Risk management practices remain the backbone of every organization in their various sustainability campaigns. And every organization, institution or government must respond appropriately to the technological advancement in order to withstand various emerging challenges since the Industrial Revolution. Global e-commerce sales have been estimated to reach US$4.135 billion in 2020 but that’s not without frauds due to identity theft. How are organizations preparing to benefit from this opportunity with the minimum risk? Do we have reliable identity verification systems?
The challenges surrounding business models are often driven by technology’s quest to tame evolving social behavior and to satisfy an increasing demand for seamless transactions by consumers. Changes in regulatory policies to enact business fairness and to protect consumer rights can also lead fundamental challenges in businesses. But far more troubling is poor alignment of ongoing technological advances in the respective sector.
Technological advancement in the ecommerce sector has inspired businesses to operate online; processing transactions without seeing their customers. While this has in many ways cut down commercial business flaws, there are a lot of risks associated with this approach since companies have no physical idea of whom they are dealing with. However, a promising means of managing this risk – the use of reliable third party identity verification service – has remained invaluable.
Risk management operations
Risk management is an area that involves identifying, evaluating and prioritizing risks accompanied by applying resources that will maximize opportunities while minimize monitor and control the impact of dreadful outcomes in various levels. In that sense, the negative impact of any technological trend can be mitigated or managed by integrating an appropriate technology that can address the ills – into risk management operations.
The aspect of risk management is mostly implemented when an organization is embarking on new or unfamiliar business approaches. And these novel ways are always intended to address various issues strangling profit freedom. In a more acceptable concept, the business approach could also be very familiar but rightly perceived to have potential failures considering the primitive definition of business. Risk management implies preparing for the downsides of every decision – whether regrettable outcomes are recognized or not. Managing or minimizing fraud and commercial risks using various risk management practices is a key move for business success. And not recognizing potential failures in decisions or methodologies has in many cases plunged businesses into unrecoverable failures. How are risk managers dealing with identity fraud?
Identity verification system and transaction flaws
Before the Industrial Revolution, most of the world’s population lived in rural communities. Though there were crimes, identifying people was very easy since everyone knows each other. But for the past two centuries, when people began living among strangers, the society has been struggling with identifying individuals which is the only tool to curb crimes. Many inventions have been deployed in efforts to identifying citizens easily but the challenge keeps getting even more complex since the advent of the internet.
In 1858, a British Civil Servant, Sir William James Herschel conceived the first system to capture hand images for the purpose of identification. This was after the Chinese had already identified palm print as a unique means to identify people some 3,000 years ago. Herschel’s idea led the fingerprint principles to be widely used today. A few years after, identifying people using their body measurements – anthropometrics system took over but was later discredited in an incident involving twins. Biometrics, which is a combination of both systems – identification using unique attributes of an individual, took over. It involves identifying people using their faces, gestures, gaits, veins, voices, signatures, irises, etc. A DNA analysis is also an aspect of biometric for crime detection and prevention.
The number of transactions completed online across the world has maintained a steady rise. Global retail e-commerce sales have been estimated to hit US$4.135 billion in 2020, from US$2.843 billion in 2018, according to Statista. The estimated growth is accounting for exponential growth of transactions completed in customer-not-present environments and how consumers are responding to this inevitable transition.
Unfortunately, the presence of cybercrime is on the same trend with global e-commerce sales records. Payment card fraud losses in the United States alone move from US$8.6 billion in 2017 to US$9.1 billion last year, with CNP (card not present) transactions claiming over 65 percent of the entire fraud. These mishaps are on record due to identity theft. More goods and services have become accessible by just proof of identity. In mild security checks such as the use of passcodes or other non-unique-attribute-requiring identification systems, criminals only require identity information to cause devastating problems such as account rinsing or damage to credit reputation.
How the world is recently responding to identity theft
Organizations are beginning to deploy various risk management practices to protect their business from fraud, cut down operational cost and maintain compliance with varying regulatory policies, including regulations on Know Your Customer (KYC) and Customer Identification Program (CIP). Risk managers have turned to identity verification systems requires a more sophisticated procedure to ensure that customers are who they claim to be and to ensure that customers comply with CDD requirements. However, risk management models integrating identity verification for online transactions are not supposed to choke revenue generating factor or compromise customer experience.
