Digital Identity Archives - Fintech News

Ondato Covers Global Age Verification Regulations in Newest Report

H. — Thu, 28 Nov 2024 19:12:29 +0000

London, United Kingdom, November – Ondato, a global provider of digital identity and age verification solutions, has released a report that maps the intricacies of age verification regulations worldwide. This report offers insights for businesses that must navigate age-related compliance requirements.

With updating regulations, ensuring age-appropriate access has become more important than ever. Governments and regulatory authorities across the globe are instituting and enforcing strict age verification measures to protect minors from accessing potentially harmful content and services. In the past two years, 15 states have implemented new age verification regulations in the US alone, and that number is only growing. Europe, the UK, Canada, and other regions have all already updated or are updating their laws on age verification. Ondato’s latest report compiles these regulations into an easy-to-understand resource, delivering a comprehensive overview of age verification standards.

The report analyzes age verification laws and practices across major markets, including the EU, the United States, the United Kingdom, and emerging economies. It provides sector-specific insights into regulations affecting industries such as gaming, social media, e-commerce, and online content streaming. Additionally, the report identifies common compliance challenges that businesses face when navigating diverse regulations and explores how technology can help mitigate these issues.

“Our goal is to empower businesses with the knowledge and tools they need to stay compliant and protected,” said Liudas Kanapienis, CEO and co-founder at Ondato. “This report is an invaluable tool for companies striving to keep pace with the evolving regulatory environment. Even today, as we publish this report, Australia is testing out age verification systems for what could become a social media ban for anyone younger than 16 years old.”

With changing regulations focusing heavily on data privacy, the need for age verification solutions that offer anonymity only grows. Because of this, Ondato recently released a reusable age verification solution that is able to verify user ages and keep the costs low while allowing companies to fully comply with the newest regulations.

The report is now available for download on Ondato’s official website. For further inquiries or to access the report, please visit https://ondato.com/ondato/age-verification-lawsuits/#Age_Verification_Regulations_Worldwide

The post Ondato Covers Global Age Verification Regulations in Newest Report appeared first on Fintech News.

The Importance of Privacy: How Medical Practices Keep Patient Data Safe

H. — Tue, 22 Oct 2024 13:54:02 +0000

Whether you’re a curious patient or are ready to graduate with an online BSN to DNP PMHNP, it’s important to understand the need for medical data security. If you’re not in the industry, the array of regulations, products, and best practices that ensure patient data remains private and secure may seem overwhelming and unnecessary, but those with experience in the field, or even in cybersecurity generally, will confirm that it’s far from overkill. Encryption, authentication, and secure applications and networks are the cornerstones of keeping any type of data secure, and they are all required and made liberal use of by any practice entrusted with the well-being of the public.

Encryption

Encryption is a broad term for a wide array of techniques that serve to obscure sensitive information from comprehension by any party that might intercept an attempt to transmit it. The practice of cryptography can be dated back as far as ancient Egypt. While the principle of modern technology is the same, the digital encryption used in modern cybersecurity might be more directly traced to the rotor machines used by militaries to scramble communications transmitted via telegraph beginning in WWI. Invented first by American Edward Hebern in 1917, and quickly duplicated and improved upon by Arthur Scherbius as the infamous German Enigma machine, these early mechanical contraptions used systems of rotors to substitute characters for one another to obscure messages. The recipient would need to use the same machine to reverse engineer the cipher in order to decode and read the message, as the rotors enabled a dynamic substitution of characters that prevented the use of a simple key to decode the encrypted messages.

Modern encryption systems preserve this principle, but take it to an extreme made possible only by the wonders of high-frequency, high-density transistors on modern silicon computer chips. The global standard for high-security encryption, AES-256, used a 256-bit key to transmute the input data by breaking it into a series of tables and mixing up the characters. You can visualize how this process works by imagining a string of text having each individual character swapped with a predetermined substitute, placed on a side of a giant rubik’s cube, and then having the rubik’s cube completely scrambled. The patterns used to substitute and scramble the characters are separated from the message itself, and are stored in a separate file known as the key, which can be used to unscramble and re-translate the encrypted message.

The Health Insurance Portability and Accountability Act, or HIPAA, is the American system and now the global golden standard for data security in the medical industry. Originally passed in 1996 but updated regularly to ensure compliance with modern standards, HIPAA outlines guidelines for data privacy and protection that must be undertaken by healthcare providers. HIPAA compliance requires that data is encrypted when being transmitted and at rest. That means that medical data needs to be secure even when it’s simply sitting within the system in which it was recorded.

In order to accomplish this, security keys must be stored in separate partitions or modules from the data itself, and are themselves encrypted. In modern systems, this is often accomplished using a Trusted Platform Module, or TPM, an onboard module programmed to only output its keys when provided with a specific password. Keys can also be stored in separate hardware, like a key card or USB drive. Regardless of which method of separating the key from encrypted data is selected, it’s important that the two never be combined unless the person attempting to do so is authorized to manage that data.

Authentication

These mechanisms for limiting access to the keys used to encrypt and decrypt messages require some form of verification that the person requesting access to them actually should have that access. This is referred to as authentication. At this point, we’re all familiar with the 4-6 digit numbers we pull from emails, text messages, or authenticator applications, and as much of a pain as they are, they’re absolutely necessary in ensuring that encrypted data can only be accessed by those with a legitimate reason for having it. Medical information is some of the most sensitive data that we have, so carefully limiting who has access to it is vital.

