Why password protection might not be good enough to protect identities
By Robert Mungovan
This article first appeared on Digital Commerce 360.
Passwords are highly prone to fraud, with hackers increasingly able to access them. Fortunately, many new alternatives are available to ensure our digital identities and transactions remain safe.
Last May, four-year-old Noah Ruiz made national news by ordering 51 cases of SpongeBob popsicles from his mom’s Amazon Prime account. While the story ended with a happy conclusion, the situation was trying for the family. The purchased items were not returnable, and the retailer would not refund the $2,600 purchase price.
For Noah’s mother—a student with three children—this incident jeopardized her ability to pay her tuition. It also illustrated the ever-growing need to protect our online identities. As we head into the new year, it’s more important than ever to recognize the threat identity fraud poses for both consumers and companies and explore the alternatives available to combat this threat.
The problem with passwords
A primary reason for the global increase in identity theft is the “ordinary” password, included in most common authentication workflows in today’s digital economy. Unfortunately, passwords are highly prone to fraud, with hackers increasingly able to access them. The time to move on from the password is here. Fortunately, many new alternatives are available to ensure our digital identities and transactions remain safe.
While security is paramount when conducting business online, convenience and speed are also critical considerations. For example, consumers now expect webpages to load in one to two seconds or less, even on mobile devices. This built-in expectation of speed and convenience further illustrates how frustrating passwords can be, especially when you consider that up to 60% of consumers have exited online transactions due to password-related frustration. The fact is that consumers expect to conduct business online quickly and without friction and any successful authentication method would do well to address these critical trends.
Identity fraud is widespread, faces are unique
In 2020, the Federal Trade Commission (FTC) received nearly 1.4 million reports of identity fraud. That total almost doubled from just two years before. Out of all fraud reports, online shopping accounted for the second most common type of fraud, primarily driven by the overall increase in ecommerce during the COVID-19 pandemic.
Unlike passwords, biometric technologies use a person’s unique physical characteristics—face, voice, fingerprint, etc.—to authenticate a user more securely than any password. When used as part of a multi-factor authentication process, biometrics offer a highly secure way to ensure the rightful owner of an account is making the transaction. Since a person’s physical traits are not easily stolen, using them is an inherently more secure and reliable authentication method than passwords.
How biometrics could help
Because they work with existing mobile technology such as smartphones and don’t require additional or specialized hardware, biometrics can easily integrate them into several different authentication workflows to help drive down instances of identity and ecommerce fraud.
In this way, any time a consumer uses a password in an online transaction—whether making a purchase or simply accessing an account—it becomes an opportunity for improvement in both security and convenience. In addition, the use of biometrics removes a fraudster’s ability to steal access to consumer accounts while simultaneously eliminating the need for the user to remember a vast number of increasingly complex passwords (and many times inevitably having to reset them).
Retailers also can use biometrics as a standalone authentication method or a supplement to existing authentication processes. Ecommerce companies looking to address both the rising usage in online activity and fraud would do well to take a closer look at new authentication techniques to score major points with consumers while protecting their business operations.
Aware Inc. is a biometrics software and services company.
Robert M. Mungovan has over 20 years of experience with Aware. Prior to his current role as Chief Commercial Officer, Mr. Mungovan served as Aware’s Vice President of Biometrics and as the Sales and Marketing Manager of Biometrics and Imaging. Before joining Aware Mr. Mungovan held positions in several small companies whose focus was digital imaging and machine vision. His passion of working with customers led him on a gradual path from engineering to sales.
Mr. Mungovan’s first responsibility at Aware was to sell and market an Aware-developed technology for fingerprint image processing. From that initial responsibility he has played an instrumental role in the establishment of Aware as a premier standalone American biometric product company. Mr. Mungovan received his Master’s degree in Business Administration from Boston College, his Master’s degree in Engineering from Worcester Polytechnic Institute, and his Bachelors’ degree in Physics from Boston College.
ARTICLE | 4 minute read
The holy grail of ID safety & convenience? It's all in the timing