Cyberattacks: 2023’s Greatest Risk to Financial Services
New year, same big problem. Without doubt, cyberattacks have posed and continue to pose the single biggest threat to the UK’s financial services industry
by Miguel Traquina, Chief Information Officer at iProov
Three in four industry execs in the UK deem a cyberattack to be their highest risk factor and, as the economy enters choppier waters, this threat is rising, with those expecting a high-impact cyberattack in the next three years rising by 26% in the second half of 2022 versus the first.
2022 has been another year of seismic change in the cybercrime space. Types of attacks are evolving rapidly, and consumer awareness is growing. Now, more than ever, we’re starting to see huge end-user demand for greater online protection from identity theft and other online threats.
Public and private sector organisations around the world are responding by exto increase digital trust and enables with the goal of increasing digital trust and enabling their customers to prove they are who they claim to be securely and easily.
The pace of advancements in digital identity verification will only accelerate more in the coming year, especially in a high-value and highly sensitive industry like financial services, with more innovation and regulation on the horizon. As we welcome 2023, here are my top four predictions for the year ahead.
Biometrics + device will overtake password + device for 2FA
Calling out the ineffectiveness of passwords as an authentication method isn’t new, but what will be new next year is that finally this stubborn, outdated mode of authentication will be overtaken by the use of biometrics in twThroughout-factor (2FA and MFA) use cases.
Over the course of 2023, password + device will be replaced by biometric + device.
The uptake of MFA has been steadily rising in recent years, especially since the enactment of PSD2 for electronic payment services in Europe. While passwords are technically compliant as a strong authentication factor, they and other knowledge-based techniques leave a lot to be desired when it comes to security and user-friendliness. Biometrics and other inherence-based security hit the perfect balance between providing the necessary protection to make 2FA and MFA truly secure while also delivering an effortless user experience.
Liveness checks become mandatory for online identity verification in financial services
Speaking of regulation, 2023 will also see the European Banking Authority mandate all regulated financial service providers in the EU complete biometric liveness checks when remotely enrolling customers. These new guidelines will help ease new account of theft, and money laundering. What we’ll also see is consumers feeling more comfortable with, and demanding more, biometric verification at other points of their user journey.
As this becomes mandatory for financial services in Europe, attackers will turn their attention elsewhere – which will require the UK and other regions to follow suit.
Synthetic identity fraud will break records
Synthetic identity fraud exploded in many regions in 2022, even becoming its own industry. That is set to continue in 2023, with Aite Group estimating $2.43bn of losses from synthetic identity fraud this year. Nearly every organisation is at risk of onboarding a fake person and the implications that come with that: financial loss, data theft, regulatory penalties, and more. Organisations throughout the financial services world will need to ramp up their online security to identify synthetic identity crime attacks.
Deepfakes become ubiquitous as the next generation of digital attacks
The technology to create convincing deepfakes is now so readily available that even the novice cyberattacker can do serious damage.
Any financial services organisation that isn’t protecting its systems against deepfakes will need to do so as a matter of urgency. More sophisticated bad actors have already moved on to advanced methods, and in 2023 we’ll see a proliferation of face swaps and 3-D deepfakes being used to find security vulnerabilities and bypass the protocols of organisations around the world.
Privacy-enhancing government-backed digital identity programs will pick up pace – and they’ll be interoperable
Consumers globally are realising they don’t want to give their addresses and other personal data to every website or car rental firm or door-person outside a bar. As demand for secure identity services grows, more state and federal governments will begin to roll out interoperable digital ID programs that use verifiable credentials to enable citizens to cryptographically confirm details about themselves.
Device spoofing will grow exponentially
The increase in reliance on devices as a security factor has attracted the attention of cybercriminals, who are exploiting vulnerabilities for theft and other harm. In 2023, we will see an increase in the sophistication of criminals spoofing metadata to conceal their attract top made to appear like a mobile device) to circumvent enterprise security protocols. In 2023, organizations – especially those that rely on mobile web – will recognize the limitations of once-trusted device data and move verification services to the cloud.
