Complex Made Simple

The evolution of authentication

Over the past year, the shift to digital solutions has brought new opportunities for businesses, hackers, and scammers who seek to exploit these new sources of revenue

Of the 64% of consumers who lack confidence in the security of their passwords, only a third update them It’s important businesses approach privacy in the right way or risk opening the path to more security woes Fraud detection and authentication – while interlinked – are two different things

By: Saeed Ahmad, Managing Director, Middle East, and North Africa, Callsign

Over the past year, the shift to digital solutions has brought new opportunities for businesses, hackers, and scammers who seek to exploit these new sources of revenue.

The UAE has long been enticing for hackers due to the country’s perceived wealth. Around 83% of the UAE companies are seeing an increase in cybercrime attacks through phishing, email spam, malware, etc.

Our research corroborates the scale of the problem, with consumers saying they receive three scam messages a day, more than from friends and family.

Rising Security and Privacy Concerns

Our research on security and privacy revealed that a third of respondents (33%) were concerned about the lack of transparency from organizations collecting their data.

A third of the respondents claim that it’s because they don’t know what data is being collected about them by organizations, and 29% say they feel as though they’ve had to share more as the pandemic has forced more services and businesses online.

Despite these concerns, of the 64% of consumers who lack confidence in the security of their passwords, only a third update them when prompted to do so by an organization.

There have also been notable privacy developments among some big tech firms, and the tech giants are leveraging these consumer wants and needs to get ahead in the market.

With these new updates putting privacy in the hands of the consumer, it’s important businesses approach privacy in the right way or risk opening the path to more security woes. It can take months for organizations to redesign their entire security processes and infrastructure in response; therefore, it’s critical organizations begin looking at these processes sooner rather than later or risk getting left behind. 

The UAE has introduced the “UAE Personal Data Protection Law,” which will revolutionize the way that data is regulated in the UAE, as until now, onshore UAE didn’t have a standalone sector-wide data protection law. Whilst the UAE’s two financial free zones, the Dubai International Financial Centre (“DIFC”) and Abu Dhabi Global Market (“ADGM”), have had in place self-standing sector-wide data laws that are largely inspired by the EU’s General Data Protection Regulation (the “GDPR”), which has been in force since May 2018, onshore UAE data regulation ultimately comprised a patchwork of limited provisions drawn from the UAE’s Penal Code, Constitution, and Cyber Crime Law.

Moving Towards the Future of Authentication

As scammers become more sophisticated, so should our ways of spotting them. With upcoming regulations, businesses need to choose the right technologies for the job. While the deadline has been extended, vendors and card issuers must take the time to consider several moving parts. 

Businesses must ensure they rely on solutions that meet rising privacy concerns and the UAE Personal Data Protection Law requirements and satisfy all their stakeholders, by adopting a solution that prioritizes privacy and data minimization, as well as reducing friction in the user journey through passive, positive identification.

Turning to Technology

One method is using behavioral biometrics technologies to positively identify genuine users. Passive behavioral biometrics considers millions of contextual data points such as how a user swipes their phone, the angle they hold their device, keystrokes, and mouse movements. These are unique behaviors to the user that are difficult to copy, unlike passwords, which fraudsters can easily steal and utilize. Layering these contextual data points with device and threat intelligence builds a more robust authentication process without adding friction to the user experience.

Data from behavioral biometrics can also be obfuscated, thus preserving a user’s privacy in ways that facial recognition and other biometric authentication methods can’t.

Fraud detection and authentication – while interlinked – are two different things. Using behavioral biometrics to detect fraud is a given, but organizations should also consider a vendor’s ability to positively identify the user during the vendor selection process. Otherwise, they may need to opt for an additional vendor to deliver user authentication.

Businesses must look beyond traditional security strategies to protect customers against fraud. With increasing concerns around privacy and traditional security methods often insufficient, it has become a business imperative to establish digital identity online. This is to ensure businesses and consumers are not only protected but authenticated online. 

Using technologies such as behavioral biometrics, businesses can re-establish a secure relationship where customers trust businesses and businesses protect customers, all without any party having to sacrifice experience or privacy to do so. More so than ever, companies are responsible for keeping consumers protected against fraud and safeguarding customers’ digital identities. The layering of behavioral biometrics with other circumstantial evidence can both keep consumers safe and protect their privacy.