HIPAA requires two factor authentication be implemented in any system storing customer data. Authentication applications are often considered the most secure, as the systems they use to generate one-time tokens utilize encryption keys stored on Trusted Platform Modules, which are much more difficult to fraudulently duplicate than hardware proximity keys since they do not emit radio frequencies that can be captured by devices like radio frequency identification device copiers, and are more difficult to intercept than emails or text messages. They also have the added benefit of being not only guarded closely by their holders by default as a result of being located on the user’s valuable personal smartphone, but are also normally behind a PIN code assigned by that user. But no matter what form of authentication is employed, it is only as secure as the system it interacts with.

Secure Software and Hardware

The systems that medical data is stored on also have to meet exacting specifications. Software systems managing patient data must encrypt data at rest, and require authentication. They must also be tested against potential vulnerabilities that might be used to transmit or intercept data before it is encrypted (e.g. while it is being entered or retrieved), including memory safety testing. Hardware systems, including the computers and networks that patient data is stored and transmitted on, must remain up to date and be audited regularly to ensure that their built-in mechanisms for resisting hacking retain their integrity.

As a result of these lofty requirements, cloud-based systems managed by large multinational corporations are increasingly preferred as a result of their ability to take advantage of their vast scale to drive down the costs associated with producing the high quality, high security systems needed for storing medical data.

Best Practices

The most likely way for a security breach to occur is not actually hacking or any other form of fancy technological engineering — on the contrary, social engineering is a much more common source of breach. Employees granted access to sensitive patient data must undergo training on data security best practices to ensure that they are aware of the risks and the stakes inherent in the work they are engaging in, and to ensure that they follow best practices including not granting others access to their mobile phone or personal computer if it contains sensitive information or authentication methods to systems containing sensitive medical data. There are also strict hiring requirements that must be followed by medical organizations to ensure that people likely to commit any sort of crime don’t have exposure to sensitive data.

All of these pieces need to come together to ensure that sensitive patient data is protected. While the standards for technical requirements are high, they are nearly useless if the people operating and maintaining them aren’t aware of their responsibilities. At the end of the day, all of the fancy high-tech systems in the world can’t protect data from carelessness.

The post The Importance of Privacy: How Medical Practices Keep Patient Data Safe appeared first on Fintech News.

Optimising Email Signatures for Mobile Devices

H. — Fri, 30 Aug 2024 12:35:17 +0000

Approximately half of all emails sent are viewed on smartphones. As such, when sending emails, the content and your email signature must be optimised for mobile devices. An email signature is your business marketing opportunity to inform and encourage customers to engage with you and your brand. So, if the email signature is not well optimised, it can create the wrong impression about your brand in the mind of the prospect.

Issues like missing images or unaligned texts and buttons can damage your brand reputation. So, it’s time to take a look at how your emails appear on different random mobile devices and see how you can improve. Below we have highlighted a few tips on how to optimise email signatures for mobile devices.

Alt: Email on a mobile device

Effective Ways to Optimise Email Signatures for Mobile Devices

Sending emails is an important part of most businesses, which is why many businesses take their email digital signature seriously. Check below for different ways to optimise it for mobile devices.

Utilise email signature management tools

Most email phishing is sent with emails that do not have a recognized email signature. So, if your business does not have an email signature for your emails sent, you can easily create one using any of the several email signature management tools. Creating an email signature from scratch can seem daunting. However, you can simplify the process by using an email signature management tool. But depending on what you want to achieve, you can compare and contrast the differences between the features of the different email signature tools before making a choice.

Ensure image resolution is high

When choosing an image to add to the email signature, you should opt for one with a high resolution. Most mobile devices use a method known as scaling to enlarge any images in the email signature. As such, if you use a rasterized image, be it a GIF, JPEG, or PNG, the flaws in the image become more apparent if the resolution is low. So, to avoid a situation where the quality of the image degrades in your email signature, it is better to use images of at least three times the resolution of what you use in the image element of the signature.

Keep the width of the signature below 400 pixels

Another mistake people often make when designing an email signature is that they opt for images with the wrong dimensions. Using an image that is too wide or too thin will impact the overall result, as the email signature will appear distorted. When choosing an image, the ideal image to use should be kept under 400 pixels in width. When the image is too wide, the email signature will appear too long or compressed, depending on the case. Also, it’s important to note that even though smartphones come with landscape and portrait modes, it’s best to keep in mind when designing email signatures that the device will often be used in portrait mode.

Break up long lines

Using long lines in your email signature can also be detrimental. Rather, keep the text concise. If you need to use more information, it is better to go the abbreviation route or, better still, utilise icons. The idea of breaking up long lines applies particularly to addresses. When you break long lines, it makes the email signature look neat and presentable compared to long lines, which can be tiring on the eyes. Moreover, using long lines in your email signature can cause it to appear misaligned. The best practice is to break a long line into two or four lines.

Use adequate spacing of elements

Furthermore, spacing elements in your email signature is vital, as it helps make it look compact for mobile. When you don’t use adequate space between elements, the email signature will not look professional. Moreover, when the space is not enough, it makes it difficult to click those elements, causing users to accidentally click on the wrong link, which can be frustrating. But in a case where the elements don’t have hyperlinks, then you can keep them compact. Cases like your title position, name, photo, disclaimers, and similar fields can be kept compact. If the font, icon, or image you use in the email signature is small, it’s best to space the elements more. Whereas if you use larger fonts or icons/images, minimal spacing can fly.

Make fonts big enough

Another mistake people often make when designing an email signature is with the font used. The style and size of the font you use are very critical, as they can mean the difference between readable and clear text. Sometimes, text in your email signature may appear appropriately sized on desktops, but on mobiles, it may appear too tiny. So, it’s important when it comes to fonts to choose one that is legible and keep the size between 11 and 18 pixels. Of course, this rule is not cast in stone, as you can go outside this size range depending on the design and style of your email signature. But always keep in mind that small fonts draw less attention and may not be suitable for visually impaired users.

