Sifted Talks

March 23, 2021

6 lessons on online privacy and digital authentication

Breaches are inevitable — but digital verification technology is catching up to fraudsters.

Tom Ritchie

4 min read

Digital fraud, from phishing to synthetic identity fraud, is increasing in frequency and sophistication. It’s more crucial than ever for startups to protect themselves using biometric identification, which uses AI and machine learning to analyse images — but just how good is verification tech, and where is it headed?

We asked this and more to our panel of privacy and security experts for the latest Sifted Talks, including: Stephen Ritter, CTO of digital identity verification and mobile deposit solutions business Mitek; Seun Oshinusi, head of financial crime prevention at Curve, a digital card and wallet app; and Dr Kate Coleman, CEO of iKey, a software provider that takes exploratory images of retinas for identification and health purposes. 

1. Digital verification is in a constant state of innovation

As new technologies are introduced and adopted, bad actors are quickly adapting their strategies to defraud or extort businesses and their customers. Startups need to constantly iterate for the latest security technology — like near-field communication (NFC) chips, that hold our biometric data in our smartphones — to keep their customers’ data safe. 

As the technology advances, so too do the fraudsters. As we get smarter, so do they. They’re constantly looking at how to intercept the systems that we have… We try to stay in front of them.” — Seun Oshinusi, Curve 

2. Startups need to choose a biometric that’s right for their product

The key to successfully implementing authentication is ensuring that it marries well with your product and userbase’s needs. Ritter suggests using a range of different biometric authentication points — like facial, iris or voice recognition — that mirror your onboarding process, to reduce UX friction and keep your customer in the process. 

It’s important to pick the right biometric at that moment in time, otherwise there’s too much friction and it’s not going to feel natural.” — Stephen Ritter, Mitek

3. Current tech is capable of even greater security

Our panellists all agreed that the infrastructure required for greater biometric identification is already largely in place. For example, Dr Coleman suggests retina authentication is already possible with current smartphone tech. While there is little demand for this tech at the moment, the constant threat of cyberattack and the spread of mimicking software such as deep fakes will create a need for more sophisticated authentication in the next few years. 

The average phone is 125 times more powerful than the rocket we sent to the moon. The technology is there, it’s just that people haven’t asked for it yet.” — Dr Kate Coleman, iKey
Photo credit: Dr Andrew Garthwaite
Photo credit: Dr Andrew Garthwaite

4. Data privacy is even more urgent when it comes to biometric data

Data regulation is an urgent issue, and customers are increasingly savvy and critical of who they give their personal information to. Ritter says privacy is even more critical when concerning biometric data, such as the images captured via digital verification technology, because a password can be easily changed — your face cannot. He believes businesses must go beyond the requirements of legislation to ensure that customers know exactly what biometric data they’re capturing from them, and how they’re storing it securely.

The consumer needs to be really well informed. They need to know ‘hey, during this onboarding process, we’re going to be capturing and storing your face’... and they have an opportunity at that point to agree or not agree. We need to get away from a big end user licence agreement that doesn’t create trust with your consumer.” — Stephen Ritter, Mitek 

5. Occasional breaches are inevitable

Technology cannot always track suspicious activity or stop individual breaches. Ritter suggests that even through facial recognition technology and machine learning, predicting and prohibiting 100% of biometric fraud is still years away, and humans are still needed. It takes security experts poring over data to analyse breaches, discover the unwanted activity and make sure a similar attack doesn’t get through again.  

In some cases, you don’t know until it happens. Once you get something like a deep fake attack, then you can take a look at that, see the characteristics, the kind of activity displayed. Are we seeing that in our other customers’ behaviour? Let’s sample that, and see if we haven’t previously picked it up.” — Seun Oshinusi, Curve

6. Biometric identification’s next frontier is health

With facial recognition now widespread as a layer of security, what’s the next frontier for biometric identification? Dr Coleman suggested that not only will retina scans provide an even deeper level of authentication — even identical twins don’t have the same retinal nerve pattern — but the technology could also provide an opportunity for people to better understand the health of their eyes, reducing preventable blindness. 

We have a motive for everybody to want to have it. It’s the best biometric, they’ll use it all the time, they’ll have an image of their retina on their phone, and it will help end preventable blindness.” — Dr Kate Coleman, iKey

You can also watch our full Sifted Talk on digital identification here: