2020 Market Guide for Identity Proofing and Affirmation
Get the Guide
X
Skip to content
X
jumio-black-logo jumio-black-logo
search jumio
  • Home
  • Solutions
    • Platform
    • Products
    • Use Cases
    • Industries
    • Features
    • Compliance
  • Technology
    • Informed AI
    • OCR
    • Certified Liveness Detection
    • Face-Based Biometrics
  • About
    • Company
    • News
    • Partners
    • Careers
    • COVID Relief
  • Resources
    • Library
    • Trusted Identity Blog
    • Technical Blog
    • Webinars
    • TCO Calculator
  • Contact
    • Support
    • Sales
    • More
  • English
    • English
    • Spanish (Español)
    • Portuguese (Português)
    • French (Français)
  • s
  • Request Sales Info
  • Request a Demo
Back to Trusted Identity Blog

Enterprises Step Up Identity Verification to Combat Rising Account Takeover, Identity Fraud and Credential Stuffing Attacks in 2021

By Robert Prigge | December 22, 2020

As business remains online with the pandemic continuing into the new year, it is more important than ever for enterprises to know their users are who they claim to be and not someone logging in with stolen information. And with traditional authentication methods, such as verifying user identity against a database or using passwords or security questions, there’s truly no way to know for sure. In 2021, we’ll see enterprises make the shift to stronger forms of identity verification to protect consumer data as fraudsters advance their techniques.

Below are a few of our predictions for 2021.

Addressing bias in AI algorithms will be a top priority causing guidelines to be rolled out for machine learning support of ethnicity for facial recognition.

Enterprises are becoming increasingly concerned about demographic bias in AI algorithms (race, age, gender) and its effect on their brand and potential to raise legal issues. Evaluating how vendors address demographic bias will become a top priority when selecting identity proofing solutions in 2021.

According to Gartner, more than 95% of RFPs for document-centric identity proofing (comparing a government-issued ID to a selfie) will contain clear requirements regarding minimizing demographic bias by 2022, an increase from fewer than 15% today. Organizations will increasingly need to have clear answers to organizations who want to know how a vendor’s AI “black box” was built, where the data originated from and how representative the training data is to the broader population being served.

As organizations continue to adopt biometric-based facial recognition technology for identity verification, the industry must address the inherent bias in systems. The topic of AI, data and ethnicity is not new, but it must come to a head in 2021. According to researchers at MIT who analyzed imagery datasets used to develop facial recognition technologies, 77% of images were male and 83% were white, signaling to one of the main reasons why systematic bias exists in facial recognition technology. In 2021, guidelines will be introduced to offset this systematic bias. Until that happens, organizations using facial recognition technology should be asking their technology providers how their algorithms are trained and ensure that their vendor is not training algorithms on purchased data sets.

Identity fraud will become a national crisis.

As transactions have shifted online due to the COVID-19 pandemic, identity fraud will become a major concern across all sectors as institutions struggle to verify their online customers are who they claim to be. In fact, fraudsters have seized opportunities provided by this shift to online transactions, causing networks’ fraud rates to increase by 60% (source: Feedzai). Not only was there more fraud attempted, but the dollar value of each attempted fraudulent transaction was also 5.5% higher than it had been the six months preceding the pandemic. Organizations will shift from using data-based approaches of identity proofing (such as using credit bureau or census data) to document-centric identity proofing (using a government-issued ID and a selfie) to verify online users. With traditional authentication methods and data-based identity proofing, there is no way to know if a person logging in is the actual user or someone is using readily-available stolen information from the dark web. In 2021, enterprises will increasingly favor document-centric identity verification to deter fraudulent login attempts.

Government agencies and public institutions are likely to follow suit as COVID-19 related scams have targeted 32% of people around the world, and the FBI has specifically flagged a spike in fraudulent unemployment insurance claims related to the pandemic. The FBI’s advice to look out for suspicious communications and charges doesn’t cover all instances of unemployment fraud as fraudsters are able to bypass these communications channels, file fraudulent claims and steal benefits. Government agencies will likely adapt to the modern fraud landscape by implementing stronger online identity verification to keep citizens safe in 2021 and beyond.

Stronger age verification will be essential in 2021 — and tech giants will be held accountable for who accesses their sites.

