Top Identity Proofing Trends
Here are the top 8 identity proofing and verification trends for 2023 and how you can help your organization adapt
by Ralph Rodriguez, CPO
March 3, 2023
As more businesses and consumers have moved to doing business digitally, the opportunity for fraud has risen. The problem has grown so large that Javelin Research & Strategy named its 2022 Identity Theft Report “The Virtual Battleground.” This report found that losses due to identity fraud amounted to $52 billion and affected 42 billion consumers.
In 2023, expectations are that fraud will get worse, while a number of the key identity proofing and verification technologies will improve and be applied in different ways to combat it. Let’s take a look at some key trends for the year ahead.
Top Trends Around Identity Proofing and Verification
Trend 1: An Uncertain Economy Will Drive Increased Fraud
A December 2022 survey of economists by Bloomberg found a 70% chance for recession in 2023. According to Wells Fargo, “We also still expect a recession to begin in the United States in the second half of this year, albeit a slightly milder one than in our previous forecast.” The World Bank reports, “Global growth is slowing sharply in the face of elevated inflation, higher interest rates, reduced investment, and disruptions caused by Russia’s invasion of Ukraine.”
Whenever there’s a recession or economic setback, fraud increases. It happened with the onset of COVID-19, with Statista reporting a 45% global increase in cyber fraud risk in May 2020 and 47% in August 2020. Two areas where the Identity Theft Resource Center expects fraud to increase in 2023 are: impersonation crimes; exploiting the gap between people who adopt passwordless technology, and those who don’t.
This increase in crime has the potential to affect every business, challenging organizations to increase how they protect customer accounts and data.
Trend 2: Changing Regulatory Environment
Gartner predicts that by 2024, 75% of the global population will have its personal data covered under privacy regulations. The best case for businesses is where a single set of regulations applies to an entire nation or multinational area, such as the EU’s General Data Protection Regulation (GDPR).
The worst case is what’s happening in the U.S. Despite the introduction of the American Data Privacy and Protection Act in 2022 by the U.S. Congress, until it or another national bill is passed into law, businesses must deal with individual state statutes. Five states – California, Virginia, Connecticut, Utah, and Colorado – have already enacted laws. As of January 2023, Bloomberg Law reports that nine more – Oregon, Oklahoma, Iowa, Indiana, Kentucky, Tennessee, Mississippi, New York, and New Jersey – have proposed legislation.
Each of these laws has different legal requirements and different definitions of the sizes of companies and volume of data that they apply to. The challenge for businesses is having to adhere to the laws in each state where they have customers. So, hypothetically, a business based in a state without regulation may have to determine how to protect customer data in accordance with 14 different sets of rules.
Trend 3: Heightened Customer Awareness of Security
One reason for this push for legislation is increased customer concern both about how their data is used and how it’s protected.
In 2022, the Cyber Security Hub reported that there were more than 4100 publicly disclosed data breaches, “equivalent to 22 billion records being exposed.” Consumers have no way of knowing how many breaches occurred that weren’t publicly disclosed.
When it comes to the personal information consumers are most concerned about, Tableau found that 78% said they were worried about financial/banking data; 75% said security data; and 70% said identity data.
The most visible way that customers understand how a business protects their data is through the authentication process that enables them to access their accounts and data. While they don’t want to have to jump through too many hoops to gain access, they want to see processes in place that say the business understands their concerns and is doing everything it can to secure their data against criminals. Businesses who haven’t already should make 2023 the year that they understand the imperative to continually improve authentication processes and experiences across the customer lifecycle.
Trend 4: Increased Use of Biometrics
We foresaw the increased use of biometrics as part of the 2022 growth in digital identity. We expect the use of biometrics to continue to rise in 2023 as companies attempt to counter the economically–driven increase in fraud.
Many consumers are already comfortable with the use of biometrics, unlocking their phones and computers with a fingerprint or facial scan and activating personal assistants with their voice. PYMNTS research found that 58% of consumers believe biometric authentication methods are faster and more convenient than other login methods, and 55% say they trust biometrics more than other alternatives.
