Why Digital Identity Needs a Makeover - NCSAM 2019

Oct. 3, 2019 | by BioCatch

Biocatch_NCSAM_1-1

October 2019 marks the 16th annual National Cybersecurity Awareness Month (NCSAM). If anything is clear, it’s this: the internet is becoming an increasingly dangerous place, even as the world becomes more interconnected. 

Cybercrime and identity theft continue unabated, fueled by countless data breaches that have made personally identifiable information (PII) a cheap commodity. The first half of 2019 saw more than 3,800 breaches, which exposed 4.1 billion records and compromised consumers’ personal and financial information. Last month alone brought several reports of leaks and data theft that leave us all vulnerable to attack:

With our personal information already compromised, is there a way to make the internet a safe place for all? When everything from our morning cup of joe to the security of our nation relies on it, the answer is that we must find a way. We need a new standard for defining digital identity that can separate the fraudsters from legitimate users.

Why Stronger Digital Identity Solutions Can’t Wait

The theme of this year’s National Cyber Security Awareness Month is “Own IT. Secure IT. Protect IT.” For businesses in particular, “Protect IT” is the key. Keeping online interactions secure requires finding ways to defend any user data you collect and safeguarding the user journey from end-to-end.

Digital identity links a physical person or a physical identity to their online activity. Most often, this is accomplished through gathering static, personal information, like date of birth, social security number, phone number, or physical address. Authentication also can be based on verifying a user’s device, like a cell phone, laptop or desktop.

But because of data breaches like the ones listed above, authentication using these approaches isn’t working. Cybercriminals have the information they need to circumvent login controls and to create synthetic identities used for new account fraud. Fraudsters also harvest data through social engineering and malware attacks, allowing them to bypass device ID and engage in account takeover fraud.

To make the internet a safe place for all, we need to develop a new standard for how identity is defined. Until then, everything from our financial transactions to healthcare records, insurance policies, personal communications and more are at risk.

Restoring Trust and Safety Online

At BioCatch, we believe analyzing human-device interactions is the best way forward for protecting users and their data. We don’t rely on static parameters for authentication. Instead, we focus on the unique ways individual users — including cybercriminals — behave to separate out fraudulent account openings, transactions and sessions from those initiated by a legitimate person. 

And it works. Powerful behavioral insights, such as how a person taps, types or swipes on their mobile device, are allowing leading financial institutions to fight back against new account fraud, as one example. Even tricky social engineering schemes, like vishing, can be detected by the technology, as recently reported in The Wall Street Journal.

We need to be confident that someone is who they claim to be online. BioCatch’s breakthrough behavioral biometrics technology is making that possible, using identifying behavioral patterns that can’t be replicated or stolen to set a new standard for how identity is defined.

“Safeguarding the internet is a responsibility we all share,” says Kelvin Coleman, executive director of the National Cyber Security Alliance. “As cyberattacks are evolving and becoming more common, NCSAM is a great opportunity for businesses to enhance and share their commitment to cybersecurity with their employees and customers.”

We’re glad to take part in NCSAM 2019 and speak up about steps we all can take to build trusted online services that keep the cybercriminals at bay.

Learn more about BioCatch’s approach to managing digital identity based on behavior rather than static identity factors.

Topics: Cybersecurity