Add click-to-call links for phone numbers

Adding a click-to-call link in your email signature makes it easier for readers to call you directly from the email. Rather than having to write down your number before calling, the click-to-call link opens the dialer prompt on their phone, making it easier. Unlike email addresses and websites, phone numbers do not hyperlink automatically, so it is important to be intentional about making it clickable.

Add a map link to addresses

Also, adding a clickable map link to your business addresses on the email signature makes it easier for readers to find you. When clicked, it launches the map app on their phone, directing them to your business address. Having an address on your email signature has a way of reassuring readers, making them worry less about email compromise. If you don’t know how to get your business address map link, go to the map app on your device, find your location, click on the share button, and then copy the link. You can then paste the link into the hyperlink property of the address element.

The post Optimising Email Signatures for Mobile Devices appeared first on Fintech News.

The next wave of cyber threats: Defending your company against cybercriminals empowered by generative AI

Horacio — Tue, 12 Dec 2023 06:55:02 +0000

Personal data is under siege in the digital world, from deepfakes to exploiting human error, vulnerabilities and trust. In this VB Spotlight, security experts will dig into the current landscape, how to get ahead and stay ahead of cybercriminals and more.

What’s at stake when corporations don’t put strategies in place to protect their employees and customers? Everything, says Juan Rivera, senior solutions engineer at Telesign.

“From a regulatory standpoint, recently Meta was slapped with a $1.3 billion fine by the European Union for violating data privacy – and they were just used as an example for companies that cannot afford a $1.3 billion fine,” Rivera explains. “There’s financial loss, as well as potentially huge reputational loss when both customer and employee trust is damaged. Most companies don’t have the flexibility or luxury to manage these kinds of losses.”

In other words, it’s incredibly expensive on every side if corporations fail to put safety practices in place.

The fraud and identity theft landscape now

The most current cybercriminal schemes are not new at all — fraudsters have been using these tactics for years, but now they’re backed by generative AI. Phishing emails that trick victims into revealing login credentials or sensitive information are created with convincing ChatGPT scripts.

Data breaches that bypass safety checks are made possible by tricking generative AI into writing malicious code that reveals the chat history of active users, personally identifiable information like names, email addresses, payment addresses, and even the last four digits and expiration data of credit cards.

Criminals are also leveraging synthetic identities, similar to the way sales and marketing teams use data to create tailored user profiles in order to target the right prospects. With addresses, personal information and stolen credit cards, they can build new credit identities or log into an existing account with very real information.

On the password and credentials front, the pattern recognition abilities of AI can predict the passwords of users who have chosen fairly weak ones, while AI-powered chat bots and voice synthesis can impersonate individuals and organizations, such as a CEO reaching out to a low-level employee in a very convincing manner.

As AI becomes better at predicting human patterns, impersonating humans and sounding more like humans, it’ll be used more to trick both employees and consumers alike. These messages are convincing because they understand the behavior of specific people, and can predict how they’d act with their employees. And the danger is imminent, Rivera says.

“Statistically speaking, the chances of these events happening are 100 percent,” he explains. “They’re already happening. AI is raising the stakes, enabling fraudsters to scale up these attacks faster, better and more convincingly.”

Protecting and securing data and identities

There are both mandated security standards necessary to adhere to, required by law, but also a whole host of considerations that are simply just practical. That includes going beyond two-factor identification (2FA) because it’s no longer a strong enough standard — multi-factor authentication is necessary today. That means an additional layer beyond just a standard PIN code. It might be low friction and common enough today that users never balk, but it’s no longer enough. It could mean something more sophisticated, such as biometrics, or requiring additional information to validate your identity, like a piece of physical identification a user is in possession of — a document, a license, an ID and so on.

There are other advanced identification protocols that aren’t customer-facing, but live behind the scenes. For example, Telesign uses phone identity APIs to gain insight into a user that’s trying to create an account or log in to an existing account. It leverages telco data from a user’s provider to match the information a user is providing with information on record.

“It’s the ability to combine data points like phone number, email address, even the originating IP of the user profile, to tell you whether a user is suspicious,” Rivera explains. “These data points become a scorecard to measure the likelihood of a genuine access account or an attempt at fraud. Suspicious behavior triggers a response, and it’s low- to no-friction protection because it happens in milliseconds on the back end.”

With a low-friction approach at the top of the funnel, the approach to any suspicious actors or behavior can be reinforced with additional friction — requesting multi-factor identification, for example, such as an email to the address on record asking the consumer to call to validate a sign-in attempt.

Beyond tech: Why the human element is crucial

The technical side of security is the foundation of safety, but ongoing employee training and education around security best practices is absolutely critical to mitigate threats, Rivera says. This can include sharing with employees a suspicious email that’s come through and noting the features that give it away, or making sure passwords are changed frequently and software updates are applied diligently.

But security awareness needs to extend beyond businesses and employees; companies should engage with customers on a regular basis to raise knowledge and awareness. It not only adds another layer of safety, but it bolsters optics, Rivera points out, so that a company is now seen as caring for the customer base enough to continually educate them on evolving threats in the digital space.

“I don’t think we see this enough,” he says. “We don’t see the Amazons of the world reaching out on a regular basis and saying, ‘Hey, we understand that you’re shopping online more. We want to make sure you understand how to stay safe.’ We need to start making education an industry standard, because fraudsters don’t sleep.”

Link: https://venturebeat.com/security/the-next-wave-of-cyber-threats-defending-your-company-against-cybercriminals-empowered-by-generative-ai/?utm_source=pocket_saves

Source: https://venturebeat.com

The post The next wave of cyber threats: Defending your company against cybercriminals empowered by generative AI appeared first on Fintech News.