Because they are based on something the customer is, rather than what they know, biometrics are very difficult to steal or duplicate. As cybercriminals become more sophisticated and customer expectations around security increase, more businesses will turn to biometrics.
Trend 5: Advances in AI and Machine Learning Further Deter Fraud
With the constant drumbeat of fraud, businesses are trending toward using artificial intelligence (AI) and machine–learning (ML) in the digital identity landscape, which is continuously growing. These technologies play a critical role in identity proofing, helping to determine if a user is truly who they claim to be by analyzing ID documents and using liveness detection and selfie matching to perform facial recognition.
AI is a key element in biometric authentication; it aggregates data from elements such as fingerprints and facial scans, using and learning from them to identify the customer. When the customer returns, AI matches these points of identity at speeds no human could achieve. ML enables constant improvement in accuracy, based on every previous identity proofing and authentication interaction.
AI and ML are also used to analyze user behavior, detect activity that may be malicious, and alert the business. In fact, PYMNTS has found that 60% of acquiring banks say AI is their most important technology for detecting fraudulent transactions.
Trend 6: Continued Growth in Multi–factor Authentication
Multi–factor authentication (MFA) requires customers and employees to choose two or more factors – such as passwords, PINs, or fingerprints – to be used when attempting to access their account. A common form of legacy MFA involves a customer logging in by using their password and then being prompted to also enter a six-digit code that has been sent to their mobile phone via SMS.
The use of MFA was accelerated due to the wave of fraud that accompanied the COVID-19 pandemic. In its 2021 State of the Auth report, Duo Labs reported that 79% of respondents used MFA, up from 53% in 2019.
But increased use has also exposed some issues with the most common MFA scenarios. Passwords are inherently insecure, and SMS also has security weaknesses; it is not encrypted, and fraudsters are finding ways to steal or clone SIM cards (sometimes known as SIM swapping) to access a customer’s phone without having to physically steal the device. As a result, we expect to see greater use of biometrics as one or more of the factors required by organizations for their customers to access an account.
Trend 7: The Rise of Passwordless Authentication
Increased adoption of the WebAuthn standard will enable growth in passwordless authentication, which balances the ability to foil fraud with the easy access customers want. Used in single or multi–factor authentication scenarios, WebAuthn enables account access using biometrics, authentication apps, tokens, session IDs, and an evolving number of other methods, eliminating the need for passwords.
The Duo Lab 2022 Trusted Access Report showed “a 50% increase in the percentage of accounts allowing WebAuthn authentication and a fivefold increase in WebAuthn usage since 2019.” In 2022, WebAuthn was put on the U.S. Office of Management and Budget’s list of acceptable authentication methods for the federal government to implement by the end of fiscal year 2024.
WebAuthn is already supported by Windows 10 and Android platforms, popular browsers, and a growing number of authenticators built into computers and phones. Its continued adoption is being driven by the World Wide Web Consortium’s WebAuthn Adoption Community Group.
Trend 8: Surge in Web Application Firewall Usage
A web application firewall (WAF) sits between a business’s website and the internet traffic coming into it. By enabling application security teams to set guidelines and alerting them to real-time violations, a WAF helps protects customer data in compliance with GDPR and other regulations.
WAFs enable continuous behavioral biometric monitoring throughout a customer interaction. How the person uses a mouse, types information, moves between screens, and takes other actions identifies them and can alert a business to takeovers of legitimate accounts.
Research and Markets expects the global WAF market to more than double between 2022 and 2027, from $5.8 billion to $13.8 billion.
Protect Your Business and Customers in 2023
Even as fraudsters step up their efforts this year, we hope these trends have given you an overview of advanced technology you can implement to gain the upper hand. Whenever – and if – a recession or change to the digital landscape comes, even in a confusion of regulatory rules, you can trust Daon solutions to safeguard your organization’s data and your customers.
Learn how Daon can help you establish futureproofed identity protocols for 2023 onwards.
Want to see even more identity trends for 2023 and beyond? Access your complimentary copy of Gartner’s Hype Cycle™ for Digital Identity!