By Frank Tan, Commercial Director, APAC, Callsign
In a region of 4.6 billion people and with around half having mobile internet access, the adoption of behavioral biometrics in Asia is surprisingly low. Surprising, both because payments represent the lion’s share of online financial transactions and because there is intense competition from banks, insurers, online retailers, new entrants and others who all compete for a slice of income.
The smartphone is now the hub of communication, work, life and information for hundreds of millions of people across Asia. Yet the approach to verification, authentication and authorization remains dependent on outdated technologies to determine proof of identity.
Outdated approaches coupled with increasing use of smartphones have caused the level of online fraud to explode, with crooks using old technologies and various techniques to trick victims into disclosing sensitive information for illegal financial gain.
Take, for example, Hong Kong, where banks reported a 145% increase in phishing scams involving suspicious websites, mobile apps, text messages and emails in the first six months of 2021. The scams over the phone are a constant problem; Last January, an elderly Hong Kong resident was scammed to the tune of US $ 32 million in an identity theft case. Despite global attention, the following month an almost identical scam grossed another Hong Kong individual $ 2.5 million.
The scam in Asia
As an indication of the seriousness of the scam situation in the Asia region, according to Callsign’s own research, consumers receive an average of three scams per day, with a quarter saying they receive more messages from scammers than genuine messages from the scammer. family and friends.
Some countries are more prone to specific types of scams.
In Hong Kong, phone scams are common, while in Singapore there is an upsurge in vaccination scams. Consumers in the Philippines, Thailand and Indonesia are the most common victims of SIM swap and takeover fraud.
According to a study conducted by Callsign this year, 83% of those surveyed said they had received a scam or fraud message, with almost half (44%) claiming to be the victim of a scam. Supporting the theory that fraudsters use the same channels as businesses to communicate with legitimate account holders, most messages received are believed to originate from a bank, then retailers, delivery companies, and network operators. mobile.
The ripple effect of a low barrier of entry for criminals and the seemingly endless trail of victims has a continuing – and devastating – impact on brands. Almost a third of consumers who have been victims of fraud report that they have stopped using the business used by the fraudster to carry out the scam. Since most scams are underreported, it means brands suffer reputational loss and lose hard-earned trust.
Yet despite the scam, vendors continue to use 20th century thinking to tackle a 21st century problem, further eroding customer trust, damaging brands and allowing fraudsters to strike with almost impunity.
Scammers imitate legitimate platforms
The constant barrage of online fraud, cyber attacks, and the ease with which criminals can imitate legitimate platforms for financial gain prove that digital identity, and therefore digital trust, is being broken. This situation is exacerbated because banks, for example, expect their customers to continually navigate ever-increasing security procedures – sometimes due to compliance requirements – even though verification processes, techniques and technologies , authentication and authorization have been vulnerable for so long.
Over the past couple of years, there has been a pivot to facial recognition, but relying on a photo as the sole form of authentication is once again risky, open to fraud with scammers presenting fraudulent images and, if the equipment used is low-end, facial recognition technology can exclude a large part of the population.
What is needed is a 21st century solution to a 21st century problem.
Moving forward with biometrics
The solution dates back to 1961, when the password to access computer systems first appeared. All you had to do was enter a string of characters, confirmed by the computer, and the digital journey began. The user did not need to answer any security questions or provide sensitive personal information. The whole experience was simple and secure compared to today.
By layering behavioral biometrics into multifactorial solutions, digital journeys can begin again with the same level of ease as sixty years ago. As then, all that is needed to verify, authenticate and authorize is invisible to the consumer although the level of sophistication is 21st century.
Through the combination of inheritance-based attributes, in the form of typing dynamics like the way you type, in addition to traditional PINs and passwords, behavioral biometrics fade into the background. whether on a high and low end web or a mobile device.
The natural sweep of a phone screen is unique to the individual and any attempt to duplicate this easily fails, just like any potential con artist.
This “under the hood” solution eliminates friction in one fell swoop and, combined with threat detection for any malware or unusual behavior, excludes bad actors. By combining behavioral biometrics with artificial intelligence and machine learning, customers’ digital journeys are verified at key points along the way, meaning they are based on events rather than cookies.
Callsign’s behavioral biometric technology is focused on authenticating a consumer from the start of their digital journey. During this interaction, data is collected from a set of inputs, such as the pressure applied by the user when touching the screen, the speed at which their fingers move across the screen, their typing rate and the angle at which the device is held.
This is unique to the client and virtually impossible to crack. If an anomaly is detected, a security layer is added asking the customer if they want to complete the transaction or that a scam may be in progress, etc.
Behavioral insights are merged with other functionalities, including device binding, location analysis, and threat detection, to provide organizations with a strong, easy-to-use client authentication capability that is both secure and Compliant with legislation such as the European Payment Services Directive 2 (PSD2).
Changing the required authentication
A radical upheaval in the way authentication is carried out by public and private organizations is required that does not rely on the requirement to host sensitive customer information. There is a firm belief that the introduction of behavioral biometrics to verify, authenticate and authorize online travel will lead to a dramatic drop in fraud.
It’s hard to imagine the scam getting worse today. Even though there is a noticeable delay in behavioral biometric infiltration in Asia, there are some positive signs that this is about to change.
In July 2021, the Merchant Risk Council (MRC) – a global community united in the fight against online fraud – formed the MRC Asia Pacific Advisory Board. Callsign as well as Razer, Microsoft, Google, Facebook, Netflix, Air Asia, Lazada, Gojek, Accerify, Payoneer, Adyen, 2C2P, Visa, Riskified and Ethoca (Mastercard) are all board members.
Of course, it would be wrong to put biometrics at the forefront to end the scam, but by taking a unified front involving consumers, sellers, governments and associations, there is a great opportunity to catapult biometrics into the world. leading edge in fraud prevention. .
About the Author
Frank Tan is Commercial Director, APAC at Callsign.
DISCLAIMER: Biometric Update Industry Information is submitted content. The opinions expressed in this article are those of the author and do not necessarily reflect those of Biometric Update.
Asia | authentication | behavioral biometrics | biometrics | Call sign | continuous authentication | digital identity | fraud prevention | identity verification