Biometrics integrations look to the future of account access, money, and digital ID

Horacio — Tue, 24 Oct 2023 06:50:57 +0000

By Chris Burt

Biometrics and digital identity document contracts continue to generate millions for companies like IBM, Augentic and IN Groupe in major news items on Biometric Update this week. Many of the most widely read stories involved updates to integrate innovative technologies. Worldcoin’s crypto is out and drawing strong reactions, passkeys were launched by 1Password and Microsoft, and NIST is adding a section to its digital ID guidance to incorporate new credentials.

Top biometrics news of the week

IBM has won a major contract worth $84.4 million with the UK government to help build a platform for immigration and law enforcement authorities to match fingerprint and face biometrics. The tender is part of a Home Office program expected to cost $1.7 billion. IBM’s role will include bringing together biometric data from the immigration and asylum, passport, settlement and other databases.

A contract has been won by Augentic and IN Groupe to produce identity documents for Kosovo. The deal also includes identity management system and IT infrastructure upgrades, and is worth around $13.5 million. Meanwhile local reports suggest previous ID document supplier Veridos has been accused of customs evasion, but the company tells Biometric Update the matter boils down to a simple declaration error made by a subcontractor.

The drumbeat of passkey rollouts continues. 1Password has launched a private beta test for iOS and iPadOS allowing people to access accounts with biometrics instead of passwords. Microsoft has built passkeys into Hello for Business on Windows 11 for passwordless access by enterprise customers.

Ghana is integrating its birth registration and digital ID systems to issue both for newborns at the same time. Parents will be given Ghana Cards for their babies, who are expected to enroll their biometrics to update the IDs when they reach 18 years old, through the integration of national health and civil registration databases.

The crypto long associated with Worldcoin is being distributed, with 25 tokens (worth about 36 cents, altogether as of mid-Friday) for every person registering their iris biometrics to create a verified World ID. Some privacy advocates have attacked the company, but it says they are mischaracterizing how it works and what data is collected.

Hikvision is being accused of persisting in selling its software and cameras for ethnic minority-detection surveillance to local government authorities in China. The deployment allegedly uses Nvidia chips, though the semiconductor maker says it did not sell them in the country or for that purpose.

NIST has been engaging with the international digital identity and cybersecurity communities to update them on version two of its cybersecurity framework. Meetings have taken place with officials from the EU, Mexico and other countries throughout the first half of the year.

NIST is also in the process of updating its Digital Identity Guidelines, a process which reached the point of holding an event this week to present the changes being considered. Those changes include a new section covering innovations influencing digital ID, like Verifiable Credentials and mDLs. Watch for further coverage of the changes and this event in the week ahead.

OIX has announced OpenID Chair Nat Sakimura and Future Laboratory Strategy Director Louise French as keynote speakers for #IdentityTrust2023. Also presenting is a speaker from the UK Department of Science, Innovation and Technology.

“Digital ID is fast becoming the primary route to accessing public and private sector services across the globe,” OIX Chief Identity Strategist Nick Mothershaw points out. His goal is for the event to help organizations accept digital ID with confidence.

A feature interview with MOSIP’s Sanjith Sundaram and Nagarajan Santhanam explores the organization’s partner ecosystem and how it fits within the organization’s philosophy, and the overall digital ID for all movement. The platform is built and lessons from real-world implementations are rolling in. The ecosystem is maturing and engagement with MOSIP’s next region has already begun.

HID Global is part of MOSIP’s partner ecosystem, and trumpets the confirmed compliance of its tenprint fingerprint scanners in a recent announcement.

Onfido is now providing DocuSign with liveness detection with video selfie biometrics, and IDScan.net has signed up a mobile banking as a customer, while Microsoft is attempting to push further into the face biometrics onboarding market.

A corruption scandal has erupted in Thailand over a contract for airport biometrics. Several senior officials including a former national police chief are alleged to have extended a deadline improperly, and possibly even attempted to assassinate another official who tried to intervene.

An analysis of the metaverse’s hypothetical social implications is provided in a white paper from the WEF and Accenture, as the business world attempts to comes to grips with a concept seen by some as tremendously disruptive. Will deliver provide ID to those without? Increase biometric surveillance? Improve KYC? Don’t hold your breath.

Link: https://www.biometricupdate.com/202307/biometrics-integrations-look-to-the-future-of-account-access-money-and-digital-id?utm_source=pocket_saves

Source: https://www.biometricupdate.com

The post Biometrics integrations look to the future of account access, money, and digital ID appeared first on Fintech News.

2023 fraud trends to know and prevent

Horacio — Mon, 18 Sep 2023 12:33:47 +0000

By Sarah Hunter-Lascoskie on July 20, 2023

In 2022, the FBI received 800,944 reported complaints that exceeded $10.3 billion in fraud losses for businesses’ critical infrastructure and data. Not only is technology getting faster and more sophisticated, but so are cybercriminals.

Tap in to learn more about emerging fraud trends to be aware of, the types of fraud to prevent, what it will cost if you take no action and how to effectively implement fraud prevention techniques and tools.

Fraud Trends and the Influx of AI

Online identity theft and data hacking has been an issue since the internet first began. Let’s dive in.

Leveraging AI and Machine Learning to PERFORM FRAUD

ChatGPT is one of the most prominent generative AI technologies that has everyone talking, with other programs like Dubbed GPT-3.5 (an extension of ChatGPT) and MidJourney offering services such as language prediction and image generation, respectively.

For example, ChatGPT has been documented to hire real-life people to solve CAPTCHAs for what is known as “power-seeking behavior.” Meanwhile, fraudsters are using MidJourney to generate deep fakes that mimic real people to perform authentications that require facial recognition.

