The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
That’s why it only makes sense for financial and government sectors to explore high-tech ways to counter the problem, even if it means making consumers a little uncomfortable in the process.
[Related Article: Can You Really Get Your Credit Score for Free?]
Face-Scrubbing Technology
Most recently, the state of New Jersey launched a photo-matching program called Operation Facial Scrub, which aims to keep fraudsters from obtaining a second driver’s license using another resident’s identity. So far, the facial recognition program seems to be working — it’s “yielded 38 criminal prosecutions and more than 600 potential cases,” according to a CBS report. It remains to be seen whether other states will adopt the technology, though New Jersey reportedly shared it with 20 other states.
“I think some of these things will definitely be beneficial,” says Raul Vargas, team leader of fraud operations for Identity Theft 911.
But there’s more to the security puzzle than just facial recognition. “Security is all about layers of protection,” says Robert Siciliano, a security expert with McAfee. “Whether it’s two or three-factor authentication, that’s what we need to take it to the next level. Right now, we don’t have that. The system is flawed.”
One such two-step authentication comes from the FIDO (Fast IDentity Online) Alliance, which was formed in July 2012. Though its platform has yet to be widely adopted, it signals the future of crime-fighting tech. FIDO, which combines hardware, software and Internet services, offers users two types of screening for users: an identification token that’s presented each time a user logs in to his or her account, and an authentication token that asks the user to perform an action, such as flashing a password or PIN, or swiping their finger. But that’s not all the FIDO system does to protect against fraud. It also includes a browser plug-in that connects to the actual system being used, a validation cache to ensure that tokens aren’t being “spoofed,” plus a FIDO Repository to store and validate information about new tokens. In this way, FIDO rolls several security measures into one, making it harder to get past red tape with merely a user login and password, or even a fingerprint.
Combining a password with a physical token is something Chester Wisniewski, senior security advisor at Sophos, approves of. “It’s not that passwords are impossible to use correctly, but most people aren’t. We really have to get toward this two-factor solution,” he says.
[Credit Check Tool: Monitor your credit score and activity for free with Credit.com]
Unlike facial recognition technology, such as the Kansas startup EyeVerify, which scans users’ retinas, FIDO isn’t relying on an unchangeable aspect of your body, such as your iris or fingerprint, which can be stolen, compromised and used. “If someone steals that digital description of my fingerprint or retina, suddenly you’re able to authenticate as me and I have no way to ever change it,” he says.
Still, Siciliano is quick to point out that the biometrics have fewer “false positives,” or risks for mistakes, than two-step authentication. A biometric takes a dynamic snapshot — for example, an iris scan showing how your pupils dilate, focus and view surrounding objects — rather than a static one wherein there’s no movement. However, “we’re still a good decade away from seeing biometrics used by the masses in everyday transactions,” he says.
Less Convenient, More Secure?
And let’s not forget that “combining [a token] with something in your head is a lot easier,” Wisniewski says. The less extreme the tech is, the more consumers are likely to use it.
“Several bank executives have told me our customers would quit using our bank because they don’t want the inconvenience” of having to remember more than one thing, or having their body scanned, Wisniewski chimes in. “Even Facebook doesn’t turn on their two-step authentication because they don’t want to risk losing users.”
What’s more, “the technology behind biometrics and in which biometrics are used has not been standardized through companies or major banks,” Sicliliano says, nor has it become standard at government agencies. For biometrics at least, ‘the pain of fraud hasn’t yet eclipsed the benefits of the security,” and it may be three or five years until we begin to see this technology being used.
Take the IRS, which is dealing with massive amounts of tax fraud this year. “There’s a big move to update the system,” Siciliano explained, “but the IRS is only a few years into this as we speak,” though they’ve known about the problem for almost five years. “It’s usually situations like that, like the worst kind of scenario, that can facilitate a change in the system.”
For now, at least, it looks like consumers will just have to go the old-fashioned route: shredding sensitive papers and keeping strong passwords to themselves, and of course, checking their credit report regularly.
[Featured Products: Research and compare Identity theft protection plans at Credit.com]
Image: Comstock
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams