If you’re like most people, you have dozens, if not hundreds of online accounts for everything from banking and shopping to watching movies, listening to music or keeping up with your friends through social media.
That means you also have (or should have) a plethora of passwords to access those apps or websites. And again, if you’re like most people, you’re also not regularly updating those passwords to stay ahead of criminals who may want to access your accounts to steal your money or your identity.
Fortunately, the days of relying on passwords to protect us will soon become a distant memory as we increasingly use biometrics to authenticate transactions.
Despite the continued growth in cyberattacks and online fraud in Canada, cyber preparedness remains a national issue. While most people know they should change their passwords regularly and never use the same password for different accounts, Mastercard research found that barely a third of Canadians have adopted basic security practices like these to protect themselves*. Almost 60 per cent say they find it exhausting to update their passwords, and 55 per cent say they only change a password when prompted*.
Fraudsters, on the other hand, aren’t so complacent. They’re using technology such as artificial intelligence (AI) to evolve and elevate the sophistication of their cybercrimes. This includes deepfakes that create seemingly legitimate audio and video, ChatGPT phishing that produces much more convincing emails to try to fool people, and voice cloning, another form of deepfake AI that tries to convince someone a phone conversation is genuine. Armed with evolving technology, the traditional password is becoming increasingly ineffective.
Many businesses and payment companies employ a variety of tools to bolster weak password security habits, including multi-factor authentication (MFA), password expiry periods and monitoring account activity to combat fraud or data theft. While tools like these offer higher protection, they can also frustrate consumers who increasingly expect to seamlessly log in and checkout.
New solutions for digital identity based on the Fast Identity Online (FIDO) standard, many of which have been developed here in Canada, are about to change everything.
FIDO biometrics have become a powerful authentication tool, using a fingerprint or facial recognition to unlock the passkey, the device is then linked with a biometric sensor that gives a user access to an app or website. Each person’s biometric details are unique, meaning only that person can open their account or make a transaction.
Applications such as our new Biometric Authentication Service allow businesses to integrate biometrics when logging into apps or websites. It replaces the password with the person, making digital experiences easier, faster and more secure. Based on the latest FIDO standards, it uses security standards including cryptography combined with biometrics technology already built into personal devices such as phones, tablets and laptops.
This also provides an even greater layer of protection on payments with less inconvenience. Now, if someone makes an unusual purchase somewhere and it gets flagged by their bank or merchant, they could be asked to confirm their identity by simply using their face or fingerprint instead of a one-time password which have become increasingly easier for fraudsters to exploit. If that matches what is already stored on their phone, the purchase is authenticated with no need to respond to a text message or speak with a bank representative by phone.
At the other end of the payment process, AI is helping banks identify suspicious purchases that require additional follow-up with the customer. Screening billions of transactions for multiple risk factors specific to each transaction, AI can predict in milliseconds the likelihood of whether a transaction is fraudulent.
We’re already seeing significant results. Our AI solutions have stopped or deflected an estimated $20 billion* in fraud attacks across our global network over the past 12 months. A lot of this new technology is developed at Mastercard’s Global Intelligence and Cyber Centre of Excellence in Vancouver. Since its launch, the Centre has emerged as an epicentre of global cybersecurity innovation, rapidly developing new intellectual property in biometrics and AI, with more than 36 patents filed since 2020*.
In an ideal world, everyone would practice good cyber preparedness and never be taken in by scams or phishing attempts to steal their passwords. But in the real world, we know that isn’t going to happen all the time. As criminals keep finding new ways to try to impersonate or defraud people, we need to continue developing new ways to defend against this and implementing technology to create a safety net around transactions.
As these new biometric tools are deployed, it won’t be long before passwords are a thing of the past, making our digital world both safer and more convenient.
Aviva Klein is Vice-President Digital Payments and Cybersecurity Solutions at Mastercard Canada.
Leave a Reply