Leveraging AI and Machine Learning to DETECT FRAUD

Manually checking for fraudulent activity — especially when it comes to identity verification — is prone to human error and can take time and valuable resources. Machine Learning (ML) and AI create models using historical data to train and detect abnormalities and trends. While this technology is being used to create fraud, it can also be used to prevent it and detect it more accurately.

Types of fraud

No matter what type of scam is being committed, the ultimate goal is to steal resources, money and data. To do so, fraudsters execute one of three types of fraud: first-, second- and third-party.

First-party fraud has to do with individuals who falsely identify themselves by providing incorrect information. This is commonly seen in loan or credit card applications so the perpetrator can get better rates. It’s also a tactic used in insurance claims.

Second-party fraud is also known as friendly fraud, and is committed when someone willingly gives their information to someone else to use. Fraudsters have begun to use this type of online payment fraud by gaining the trust of a victim to send them money.

Third-party fraud is most commonly associated with identity theft and bank fraud schemes. It occurs when cyber criminal steals someone else’s information to take over their bank account, social media, etc. This most commonly happens in online banking systems or loan stacking. When a hacker commits application fraud, they apply to several loans at once using someone else’s information.

With these distinctions in mind, here are a few more specific examples of fraud that are on the rise.

Synthetic fraud

Committing synthetic financial fraud begins when a criminal steals or illegally purchases someone’s real social security number and develops other falsified information like a name and date of birth for a brand new identity. This is done when a criminal steals someone’s SSN or buys it off of the dark web. It could be used for bank fraud, fake IDs, etc.

Account takeover

Account takeover (ATO) is a type of fraud that can seriously hurt the security of both customers and businesses. It happens when an innocent person downloads malicious software or clicks on hostile links, giving hijackers the authority to steal personal information. Once they’re in, they’ll take hold of vulnerable account information to seek profit, disrupt services or create fraudulent transactions.

SIM Swap Fraud

SIM Swap Fraud, also known as SIM card swapping or SIM hijacking, is a type of fraudulent activity in which scammers take control of a victim’s mobile phone number. The scammer gathers personal information about the victim, often through social engineering, phishing, or data breaches, and contacts the mobile carrier, posing as the victim and pretending their SIM card is lost or damaged. Once the new SIM card is activated, they can take over the phone to send and receive calls and text messages, reset passwords and access the victim’s accounts.

Card not present fraud

Today, you can buy something without ever having to pull out cash or a card. You can make a purchase with the tap of your watch, smartphone, or automatic fill-in. Without the right equipment, however, fraudsters could steal your card information to buy something online or over the phone.

Banks are implementing real-time risk management to stop fraud

Fraud risk compliance enforced by the U.S. Government is becoming more robust and has put a strain on the banking industry. LexisNexis found that 59% of mid to large banks’ new customer acquisition was negatively impacted due to compliance onboarding delays.

To keep up with compliance, real-time risk management allows businesses in any industry to monitor a customer’s journey in search of a high-risk and suspicious fraudulent transaction within digital banking.

With persistent risk scoring, a customer could be red-flagged and prevented from entering an online ecosystem.

Identity authentication is a must

All these trends and fraud types need robust identity verification solutions that support user experience (UX) while preventing fraud scams.Customer loyalty is vital for any business, and reducing friction can support healthy UX. Striking that balance between fraud prevention and maintaining customer satisfaction is a task organizations can master with the right strategy and tools. Identity verification by AuthenticID has the perfect solution to help. Our AI-driven technology is backed by the latest fraud prevention methods to help protect our customers and their clients.

Link: https://securityboulevard.com/2023/07/2023-fraud-trends-to-know-and-prevent/?utm_source=pocket_saves

Source: https://securityboulevard.com

The post 2023 fraud trends to know and prevent appeared first on Fintech News.

2023 predictions: authentication, digital identity, and in-car payments

Horacio — Mon, 03 Apr 2023 12:00:46 +0000

By Rafael Lourenco

Improving the subscription billing process isn’t necessarily complicated, and it can help retain customers and perhaps allow your brand to charge a premium for a better experience. Here’s how to audit, test, secure, and improve your subscription billing and payment options to retain existing customers and attract new ones, even as households tighten their budgets.

Give Subscribers As Much Control Over Their Payments As Possible

Consumers are used to personalized product recommendations, and personalization is often one of the reasons they choose a particular subscription. To usher those customers through signup and checkout—and to keep them as subscribers—the payment process needs to cater to their individual preferences as well.

The simplest way to do this is to accept a range of payment methods, and especially to accept digital wallet payments. Now, more than 70% of customers prefer to use digital wallets instead of credit cards some or all of the time when they buy online. That statistic comes from ClearSale’s 2021 five-country survey of 5,000 ecommerce consumers over the age of 18. Another finding from the survey is that only 28% of consumers always have their credit cards within reach while they shop online, which underlines the importance of digital wallet options that store and protect card data, such as PayPal, Google Pay, Apple Pay, and Amazon Pay.

Giving subscribers the payment methods they prefer is the first step to reducing billing friction. The next is to explore other options for payment customization. This lets them manage their cash flow better, so they don’t have to worry about covering their subscription bills.

Subscribers also reported an interest in splitting payments among multiple people—a feature that payment apps like Venmo have trained consumers to expect. For example, a streaming video subscription that’s shared among roommates might be split between them, instead of having one person pay the entire bill and wait for their roommates to reimburse them.

Show Subscribers That Their Payment Data Is Secure

Digital wallets are one way to reassure subscribers who are concerned about data security, because their card numbers are shielded from the retailer. However, retailers and ecommerce businesses can do more to demonstrate their commitment to security. Nearly half (49%) of consumers say the possibility of scams deters them from doing more of their shopping online, and 38% say they’re deterred by concerns about website security, according to our research.

