In today’s volatile digital climate, the security of workers’ and customers’ data and information, as well as the finances and intellectual property of organizations themselves, continues to be questioned. Data sits at the very heart of the world’s largest companies, and despite a heightened awareness of cyber-security best practices, attacks are on the rise.
According to a recent Deloitte Center for Controllership Poll, between 2022 and 2023, 34.5% of executives witnessed cyber-attacks targeting their organizations’ accounting and financial data. Meanwhile, 62% of consumers across North America, Latin America, and Europe believe that breaches are an inevitable part of online transactions. Furthermore, Forbes revealed that there were more than 1 billion malware programs circulating in 2023.
This known risk, which continues to grow with the increase of remote working and immature infrastructures, has employees and consumers on high alert, with many expressing concern as to whether their data is ever truly safe.
High-profile data breaches are on the rise
Statista research estimates the total transaction value in the global digital payments market at $9 trillion in 2023, with an expected annual growth rate of 11.8%, reaching $15 trillion in the next five years.
With high-profile data breaches continuing to dominate the news, it is essential to rebuild consumer trust in digital products and offer effective solutions. Over the past year in North America, several well-known entities experienced breaches. American Airlines, for instance, suffered a breach exposing pilots’ personal information when their centralized recruitment database was compromised. Similarly, UPS Canada had to notify its customers that personal information had been inadvertently uncovered by another user who misused a package lookup tool.
Notable companies such as Twitter (now known as ‘X’), the food and drink giant Mondelez and the owner of KFC and Pizza Hut, Yum! Brands, have also made headlines. The social media giant X faced a significant breach, with email addresses of 200 million users being sold on the dark web. This incident followed an initial leak that occurred a year prior.
Meanwhile, in Europe, the Police Service of Northern Ireland experienced a “monumental data breach” in August, caused by a manual error in response to a Freedom of Information request. Regulatory changes in the UK in recent years have seen both the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) amend their rules for organizations, to combat this level of cybercrime or unintentional data leak. This includes being more cooperative and transparent with regulators, taking responsibility for updating systems and controls, and being both quicker and more comprehensive with details of any security incidents. These rule amendments are a direct response to calls for a degree of digital transformation, and to potentially replace existing systems that should be protecting customers, employees, and their data. Similar cybersecurity regulations in Europe through NIS2 and DORA1 are aimed at reinforcing operational resilience and resistance to cyberthreats. With this in mind, organizations are considering new solutions to achieve an enhanced level of protection and control, in a decentralized way.
Enhancing protection with biometrics
Until now, the response from organizations to pressure from regulators, and from the general public, has been to weave cybersecurity more prominently into digital transformation efforts. Organizations have looked to develop a zero-trust architecture, which presumes all access attempts are illegal until authenticated. In this respect, two-factor authentication has also been made compulsory in many countries, adding a further layer of protection for consumers. Ongoing cloud migrations, while presenting a new potential attack surface in the future, have also been designed to better safeguard company data.
The potential of biometrics has also been explored as a primary way to ensure access to data and use of finances, is linked more directly and unequivocally to the right person. Already, the biometric sensor market, where access or use is enabled by personal identification markers such as fingerprints or facial recognition, is set to triple its 2020 value to $3.3 billion by 2030. Initiatives that support the increased growth of this sector include Mastercard’s Biometric Authentication Service, which streamlines biometric integration for businesses. This initiative addresses the challenges with passwords and multi-factor authentication and focuses on the use of biometrics to enhance security while simplifying and expediting digital experiences.
Biometrics’ influence on consumers is also beginning to grow. As many as 58% have stated that biometric payments through the use of biometric smartcards make transactions more secure, a rise from 48% a year previously. Rather than using a PIN or remembering a password as a mode of access for these payment transactions, the method links a person’s card solely to a person’s fingerprints, voice, or facial features. It is therefore impervious to misuse, bringing additional convenience.
Building consumer confidence
Beyond organizations introducing the technology behind closed doors to keep data safe, the interest in biometrics smartcards shows that consumers also want to see improved protection play out in their physical transactions and finance management. This paradigm shift reflects not only a desire for heightened protection but also an acknowledgement of the limitations of traditional authentication methods. Attributing access to a fingerprint or facial recognition affirms to that person, in that moment, that their credentials are unique, and therefore that the data inside is safe. Encryption of fingerprint data within the card itself further ensures complete confidence in the solution. The encryption of personal identity data only strengthens this defense, ensuring that sensitive information remains inaccessible to unauthorized parties. These smartcards effectively mitigate the vulnerabilities associated with centralized databases.
Biometric smart cards also change the dynamic of data storage. Rather than housing biometric credentials in centralized databases, where targets are also gathered in one location; smartcards sidestep that risk.
As a solution to reclaim consumer confidence, biometric smart cards therefore tick all boxes: ultimate security, off-cloud, via the complete encryption of personal identity credentials that would manage both physical and logical access and keep finances as well as personal privacy safe. The off-cloud nature of biometric smart cards particularly offers a compelling advantage in an era marked by growing concerns over data privacy and security breaches. Unlike conventional cloud-based storage systems, which are susceptible to hacking and data breaches, smart cards provide a localized, tamper-resistant environment for storing critical biometric data.
This amalgamation of cutting-edge technology and robust security measures not only enhances consumer confidence but also sets a new standard for authentication in the digital age. By offering a comprehensive solution for both physical and logical access control, biometric smart cards empower individuals to safeguard their financial assets and personal privacy with unprecedented efficiency and peace of mind.
A secure cyber future
Given the extent of migrations that have occurred in recent years, the cloud is already being earmarked as the next frontier for cyber-attackers by legislators and innovators within big tech. Fortunately, this is an area in which biometric smartcards can have a real impact. According to Apple’s recent “The Rising Threat to Consumer Data in the Cloud” report, biometric authentication is positioned as an “incredibly valuable” mode of “passwordless sign-in” that will protect both consumers and employees even in a cloud-centric business climate.
Those organizations contributing to the conversation on data security will be doing so to strengthen their levels of security as part of an ongoing transformation – one that seeks to build consumer trust.
By Vince Graziani, IDEX Biometrics
1 NIS2 (Network and Information Systems Directive; DORA (Digital Operational Resilience Act)
