Identity theft is increasing with each passing year. In fact, with the sudden increase in remote work, sophisticated identity theft tactics seem to improve on a near-constant basis. IBM noted that the rise in remote work increased data breach costs by $137,000 in the United States.
One of the most recent developments to fight identity fraud is called "liveness," or "facial biometrics identification." It utilizes a much higher degree of sophistication during identity verification processes to combat fraudsters.
However, liveness detection is not infallible. There are varying levels of security, and not all facial biometrics software protects against more cunning tricks.
Fortunately, the most common modes of scamming have been identified. This means that companies can take note of these insights on how tricksters bypass liveness checks and decide for themselves which identity fraud protections are best.
The Real Cost of Data Breaches and Identity Theft
Despite our knowledge, tactics like deepfakes and phishing scams are still hitting businesses hard. According to a global average calculated by IBM, data breaches cost companies about $3.86 million per instance.
Recently, one U.S. company lost roughly $10 million to an audio deepfake of their CEO requesting a fund transfer. Mega breaches of up to 10 million records can cost as much as $50 million.
Other reports show that identity fraud is a widespread problem. Proofpoint found that 88 percent of businesses worldwide experienced spear-phishing attempts in 2019, and these numbers keep growing. Phishing, ransomware, and malware are costing corporations more than ever.
SafeAtLast noted that a single ransomware attack often costs $133,000 on average, and CSO Online estimates that $17,700 is lost every minute from phishing attacks.
These numbers are even more startling when combined with the statistics that show 56 percent of Americans have no idea how to handle a data breach, and 64 percent of companies leave thousands of sensitive files accessible to every employee.
Identity fraud is a costly mistake, so let's look at the two most common ways fraudsters attempt to circumvent verification software: spoofing and bypassing.
1. Spoofing
Spoofing can be done in several increasingly complex ways. It can be as simple as using glasses with black dots to trick Apple's Face ID or as advanced as creating hyper-realistic deepfakes.
On the more basic end of the spectrum, scammers can use photos, masks, and prerecorded videos to trick security systems. For example, 2D images were enough to fool the Samsung Galaxy S10 facial recognition system, and prerecorded videos have been used to fool security verification software for USAA Bank.
Some of the more advanced tactics include life-size mannequins, lifelike prosthetics, and molded masks. If the biometrics software doesn't scan for parameters like skin texture, blood flow, and micro-movements of facial muscles, these methods can fool liveness detection.
The most challenging tactic to combat is sophisticated deepfake technology. Because decent deepfake generators can be found for free online, fraudsters can easily take advantage of the software to create convincing audio and video spoofs.
2. Bypassing
Bypassing liveness checks involves hacking the existing biometrics system to swap in or edit biometric data.
In general, liveness detection systems are vulnerable in three places:
- The device used for liveness checks
- The server that checks biometric data
- The Internet connection used to reach the server
Since the beginning of the global pandemic, the FBI reports a 300 percent increase in cybercrimes. Nearly 20 percent of these crimes come from remote workers unwittingly causing security breaches, and it's these types of vulnerabilities that make bypassing a viable method for fraudsters.
How to Stay Protected With Cybersecurity Professionals in Short Supply
From 2013 to 2021, there has been a 350 percent increase in available cybersecurity positions. However, 61 percent of companies feel that their cybersecurity applicants aren't qualified enough, and 40 percent of IT leaders say cybersecurity jobs are the most difficult to fill.
With this supply and demand gap, it's difficult for businesses to feel like their data is secure. Because of this, it's crucial for organizations to educate themselves on how to select the most secure identity verification solutions.
The first qualification is to find out if it protects against both spoofing and bypassing. The best way to do this is to put it through a few simple tests. This will show if it can detect the difference between a live person and artificial things such as photos, masks, and screens.
In my company's research, we've noted that the most secure solutions should analyze parameters such as:
- Eye reflection
- Skin texture
- Image depth
- Capillary blood flow
You can test for these attributes by attempting to pass verification with closed eyes, a static image, or various face-spoofing props.
The second qualification is to understand how the solution encrypts sensitive data. A truly secure software will be able to withstand common attacks like replay and man-in-the-middle ploys. Don't be afraid to ask as many clarifying questions as needed, and be sure to ask for a thorough demonstration.
Fight Back Against Fraud With the Power of Information
Total security 100 percent of the time is not yet feasible in today's world. Hackers and fraudsters work tirelessly to find ways around security technologies. Fortunately, security companies work just as hard to come up with better, more advanced solutions.
Facial biometrics identification is an excellent tool in the fight against identity fraud. The best verification tools will employ sophisticated liveness checks that minimize the chances of spoofing and bypass tactics succeeding.
The good news about identity fraud is that anyone armed with the proper knowledge can implement best practices and security software solutions to keep sensitive data as secure as possible.