Often, ecommerce sites avoid mentioning security because they don’t want to raise the possibility of fraud in customers’ minds, but 88% of consumers in the survey also said they feel more secure shopping on websites that clearly state their fraud prevention and data privacy tools. Adding the badges or logos of the tools you use, especially on the checkout pages, can increase signups and loyalty.

Take Steps To Prevent False Declines for Your Subscribers and Reduce Billing Friction

Recurring payments like subscriptions can be vulnerable to account takeover fraud, and they can have false decline rates around 20%. Both fraud and false declines disrupt the customer experience and can cause churn.

Reducing declines for subscription payments while preventing fraud requires screening of each month’s payment, ideally with behavioral biometrics to see if there’s been a dramatic change in the user’s choices, shipping preferences, or activity on the site that might indicate account takeover. Flagged orders should be reviewed by an expert rather than automatically declined; that extra step can reduce false declines and ensure a friction-free payment experience for subscribers.

Make Account Management Simple and Transparent

After customers have subscribed, it’s also important to make it easy for them to see their account status and make changes when they need to, such as changing from one subscription tier to another. It should also be easy for subscribers to cancel or pause their subscriptions without having to contact customer service—although customer service should be easy to reach if subscribers have questions about their billing or account.

When your customers can pay for their subscriptions the way they prefer, trust that their data is protected, don’t experience fraud or false declines, and can self-manage their accounts, they’re more likely to stay with your service instead of shopping around for an alternative with easier billing experiences.

Link: https://www.paymentsjournal.com/retain-more-subscription-customers-by-reducing-billing-friction/

Source: https://www.paymentsjournal.com

The post 2023 predictions: authentication, digital identity, and in-car payments appeared first on Fintech News.

What Benefits Digital Signage Technology Can Bring to the Banking and Financial Institutions

H. — Wed, 21 Dec 2022 08:06:43 +0000

Banks and other financial institutions have been around for centuries, and for the most part, their means of communication with customers haven’t changed much. In the digital age, however, there are more ways to communicate with customers than ever before, and banks are starting to explore digital signage to reach their customers in new and innovative ways.

There are several benefits that digital signage can bring to banks and financial institutions. Some benefits include better engaging customers, providing more information in an easily consumable format, and creating a more personalized customer experience.

This article will examine how banks can use digital signage to improve their customer experience.

Overview of digital signage technology and the banking industry

Digital signage technology has been around for a few years and has slowly made its way into banking and financial institutions. It is a flexible solution for banking that every business should explore.

There are several benefits that digital signage can bring to these institutions. Firstly, digital signage can help with branding and marketing efforts. With the right content, digital signage can help create a positive image for the bank or financial institution and promote its products and services.

Digital signage can also be used as a communication tool. Financial institutions can use it to broadcast messages to their customers, such as updates on account balances, new products and services, or special promotions.

Finally, digital signage can be used as an information hub. Customers can find information about the bank or financial institution, such as branch locations, opening hours, or contact information.

How digital signage can help improve customer experience

Regarding customer experience, banks and other financial institutions always look for ways to improve. They must find ways to make the customer feel comfortable and important, and digital signage can help.

Digital signage provides an opportunity to communicate with customers in a way that is personal and relevant. Financial institutions can use it to showcase their products and services and share important messages clearly and concisely.

It’s also an effective way to build brand awareness and create a positive image for the institution. Customers will see that the institution is modern and up-to-date and will be more likely to do business with them.

Enhancing the security of financial institutions with digital signage

Digital signage technology can help financial institutions improve the safety of their premises and operations. It can display important information and alerts to staff and customers. It can help ensure that everyone is aware of any security threats or risks and knows what to do in an emergency.

Improving operational efficiency with digital signage

In several ways, you can use digital signage to increase operational efficiency in your bank or financial institution.

Use digital signage to display up-to-the-minute exchange rates, so your staff can quickly and easily give your customers accurate information.
Use digital signage to display wait times for tellers and other services, so your customers can decide which line to join.
Use digital signage to run marketing campaigns and promote products and services to your customers while they are waiting in line.

Using digital signage technology, you can make your bank or financial institution more efficient and provide a better customer experience.

Cost savings and other advantages of using digital signage in banking

There are many advantages of using digital signage in banking. One of the main advantages is cost savings. With digital signage, you don’t have to print out paper signs and post them around the bank. You save a lot of money in the long run.

Another advantage of digital signage is that it’s very flexible. You can change the content on your digital signs anytime you want. It is very convenient if you need to make changes on short notice.

Digital signage is also very eye-catching. With its bright colors and dynamic content, digital signage can grab attention. It is ideal for banks that want to promote their products and services.

Digital signage technology has revolutionized the banking and financial industries, providing a more efficient and cost-effective approach to marketing, communication, and customer engagement. With its ability to provide a truly interactive experience, digital signage can transform how banking and financial institutions do business, offering a unique way to reach, engage, and serve their customers. By taking advantage of this innovative technology, banks and financial institutions can ensure their customers have the best possible experience while staying ahead of the competition. If you’re looking for a cost-effective and flexible solution, digital signage is worth considering.

The post What Benefits Digital Signage Technology Can Bring to the Banking and Financial Institutions appeared first on Fintech News.

The future of payments: Biometrics within the financial eco-system

Horacio — Mon, 14 Nov 2022 04:55:05 +0000

By Catharina Eklof

Today’s payment landscape

Enabled by huge advances in technology, our evolving payments landscape has accelerated on a global scale. Post Covid-19, there was a hastened and unprecedented shift toward digital payments and open banking. Yet, the pandemic spotlighted the need for robust consumer protections and quick adaptation to new technologies. While payments were previously centered around transferring funds, today’s companies are focused on reinventing the customer experience, easing the financial impact of globalization, and facilitating better online business management.

