The digital world has been a saving grace for many industries since the start of the pandemic. Remote working, distance learning, online shopping, virtual GP appointments, and even digital court hearings have all enabled us to continue to function as a society – albeit with a few changes here and there.
This transition has not been without occasional calamity. The recent mishap of a ‘cat’ passing ‘judgement’ via a video call – when a judge attempted to use his assistant’s computer during a virtual hearing – is just one example. On the surface, the accidental use of the cat filter was innocent enough. However, this should actually make us question whether our digital interactions are as secure as they seem.
Do video calls, deemed to be fairly secure so far, harbour a potential, unquantified threat? How would this threat, if left unmasked, impact our ability to work, borrow and buy securely?
Hidden in plain sight
This isolated incident, ‘catcalling’ if you will, should not be dismissed as a one-off. In fact, during the first nine months of the pandemic, a quarter of Brits and 23% of Americans compromised their security at home, sharing their work passwords with their flatmate, partner, or family member amid increased home-schooling, remote working, and socialising.
According to research by SailPoint, our lockdown cyber hygiene has slipped – which isn’t making the already high risk of fraud any easier to manage. We trust our eyes the most, which means videos in particular can create a false sense of security.
With our social interactions mostly reduced to messages and video calls, what does this mean for retail banks, approving more mortgages, loans and new customers online than ever before? Or corporate banks, where video calls are now the mainstay of relationship managers and corporations large and small? With billions in hard-earned cash on the table, could video calls be the biggest fraud risk yet?
They just might be. Banks and fintechs have already started establishing partnerships to squash the use of spoofed videos – found to be a new favourite trick of fraudsters a few months into the pandemic – as ‘deepfake’ crimes continue to be the biggest consumer worry. It’s not without reason. Deepfakes and synthetic identities are likely to open the door for the next wave of identity fraud.
Frankenstein fraud in financial services
While fraud rises, businesses can’t stay still when it comes to security. With digital, including video calls, we often rely on the safety of the channel we use, such as end-to-end encryption, but not how our identity is used there.
‘Frankenstein fraud’, or synthetic identity fraud, is changing that. We are seeing fraudsters gaining access to ever-more sophisticated technologies to create not just false ID images and video feeds, but fake data records that back up that false identity.
Pixelated portrait of a man illustrating digital identity.
Deepfakes posing as real famous people spotted on videos, including Elon Musk and Tom Cruise, are quite hard to tell from their real counterparts. What’s the probability then of spotting a spoof when a brand new customer is trying to sign up to a new banking service? It certainly is a big threat for fintech companies, banks and e-commerce giants alike.
This means our identity verification technologies must take a risk-based, zero trust approach. The reality is that the identity risk profile of a person can change, and probably will over their lifetime – for example if they become a victim of identity fraud. Our technology must stay flexible to enable a change in parameters if the situation develops, protecting consumers from the risks of identity fraud, stopping it in its tracks.
To keep real people protected, we have to perfect our “computer vision” and train digital identity verification algorithms on a variety of diverse profiles, lighting, and proximities. The technology of today and tomorrow must be able to tell a mask, deepfake photo or video from a real person – and avoid disabling people’s access to vital financial products or services at the same time.
Push and pull
That said, we don’t like to jump through hoops to get what we want or need in the moment. Experience is king, meaning onboarding customers is often a game of push and pull, convenience versus security, speed versus catching more fraud.
But remember this: every time an app – whether for a bank, payment provider, or retailer – asks you to move closer to the camera or step back, change the frame or lighting of your face, it is not doing it to make the process more difficult. This is technology doing its best to protect us from identity fraud.
The digital age has its conveniences, but also its drawbacks. What we see may not be what it seems: not every Frankenstein face will look strange or unrealistic, and not every human face will pass the test first time round. The occasional cat filter, therefore, may be one of the most innocent human representations yet. Or it could be a sinister warning sign of fraud to come.
I head Mitek’s business in EMEA. During my 20-year career, I have worked for global technology companies such as IBM and Verizon. In this time, I have seen the worlds of