As the social harm epidemic continues to accelerate with children being bullied, subjected to predators and influenced by harmful content at a rapid rate online, technology companies need to take responsibility to protect minors on their platforms. The U.S. is likely to follow in the footsteps of Ofcom, the UK’s first internet watchdog, by implementing new legislation aimed to mitigate social harm, enforce age verification and remove legal protections for tech companies that fail to police illegal content. And we’re likely to see enterprises start preparing for these laws in 2021. As learning, communications and social interaction continues remotely into 2021, we’ll see online businesses implement stronger age verification methods (beyond self-reported age) to regulate age-restricted content and purchases while policing age on social platforms to protect minors and ultimately take a stand against social harm.

The conversation about online voting for the 2024 U.S. election will start.

To ensure everyone has an equal opportunity to vote in the 2024 election, we can expect to see security professionals and the Cybersecurity and Infrastructure Security Agency (CISA) begin discussions around online voting. As the technology to ensure safe and secure online voting is available, we’ll see if online voting, coupled with online identity proofing, will become a reality as a safer, more secure and cheaper alternative to mail-in and in-person voting.

We will see the rise of stronger and more enforceable data privacy regulations.

With the passing of the California Privacy Rights and Enforcement Act of 2020 and pending legislation on the Improving Digital Identity Act, it’s clear protecting consumer data will be a top priority in 2021. States are likely to follow California in initiating legislation to expand consumers’ rights to prevent companies from being able to collect and share personal data without prior consent or knowledge. We’ll likely see the Improving Digital Identity Act passed, which will create a task force to protect individual privacy, direct the National Institute of Standards and Technology (NIST) to create new standards for government agencies’ digital identity verification services and establish a grant program to help other states implement more secure digital identity verification.

Credential stuffing will become the #1 global cybersecurity threat as account takeovers become mainstream.

The 36 billion records breached in 2020 will open the door for account takeover attacks via credential stuffing — a type of cyberattack where automated bots use exposed account credentials to gain unauthorized access to user accounts. As 71% of accounts are protected by passwords used on multiple websites, credential stuffing will become the top global cybersecurity threat as attacks will be successful in gaining access to multiple accounts including social media profiles, education portals, banking applications, healthcare sites and email domains. Once logged in, users can steal benefits, transfer funds and lock the real user out. Traditional authentication methods (e.g., knowledge-based authentication and the common password) will no longer be relied on to keep accounts protected. In 2021, enterprises will look to stronger forms of biometric-based authentication to keep user data secured and out of the hands of fraudsters.

Criminals will weaponize AI in new ways for fraud.

The past decade has given rise to an entire cybercrime ecosystem on the dark web. Increasingly, cybercriminals have gained access to new and emerging technologies to automate their attacks on a massive scale. The dark web has also become a virtual watercooler for cybercriminals to share tips and tricks for scanning for vulnerabilities and perpetrating fraud. The evolution and sophistication of cybercrime will continue in 2021 as criminals leverage artificial intelligence and bots more than ever before.

Just as organizations have adopted artificial intelligence to shore up the attack surface and thwart fraud, fraudsters are using artificial intelligence to carry out attacks at-scale. In 2021 we will essentially witness an AI arms race, as companies attempt to stay ahead of the attack curve while criminals aim to overtake it. We anticipate this at unprecedented levels across several key areas:

  • Machine Learning: Bad actors will leverage machine learning (ML) to accelerate attacks on networks and systems, using AI to pinpoint vulnerabilities. As companies continue to digitally transform, spurred by the COVID-19 pandemic, we will witness more fraudsters rapidly leveraging ML to identify and exploit security gaps.
  • Attacks on AI: Yes, AI systems can be hacked. Attacks on AI systems are different from traditional attacks and exploit inherent limitations in the underlying AI algorithms that cannot be fixed. The end goal is to manipulate an AI system to alter its behavior — which could have widespread and damaging repercussions, as AI is now a core component in critical systems across all industries. Imagine if someone changed how data is classified and where it is stored at-scale. We expect more attacks on AI systems in 2021.
  • AI Spear-Phishing Attacks: AI will be used to increase the precision of phishing attacks in 2021. AI-powered spear-phishing email campaigns are hyper-targeted with a specific audience in mind. Scouting information from social media and tailoring attacks to a specific victim can increase the click-through rate by as much as 40 times and all of this can be automated through sophisticated AI technology. In 2021, cybercriminals will continue to model phishing attacks after human behavior, replicating specific language or tone, to drive higher levels of ROI on attack investments.
  • Deepfake Videos: Deepfake technology uses AI to combine existing imagery to replace someone’s likeness, closely replicating both their face and voice. Increasingly in 2020, deepfake technology was leveraged for fraud. As more companies adopt biometric verification solutions in 2021, deepfakes will be a highly coveted technology for fraudsters to gain access to consumer accounts. Conversely, technology capable of identifying deepfakes will be of equal importance to organizations leveraging digital identity verification solutions. Organizations must be sure any solution they implement has the sophistication in place to stop these growing attacks, which will be highly utilized by fraudsters in 2021.