The demand for alternative payments means increased usage of cards, digital wallets, QR codes, Electronic Transfer of Money (ETF) payments, Real-Time Payments (RTP), and Buy Now, Pay Later (BNPL). Heightened transaction security has also led to the adoption of biometric smart cards. The global biometric smart card market size was valued at $74.4 million in 2021, while there are more than 1 billion access and ID cards with a Compound Annual Growth Rate (CAGR) of 10-20 percent. Additionally, 40 million payment locations are fully enabled for biometrics globally.

Fingerprints and other modes of biometrics have become an unparalleled means of authentication with the rise of contactless payments. Although the payments sector will continue to advance the processing cycle as seamlessly as possible, each solution will present its unique advantages and challenges. Several players are spearheading the adoption of the newly popularized, and scrutinized, method of payment authentication: fingerprint biometrics.

Decentralized banking and identity

Biometrics technology is countering the many security issues facing decentralized finance.

Blockchain and biometrics

Innovation in financial services is driving central banks to closely inspect digital currencies, their viability, and potential evolution. Consumers and businesses alike have embraced blockchain technology, despite growing concerns about sustainability and volatility. As digital currencies are becoming more widely adopted, financial institutions must understand the opportunities blockchain technology will create in terms of security, privacy, and integration with existing payment technologies. Combining blockchain with biometrics could provide solutions with desirable features such as immutability, accountability, and universal access.

Cryptocurrencies, such as Bitcoin and Ethereum, have been scrutinised by investors for years, only recently have national digital currencies been establishing a foothold in the global economy. China is the first country to adopt central bank digital currency (CBDC), with testing trials having launched in four Chinese cities in April 2022. E-Krona is also being prepared for launch in Sweden by 2023, and the Bahamas is trialing the Sand Dollar to access the unbanked parts of their population. The adoption of digital currencies will only encourage further innovation, exploration, and transparency in the payments industry.

Safeguarding digital assets

Digital currencies may aid with financial inclusion and create a more equitable society; however, the challenges are far and wide. These challenges are centered around security. Early cryptocurrency transfers required storage in ‘hot wallets.’ Hot wallets refer to devices such as a laptop or phone, connected to the internet. Though convenient, hot wallets are susceptible to hacking and fraud. Countering this issue, many adopters of crypto today use ‘cold wallets’ – external storage like a hard drive or USB stick.. These devices are safer; however, they are still flawed in countering security threats. By integrating fingerprint biometrics with cold wallets, users can access and control their crypto funds in a highly secure and authenticated way.

The world’s first next-generation Web3 biometric card is already considered for development by IDEX Biometrics and other partners. It includes cold storage, a digital asset wallet, and digital identification — and is EMV compliant. It represents a shift in data ownership as well as the viability of Blockchain.

Understanding biometrics technology

Biometrics and SCA

Confirmation of identity utilizing traits unique to individuals is proving to be the most dependable method of Strong Customer Authentication (SCA) in financial services. Some institutions opt for facial recognition, while others use voice or fingerprint detection. Each biometric technology has its benefits, disadvantages, and preferred use cases.

Consumer preference

Facial recognition has been especially complicated during and post-Covid, while the friction ridges of our fingerprints remain non-replicable. Moreover, the technology invested in developing secure and accurate fingerprint sensors is unparalleled within the biometrics arena. A recent study by Mastercard and Oxford University states that 77 percent of participating consumers consider facial recognition a secure system, rising to 93 percent who consider the use of fingerprints a secure biometric system.

Security and accuracy

Fingerprint recognition is a secure authentication method that provides quick access to devices. The encoded image of our unique fingerprint ridges cannot be replicated, providing high accuracy. Meanwhile, our fingerprint data can be stored on the sensory chip and not transferred to bank servers, providing high security.

Facial recognition remains one of the most popular methods of authentication. While its technology is accurate in facial detection, there are significant concerns around security. This technology’s main point of contention is using deepfakes and images to grant access.

Iris/retina authentication is highly secure, as iris patterns are unique for each individual. However, resistance from users and readability difficulties make this technology less practical.

Use cases and impact

Biometric sensors have a myriad of use cases. From payments to IDs, the use of biometrics enhances the consumer experience by leaps and bounds. With the rise of digital-first and open banking, biometric payments have allowed consumers to pay remotely and independently. The compliance and enrolment process are quick and convenient, and customers can transact without physical presence.

Enhanced digital healthcare

A patient-centric approach is being adopted across healthcare establishments, including enhanced security in accessing, storing, and relaying information. Integrating fingerprint biometrics in healthcare identification greatly impacts the user experience, providing consumers with greater trust in the organization, and streamlining the organization’s storage of data.

Secure & convenient banking

With biometric smart cards, you become your password. The process creates and saves a model that represents the user exclusively and confirms their identity when they request access or make a transaction. The impact of biometric smart cards is a more secure banking ecosystem. Fingerprints minimize the risk of deepfakes being used to access information fraudulently. It also allows for instant authorization and forgoes forgetfulness of PIN codes and passwords. This can be helpful for those living with Alzheimer’s and dementia.

Safe digital wallets

Digital wallets are not limited to payments. Users store e-tickets, public transportation cards, boarding passes, and cryptocurrencies. While private keys and passcodes are easily forgotten and stolen, fingerprint biometric authentication in digital wallets enhances security in a frictionless way. Users are also able to forgo the timely process of one-time passwords (OTPs) and multi-factor authentication (MFA).

Improved financial inclusivity

There are unique challenges to fostering financial inclusion. With biometric smart cards, those with literacy challenges, Alzheimer’s, dementia, impaired vision, and limited access to official documentation can access, store, and use their means of survival. The impact of biometric smart cards is a more financially equitable and included population. While financial inclusion is a multi-faceted issue, biometric smart cards can help solve a considerable proportion of the problem.

