The famous 1993 New Yorker cartoon by Peter Steiner depicting a dog at a computer saying “on the internet, nobody knows you’re a dog” is still the critical problem with the internet today. However, technology is evolving in a way that should remediate the problem.
This Payment Source article identifies the cause and the scale of the damage, but it does not offer the solution. Mercator has researched potential solutions and published multiple reports exploring the topic. For those interested, you can view these here, here, here, and here. Even though the Payment Source article does not provide solutions, it is still worth reading:
“The biggest threat to consumer’s digital identities is the ever-growing personal information available through data breaches.
Since 2013, attackers have exposed 14 billion records that are often used for account takeover or new account fraud. Additionally, creative fraudsters can leverage legitimate account information to generate fake or synthetic accounts that blend in with legitimate users.
These attacks constitute a major threat to both consumers and organizations that rely on the internet to do business. The attackers bypass many traditional security barriers that, ironically, organizations use to mitigate risk. This year has seen an increase in targeted intrusions for financial gains. Attackers focus on testing the resilience of organizations by layering attacks, updating techniques with additional sophistication, establishing relationships with other attackers, and sharing tools to better disguise their individual identities. Bad actors are invisible for traditional security tools and consumers turn out to be the ones impacted by those security tools experiencing friction.
Consumer trust is at the core of delivering a service over the internet. That trust is hard to win and easy to lose – eroding daily as attackers achieve success with fraudulent transactions.
Static authentication is broken, making regulations and standards move towards improved controls.”
Networks have begun to aggregate user and device fingerprints that can deliver a reputation score the instant a user lands on a home page. This doesn’t deliver a trusted internet but can significantly increase defenses against bots and bad actors.
Account access can be protected today using biometrics in smartphones, and a failure to adopt this technology puts merchants at greater risk. Lastly, the W3C in combination with Cisco, IBM, Microsoft, Mastercard and others are developing architectures and technology that can add a layer of trust to the internet.
The goal is to enable individuals to validate their identity using existing government and corporate relationships as trust anchors. One operating example of this is the provincial governments of British Columbia and Ontario as they have implemented a self-sovereign identity solution called the Verifiable Organizations Network (VON). The vision is to create a layer on top of the internet that enables trust between those who wish to participate. VON is discussed in detail in the Mercator Report “Distributed and Self-Sovereign Identity Solutions: Part 1, Technology Overview”.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group