In 2021, enterprises can combat cybercriminals exploiting the new work-from-home world for new fraud opportunities by implementing document-centric identity verification, preparing for stricter data privacy regulations and enforcing stricter age verification.

Related Posts

identity verification compliance

Compliance Acronyms in Your Customer Identity Verification Process

August 21, 2018
GDPR. AML. KYC. PSD2. CCPA…The acronyms just keep on coming and with them, increasingly stringent and complex requirements for businesses to meet. While delivered with good intention to protect consumers and the global financial system, these mandates and compliance edicts naturally add complexity to business processes. Our latest e-book, Compliance Made Simple, will help you...
Telcos in the Aftermatch of COVID-19

How Online Identity Verification Can Help Telcos in the Aftermath of COVID-19

May 12, 2020
We are using technology, specifically our mobile devices, more and more to communicate with friends and colleagues because of the COVID-19 pandemic. Telcos are part of the critical infrastructure that enables this change. However, even if our online activity has grown as well as our use of telecommunications, there are some areas where telcos are...
Beyond the ID

5 Ways It Pays to Go Beyond ID-Only Verification

June 11, 2020
Identity theft and account takeover are on the rise, with cyberattacks targeting the financial sector increasing 238% from February to April 2020, according to a VMware Carbon Black report. Now more than ever, as businesses deal with the financial stressors of the global health and economic crisis brought on by COVID-19, there has never been...

Latest Posts

  • 2021: New Age Restrictions Come Into Play in Europe
  • Innovation is the Key to Future-Proofing Traditional Banks
  • 5 Surprising Findings from the 2020 Holiday Fraud Report
  • Jumio Transaction Monitoring Named Top 10 KYC Solution Provider
  • Traveling & COVID-19: It Starts with Trust
  • The Dawn of End-to-End AML Compliance

This content from Jumio is for general information purposes only. Please consult your legal team for advice regarding your particular situation.

social-media
social-media
social-media
social-media
social-media
  • Solutions
    • KYX Platform
    • ID Verification
    • Identity Verification
    • Jumio Go
    • Transaction Monitoring
    • Document Verification
    • Authentication
    • Screening
    • Address Services
    • Video Verification
    • BAM
    • Fastfill
  • Use Cases
    • User Onboarding
    • KBA Replacement
    • Fraud Detection
    • KYC & AML Compliance
    • Biometric Authentication
    • Going Passwordless
    • Age Verification
    • New Account Onboarding
  • Industries
    • Financial Services
    • Retail
    • Travel
    • Sharing Economy
    • Gaming
    • Telcos
    • Mobility Services
    • Healthcare
    • Education
  • Features
    • Features
    • Compliance
    • KBA Alternatives
    • Compare
  • Technology
    • Informed AI
    • OCR
    • Face-Based Biometrics
    • Certified Liveness Detection
  • About
    • Company
    • Security
    • News
    • Global Coverage
    • Media Resources
    • Brand Guide
    • Partner Program
    • Partner Login
    • Events
    • Awards
    • COVID Relief
    • Fintech Equality Coalition
  • Resources
    • Library
    • Blog
    • Technical Blog
    • Webinars
    • TCO Calculator
  • Contact
    • Support
    • Sales
    • Careers
  • Login
    • Privacy
    • Legal Information
    • © 2020 Jumio All rights reserved. US Patent App.
  • Languages
    • English
    • Spanish (Español)
    • Portuguese (Português)
    • French (Français)