Payment trends and biometric smart cards

The global biometric smart card market size was valued at $74.4 million in 2021, and the growing demand for biometric authentication methods across end-users, including banking, retail, health, gaming, and security, is expected to support the long-term growth of the market. Users’ preference for alternative payment solutions means an increased need for secure and convenient authentication.

As user behavior changes, so do the standards for user protection. Fingerprint biometrics can provide near-instant authentication of payments and identity, making the consumers’ lives more convenient and providing them with more choices for confirming their identity. With definitive advantages to both users and issuers, biometric payment cards have the potential for exponential growth well-beyond 2022.

With the rise of data privacy concerns, biometric smart cards can securely store fingerprint data in the card’s chip without transferring data to bank servers. The biometric smart card’s highly secure and personal nature is critical for its continued success, as it mitigates concerns associated with facial recognition including fraud and deepfakes. With a more focused approach to financial inclusion, biometric payment cards are prioritized as leading solutions for the financially underserved. There are many opportunities to solve financial inclusion, including using biometrics with EMV cards to help make cards more widely accessible in areas with a high illiteracy rate.

Behavioral trends

Consumers’ day-to-day transactional activities are changing. Alipay in China and Apple Wallet in both Europe and the U.S. are examples of players who have shaped the way young consumers interact with payments. Sixty markets currently have a live RTP infrastructure, meaning that almost three-quarters of the world’s population (around 72 percent) can use instant payments. While card payments shifted to pass-through digital wallets, POS strongly recovered from the pandemic’s impact in 2021 with a 13 percent YoY market growth, surpassing 2019’s market size. The upward trajectory of POS and alternative payment solutions are meaningful in the context of biometric smart cards.

Link: https://www.biometricupdate.com/202211/the-future-of-payments-biometrics-within-the-financial-eco-system

Source: https://www.biometricupdate.com

The post The future of payments: Biometrics within the financial eco-system appeared first on Fintech News.

Can Google Wallet hold its own in competitive, highly regulated ID authentication landscape?

Horacio — Fri, 14 Oct 2022 14:33:44 +0000

Depending on the country they live in, Android users of the Google Pay app may have noticed a recent update replacing Google Pay with a new, multipurpose Google Wallet.

Per Google, the roll out of the wallet will impact users in close to 40 countries across Europe and Middle East including the U.K., France, Belgium, Ireland, Germany and the United Arab Emirates (UAE).

Beyond just a rebrand, the latest update expands Google Pay’s existing offering and enables users to not only make contactless payments, but store and use digital identity cards and health passes, hotel keys, event tickets and even store a digital copy of their COVID-19 vaccination card and test records. Users in Germany, the only country besides the U.S., can also add PayPal to their Google Wallet.

With this move, the U.S. search giant seems to be placing its bets on these technologies to turn its Google Wallet into a multipurpose identification super app, and hold its own against tough competition in the mobile wallet space.

Digital ID and Authentication

For as long as monetary systems have existed, they have relied on technology that allows people to identify and authenticate payments. Signatures, passwords, identification numbers and biometrics are all ways of verifying that someone is who they say they are and aren’t fraudulently spending other people’s money.

But authentication isn’t just a challenge for processing payments. Google Wallet is seeking to position itself as an authentication app that uses the same technologies that have become commonplace in making payments to enable people to access their workplaces, unlock their cars, prove their memberships, and even replace physical identity documents.

With dedicated APIs for each functionality and Google partners that specialize in each specific area, the new Google Wallet features are set to go mainstream in the coming months and years.

In the U.S. and Canada, on-phone ID solutions have already mostly replaced physical student cards at a number of universities thanks to Google technology.

And while digital car keys were pioneered by Apple and BMW last year, Google’s inevitable arrival on the scene marks the next stage in the technology’s evolution, with the potential to make physical car keys redundant in the same way that mobile wallets are increasingly replacing plastic debit and credit cards.

Finally, with countries around the world passing legislation to reduce their dependence on physical documents, digital IDs becoming mainstream may well be a question of when rather than if.

In Europe, while schemes like Norway’s BankID have seen widespread adoption, they have so far been limited to online authentication processes, and in the case of BankID, are only really useful for making payments.

What’s more, other countries have faced significant challenges, and although an EU-wide initiative is in the works, it may be years before a practically feasible pan-European digital ID goes into effect.

Yet Google’s ultimate goal of integrating digital IDs is perhaps the most ambitious aspect of Google Wallet. As Google engineers hinted in 2020, the ultimate prize for the platform is a generic authentication technology that would allow any identification scheme to be supported by the Google Wallet:

“[Android] APIs for managing and presenting identity documents [are] generic enough to be usable for other kinds of electronic documents, from school ID or bonus program club cards to passports,” they noted.

In the race to build a broadly applicable digital ID wallet, Google faces stiff competition from Apple, which already supports mobile driving licenses in Arizona and Maryland, with more U.S. states and territories committed to introducing the feature soon.

In the EU, there is the additional challenge that authorities are likely to block any move by Big Tech to gain too much influence in the emerging digital ID ecosystem. Instead, the European Commission has suggested that it will build its own mobile wallet to support the EU-wide digital ID expected to launch in the near future.

The idea of a mobile wallet that can be used for a range of identification purposes beyond making routine payments has certainly taken root, but what Google Wallet’s role will be in the evolving ID authentication landscape remains to be seen.

Link: https://www.pymnts.com/identity/2022/can-google-wallet-hold-its-own-in-competitive-highly-regulated-id-authentication-landscape/

Source: https://www.pymnts.com

The post Can Google Wallet hold its own in competitive, highly regulated ID authentication landscape? appeared first on Fintech News.