% of shoppers by that point.

Despite reports of business failings during the pandemic, digital transactions have been a business saver for companies during this crisis. COVID-19 has dramatically accelerated digital transformation, with 61% of 1,610 global executives surveyed by the Economist Intelligence Unit (EIU) for TransUnion noting that they have changed their digital transaction processes because of the pandemic.

But increased risk of fraud, identity theft, and cyber threats can accompany rapid digital transformation. Trust needs to be at the forefront of this wave for consumers using digital transactions, especially in a post-pandemic society. While 76% of consumers say that sharing data is a "necessary evil," 55% of businesses say their customers trust them more than they did two years ago, according to a PwC study. Technologies like biometrics and artificial intelligence (AI) will play an increasingly important role in creating trust, managing verification and authentication, and preventing fraud.

Biometrics to Dominate Payment Authentication
The EIU study found that that biometrics will become the dominant customer-authentication method for payments: "The survey shows optimism that evolving technological innovations like biometrics (fingerprint, facial, or voice recognition) could further reduce the trade-off between fraud, security, and [consumer experience], with 85% expecting biometrics to be used to authenticate the vast majority of payments in the next 10 years."

Biometrics eliminates one of the riskiest forms of authentication: the username/password combination. Although there are some risks involved with biometrics — identity thieves have figured out ways to steal a fingerprint — they continue to be safer than other forms of authentication. During digital transactions, they give customers peace of mind that their data is not at risk. In fact, a recent study by biometrics company Fingerprints found that 56% of consumers would prefer to use a biometric sensor on their payment card instead of a PIN, signaling market appetite for embedding biometric authentication solutions into the payment process.

AI and Machine Learning Boost Fraud-Detection Capability
Pattern recognition also plays a major role in fraud detection. Historical data shows patterns of how customers behave, what they are searching for, etc. But most companies don't have the resources to sift through historical data and follow pattern recognition to detect fraud in digital transactions.

That's the role of machine learning (ML), which is a form of AI. According to the TransUnion-sponsored EIU report, "AI has become an essential engine of digital transformation thanks to recent improvements in algorithmic performance, increased computer processing power, and a proliferation of real-world use cases, demonstrating its potential in diverse contexts and settings from insurance and banking to e-commerce."

Companies are using AI to detect behavior patterns, and this is where they are seeing the greatest benefits to decrease fraud and improve overall security in e-commerce transactions. In the EIU study, 43% of executives noted that improved fraud detection and security is the greatest benefit to using AI. This was the top selection by far, with smoother customer experience coming in second at 29%.

Optimism Despite Concerns
There are concerns surrounding AI. As the technology is still emerging and companies are just in the beginning stages of deploying and finding the right uses for it, they struggle to find engineers and IT specialists who are trained to manage AI systems. There are also questions about regulation of AI internationally and how it fits with privacy laws. While the technology will have positive impacts on the security of friction-free transactions, it is still only in its earliest stages of utilization.

The pandemic has challenged security efforts worldwide. The need to address security and "fraud-proof" digital transactions has never been greater. Although privacy and regulatory questions surround emerging technologies like AI, ML, and biometrics, most signs (and surveys) point to them helping improve authentication and trust in digital transactions.

Shai Cohen leads TransUnion's Global Fraud Solutions Group. Cohen has spent decades in the IT and cybersecurity industries leading business units and software engineering and product management teams. He joined TransUnion from RSA, where he was the general manager of its ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Maureen M.
100%
0%
Maureen M.,
User Rank: Apprentice
3/11/2021 | 3:32:48 PM
Biometric Security
Biometrics are only secure if a photo ID is triangulated several ways to reach the highest Identity Assurance Level of IAL3.

Step 1: Both the user's passport and driver's license are used to validate the user's name, date of birth and ensure that photos on both documents are a match. Once validated, an IAL1 score is reached. However, this is not satisfactory enough to make sure that this user actually is who he says he is. Thus, an individual may have stolen both documents and is now attempting to enroll under the name mentioned on the passport and driver's license.

Step 2: The State Department and AAMVA databases (two sources of truth) are queried to check whether either document is valid, lost or stolen. Once validated, a NIST IAL2 score is attained.

Step 3: Do not rest assured that all is in order until you can certify a user has reached an IAL3 score. To that effect, leverage extra sources of truth such as the biometrics chip on the user's passport and a liveness test. The latter consist of the user following a prompt on his mobile application to first blink and then smile. Once validated, the user has reached the highest identity assurance level per the NIST guidelines of IAL3.
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: The newest Alienware laptop practically runs itself!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22540
PUBLISHED: 2021-04-22
Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags.
CVE-2021-27736
PUBLISHED: 2021-04-22
FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.
CVE-2021-3287
PUBLISHED: 2021-04-22
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
CVE-2021-31547
PUBLISHED: 2021-04-22
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.
CVE-2021-31548
PUBLISHED: 2021-04-22
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed.