Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 1 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Why banks need consumers to detect imposters

by The Gurus
November 8, 2016
in This Week's Gurus
Banking security
Share on FacebookShare on Twitter

In the first half of 2016 alone, there were more than one million incidents of financial fraud, an increase of 53 per cent on the same period last year; with identity fraud against individuals costing an estimated five billion pounds last year.
Identity fraud occurs when an imposter pretends to be someone else. To prevent this, banks ask customers for passwords, but judging from the fraud figures, this isn’t working and things are getting worse. The reason is simple: data cannot differentiate. A password provided by the true customer is exactly the same when that same password is provided by an impostor.
Banks need to reconsider the security practices they put in place so as to allow consumers to tackle this fraud. Rather than continuing to impose a practice that everyone acknowledges is fundamentally flawed, banks need to reach out to consumers for help. 
Why banks are not doing enough 
Over the past ten years or so, the response to the rise in identity fraud has exemplified Einstein’s definition of insanity: keep doing the same thing, just more of it. Passwords had to be longer, then they had to contain numbers, then with upper and lower case letters, and symbols. Along the way we had to provide random characters from a ‘memorable’ word, and ‘secret’ answers to an array of personal questions.
To be fair, banks are not alone in persisting with this broken method. They inherit an information technology practice that has persisted for fifty years. Passwords were first used in a system called CTSS developed at MIT in 1961, and we’ve barely moved ever since.
Attempts to try something different have involved the introduction of card readers, dongles and using your phone to send you a PIN. This so-called two factor authentication (2FA) is intended to make it harder for those secrets to fall into the hands of impostors. The problem is that ultimately it’s still just data, to which the golden rule applies: if you can know it, a fraudster can know it too.
Although 2FA represents an improvement, it is not widely adopted. This has been highlighted in the last month, with five of the UK’s biggest banks scoring poorly in security tests and failing to invest in systems to better protect their customers. This is not without reason: apart from the weakness inherent in using data to distinguish between customers and impostors, these methods are costly and require customers to perform awkward tasks, such as fiddling with card readers and copying PINs from one device into another.
I believe banks have been trying to solve the problem, but in the wrong way. Attempts to fix it to date have made a bad situation worse. Consumers are unwilling or unable to remember long and complex passwords and instead choose to use the same password for everything, or write it down. Consumers are also warned not to put information on social networks, such as their date of birth, where they were born, went to school… But why shouldn’t they? The real question is this: Why is any bank using personal information as a guarantor of personal identity? The current system has always been destined to fail.
Banks can help not hinder
To increase identity protection, detect imposters and make consumers lives easier, banks need to disrupt the security industry, turn it on its head and drive change towards a better system. To do this, they need to consider the origins of identity itself.
People already have an excellent identity system that has been refined over thousands of years of human evolution. The ability to tell friend from foe has been a matter of survival. When someone comes in your house and you see your partner, you know it’s them. You don’t need them to wear a badge or give a password. It is all based on visual identity – our inbuilt facial recognition software, if you will.
Remarkably, information technology has overlooked this natural capability. By capitalising on visual identity, banks can help transform the practices around online identity and leave our broken system behind. A few years ago it would have been impossible to do online identity visually. However, with almost every consumer having a digital camera connected to the internet in the form of a mobile, now is the perfect moment to put this practice into place.
People know people
This means that a person requesting access can present themselves to the camera on their mobile, so allowing natural, real-world identity to be brought into play. Verifying identity becomes a social activity – as it always has been. If the account holder shows up they will be recognised, but if anyone else shows up, the imposter will be detected. This not only prevents fraud from occurring, it also catches the criminal in the act – a significant deterrent.
By relying on visual identity, banks can help people protect one another from fraud using the identity system they have been using for millennia – their eyes. The reality is that organisations don’t know people, people know people. When it comes to personal identity, the customer really does know best.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Synopsys to Expand Software Security Signoff Solution with Acquisition of Cigital and Codiscope

Next Post

Employees consistently flout security policies, say IT managers

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information