Depending on the business type, risk managers see identity verification differently. While the principal concept is to ensure that each client’s identity is duly verified, some managers prefer multiple authentication methods. However, identity verification solution is mostly tailored to suit every business idea, risks or priority.
Mobile biometrics would validate US$2 trillion of payments by 2023
Mobile biometrics, which includes iris, fingerprint, voice and facial recognition, would authenticate payments worth US$2 trillion by 2023, according to Juniper Research’s analysis. The major drive of this growth is the industry’s initiatives in payment systems; e-commerce payments are increasingly becoming more traditional than in-person payments. ‘Biometric-as-a-service’ integrated into secure cloud services will authenticate customer’s identity a few years from now. Consumers would rather use a fingerprint instead of entering credit card details which anyone can do.
Smartphones are increasingly featuring biometric hardware and could claim 90 percent of smartphones by 2023, according to the Mobile Pay Security: Biometric Authentication & Tokenisation report, with fingerprint scanners being the most common. The report claims that in the next five years, around one billion devices would offer iris scanning and facial recognition for payment.
China digitizes social security cards
China’s government has partnered with Tencent, WeChat operator to digitize the nation’s social security cards on payment platforms, social media, and mobile messaging. Chinese citizens will be able to supply authorities and companies with official identification information using their electronic social security cards. This includes applying for government services, paying for hotels, hotel bills without a need for a physical ID card. The Chinese government is planning to deter online identity theft by using facial recognition technology to identify applicants for the virtual ID cards.
The initiative for digital social security card is currently being implemented in 26 Chinese cities, including Shenzhen, tech capital and Tencent’s home.
The European Union’s eIDAS regulation
The EU has recognized aging legal frameworks as part of the factors inhibiting cross-border business growth, entitlements of its citizens and administrative efficacy in aligning with relevant technological change. There is no doubt about how digital authenticators such as electronic signatures have helped in providing digital identification, and trust validation and verification. The EU electronic identification, authentication and trust services (eIDAS) regulation was established to achieve more.
The major factor in focus by the body behind eIDAS is trust as a means to unlock economic potential for e-commerce transactions. The eIDAS regulation, which became operational on 29 September 2018, will allow EU citizens to access public services in other EU countries with similar eIDs. During the pilot project, Austria, Germany, and the Netherlands were able to connect their electronic identification and authentication infrastructure, which allowed citizens in Germany to access online public services in Austria.
Digital driver’s license in the US
Four states in the United States: Maryland, Washington DC, Idaho, and Colorado are leading the concept of a digital driver’s license (DDL). The aim is to provide a secure identity verification tool that will leverage the ubiquity of the smartphone. The DDL is by far a more secure version of identifying drivers. It’s a digital form of physical driver’s license that will be stored on a smartphone to supplement existing identification and licensing documents. The DLL platform has been designed to be very user-friendly while offering an inclusive and secure ecosystem that will provide various services and solutions. The platform has been tested for two years, sponsored by the National Institute of Standards and Technology (NIST). And it provided solutions in four cases; attribute sharing, enrolment, updates to the document while the driver is in the field, and law enforcement.
Canada’s digital ID platform
Having recognized how crucial it is for consumers to prove their identity in this era of a digital economy – to receive sensitive services such as banking, Canada roped in a private player – a digital identity validation service (smartphone app) that will provide proof of identity in seconds. The platform, built by SecureKey using IBM blockchain, has received sponsorship from various Canadian banks including CIBC, Scotiabank, RBC, Desjardins, and BMO.
Since 2016, these financial institutions have collectively invested CAD$27 million. The platform works by using the existing digital identity created with banks to verify the consumer’s ID. That means the credentials previously verified by trusted companies can be used for verification each time the individual wants to use the services of a new provider. The application will allow consumers to access more services easily and reduce fraud while strengthening Canada’s digital economy. Boost
Safety is the key terminology and the use of unique attributes or a combination of several authentication methods for identity verification has proven to be effective in fighting identity theft. This has identified the need for organizations to consider the most practical means of reducing risk as they adopt new technologies to bloat their profit margins.