The number of choices for securing identities is on the rise, but so is the number of attacks.
It is a well-known fact: Internet usage is booming. 3.2 billion people are online, while more than 7 billion mobile phones are subscribed worldwide.
With the rise of activities such as browsing, shopping and online banking, Internet-based crime is on the rise, too. Cifas, a fraud prevention agency based in London, stated that more than 80% of identity theft was attempted or perpetrated online in the UK in the first three months of 2015. The number of victims has risen by 31% to 32,058 compared to 2014. Fraudsters fake identities and credit cards which are then sold online, providing a community with access to other people’s identities.
High profile hacks over the recent years from Target to Anthem to Ashley Madison have sent personal identification information to people never intended to have this information. As customers become more aware of the growing risks, merchants and card issues recognize that protecting customers from identity fraud is a critical success factor. However, there is no single solution to successfully combat fraud but rather a series of actions that need to be taken. Battling fraud needs a combination of protective measures and risk mitigation. These measures secure card authentication, authorization and the processing system where transaction data is held.
The actions to be considered include protection against counterfeit fraud through multi-factor authentication, risk management to reduce the danger of unauthorized payment, and validating the integrity of the transaction through digitally signing payment data. Today, the EMV standard provides the most widely adopted specification for secure chip cards and payment terminals.
The Fast Identity Online (FIDO) specification is another way to secure your personal data, by providing a new protocol for online logins. It increases security by providing access to online services without having to use a username or password while still providing security that is simple, strong, and intuitive, yet trustworthy and private. Going beyond the combination of username and password, FIDO uses either a special stand-alone security key, like a Dongle, or embedded security features of the user device itself in combination with biometrics, like a fingerprint, for authentication.
There’s no need for a complex username/password combination. Both systems provide an easy and seamless authentication process. It is secure while its implementation is easy and offers protection from phishing, man-in-the-middle (MITM), man-in-the-browser (MITB), and other kinds of attacks. Both schemes are already supported by a range of large service providers like Google, Paypal, Alibaba, Dropbox and others.
With these solutions in mind, what steps do you want your merchants to take to secure your identity?