The rapid growth of ecommerce and online payments in the wake of the pandemic, the broader expansion of fintech, an increase in mobile services and the rise of cryptocurrencies are all driving demand for a new type of crime-fighter: the digital gatekeeper.
Services such as identity verification, know your customer (KYC) and anti-money laundering (AML) have all migrated online with much of the financial sector and economy. Online verification is an associated area of growth that sees traditional passwords rapidly becoming obsolete, replaced by biometric and other “possession-based” authentication tech — or items that the user has with them, like a security token or a mobile phone.
“As more financial activity moves online, companies need better ways to confirm the identities of their customers quickly and effectively without impacting the user experience,” says Alain Meier, head of identity at open banking fintech Plaid. “Fraud techniques change rapidly and require smarter tools that can adapt quickly and be tailored to the specific use cases and risk profiles of each company.”
Fraud is big business
Increasingly popular fraud types include ghost fraud, where claims are made on behalf of deceased individuals; new account fraud, using fake or stolen identities; and synthetic identity fraud, where criminals combine real, fake and stolen information to create an individual profile of a non-existent person. Increasingly sophisticated “deepfake” technology is also raising risks across the board.
Companies need better ways to confirm the identities of their customers quickly and effectively without impacting the user experience
“Because much of our credit system is based on trust, it leaves people and institutions vulnerable to fraud,” says Meier. “For example, some bad actors build up a healthy credit history over years, only to later defraud lenders, also known as ‘busting out’. It’s not easy to track because there isn’t always an individual victim.”
In the UK in the first half of 2021 alone, criminals made off with some £750m, an increase of 30% over the first half of 2020, according to industry body UK Finance. The organisation estimates that advanced security systems used by banks prevented a further £736m from being taken — suggesting that while these systems can be effective, they are far from flawless.
The leading cause of fraud was unauthorised payment card use, which caused losses of some £260m. Globally, card fraud is also on the increase: the Nilson Report, a publication focusing on the global card and mobile payment industry, estimates that the amount stolen will rise from $28.6bn in 2020 to $49.3bn in 2030.
But due to improvements in security technology, Nilson says the proportion of total transaction value affected by fraud fell from 7.2% to 6.8% in 2020, and will fall further to 6.23% in 2030.
From banks to bitcoin, get all the gossip and analysis in your inbox.
As Barley Laing, UK managing director of Melissa, an identity verification and data quality business, notes, electronic identity verification, or eIDV, checks are now more widely available. With eIDV, real-time cross-checks are run on purchase processes, preventing fraud before it can take place.
The pandemic has made biometrics and other online services that can detect possible fraudsters a must-have
“The pandemic has made biometrics and other online services that can detect possible fraudsters a must-have,” says Laing.
But, added Plaid’s Meier, “Biometrics alone aren’t enough. Unlike other authentication methods, you can’t revoke your fingerprint or face if the data is ever leaked. You have to supplement biometrics with digital identifiers to mitigate the risk of so-called ‘replay attacks’.”
Manning the digital gates
In the past decade, and particularly the past two years, developments in digital gatekeeping, or tech that verifies user identity, have often been driven by startups, rather than payment incumbents, banks or security companies.
“Startups are really leading the way here,” says Plaid’s Meier. “We’re able to move quickly and respond to new and emerging fraud vectors faster than legacy solutions. And, crucially, we can do this without a human in the loop, which is a huge win for both financial institutions and their customers. We can verify someone’s identity and screen them against government watchlists in less than a minute around the world.
People are not going into their local bank branch to open an account anymore
"Perhaps most importantly, all of this is done via a drop-in solution that stays up-to-date automatically, so businesses can rest assured they are protected against the latest threats as they are uncovered, effortlessly."
Even with pandemic lockdowns tapering down in most countries, the shift to online and contactless payments looks set to continue. "People are not going into their local bank branch to open an account anymore," Meier says. "The market for verification, in turn, is seeing sustained growth: IDnow reports a 100% increase in the number of identification requests this year."
The crypto industry has seen its fair share of fraud in its short life and is therefore embracing identity verification tech to help thwart fraudsters (and to comply with anti-money laundering requirements).
However, there is room for improvement. Research by CipherTrace, a cryptocurrency and blockchain intelligence company, suggested that two thirds of the top 120 cryptocurrency exchanges had weak know-your-customer rules — the set of standards for financial services to verify their customers’ identity — leaving them vulnerable to money laundering, use by terrorists, theft and scams.
The emergence of other so-called Web3 technologies such as non-fungible tokens (NFTs) has also highlighted the need for identity verification. Without verifying the identity of people using their platforms, NFT marketplaces may inadvertently allow price manipulation, money laundering or other illicit activity. This type of behaviour is already banned on cryptocurrency trading platforms that have to comply with anti-money laundering laws.
Modern authentication methods could also bring benefits to crypto users, says Andrew Shikiar, executive director and CMO at FIDO Alliance, an industry group dedicated to developing and promoting authentication standards (and eliminating passwords). He notes the rise in stories of investors forgetting or losing passwords and thus losing access to millions of dollars worth of crypto assets (like the guy who accidentally buried the key to his half a billion in bitcoin in a dump).
Lawmakers will inevitably force crypto down a path of greater accountability, industry watchers say.
According to Aarti Samani, SVP of product and marketing at biometric authentication operator iProov, “Traditional financial institutions devote significant resources to KYC and AML compliance. Cryptocurrency exchanges should, and likely will soon be forced, to follow suit,” she says.
For a deep dive on crypto, payments and new ID verification tools, check out Sifted’s Fintech unwrapped 3.0 report, sponsored by Plaid.