2022 was another year of seismic change in digital identity verification. Cyber attacks continued to evolve dramatically. Consumer demand for greater online protection against identity theft and other cybercrime increased. And private and public sector organizations around the world significantly accelerated identity verification programs aimed at increasing trust online and enabling consumers to prove that they are who they say they are securely but with ease.
2023 will see digital identity verification advance at an even faster pace, driven by innovation and regulation in finance, government, travel and countless other sectors. To give you some idea of what’s coming in biometric authentication, synthetic identity fraud, deepfakes, verifiable credentials and more, iProov has set out ten predictions for the year ahead.
1. Biometric + device will overtake password + device for two-factor authentication
The uptake of two-factor and multi-factor authentication will continue, but with a change. Password + device will transition to device + biometric as the preferred combination for maximum security and usability. Passwords and other knowledge-based techniques often fail to strike the right balance between security and user-friendliness. Inherence-based security (otherwise known as biometrics) can provide the necessary protection to make 2FA and MFA truly secure while also delivering an effortless user experience.
2. Synthetic identity fraud will break records
Synthetic identity fraud, where criminals create fake identities using disparate pieces of data to defraud governments and businesses of money, has exploded in many regions in 2022, even becoming its own industry. That is set to continue in 2023, with an estimated $2.42 billion in fraudulent funds being obtained in the U.S. alone next year. Nearly every organization is at risk of onboarding a fake person and the implications that come with that: financial loss, data theft, regulatory penalties, and more. Organizations will need to ramp up their online security to identify synthetic identity crime attacks.
3. Liveness checks become mandatory for online identity verification in financial services
New guidelines from the European Banking Authority will make it mandatory for regulated financial service providers in the EU to complete biometric liveness checks when remotely enrolling customers. As Europe tightens its security and sees a decrease in new account fraud, theft, and money-laundering, organizations and regulators in other markets will have to adapt similarly.
4. Governments will prevent travel chaos by enabling remote ID checks
The ‘border of the future’ will need to become the ‘border of today’ in 2023. Border agencies will move to have travelers complete advance document checks from their couches via smartphones, tablets, or computers, with kiosks available at travel hubs. Without pre-checks, the crunch of increased entry requirements in some regions with cuts in public sector spending will mean lengthier passenger processing times, with inevitable delays and citizen frustration.
5. Privacy-enhancing government-backed digital identity programs will pick up pace – and they’ll be interoperable
Consumers globally are realizing they don’t want to give their addresses and other personal data to every website or car rental firm or door-person outside a bar. As demand for secure identity services grows, more state and federal governments will begin to roll out interoperable digital ID programs that use verifiable credentials to enable citizens to cryptographically confirm details about themselves.
6. Deepfakes will become ubiquitous – and the next generation of digital attacks will take hold
The technology to create convincing deepfakes is now so readily available that even the least-resourced cyber attacker can do serious damage. Any organization that isn’t protecting its systems against deepfakes will need to do so as a matter of urgency. More sophisticated bad actors have already moved on to advanced methods, and in 2023 we’ll see a proliferation of face swaps and 3-D deepfakes being used to find security vulnerabilities and bypass the protocols of organizations around the world.
7. The Metaverse will see an explosion of identity theft and other cybercrime
Without safeguards to protect against identity theft and synthetic identity fraud, the Metaverse will become a crime distribution channel in 2023 – and it will target a younger demographic and organizations without adequate cyber security measures in place. Identity verification will be needed to prevent this, and biometrics will play a critical role in protecting true users while holding bad actors accountable for their online actions.
8. Verified identity will become a defensive tool for internet platforms
2023 will be highly significant for how internet platforms – in particular social media networks – are regulated across the EU, UK, and U.S. Greater liability for shared content and for recommendations driven by algorithms could be placed onto the provider – and if the provider is liable, they’ll need to get a firmer hold on who is creating the content. Identity verification offers the safeguards that are needed.
9. Device spoofing will grow exponentially
The increase in reliance on devices as a security factor has attracted the attention of cybercriminals, who are exploiting vulnerabilities for theft and other harm. In 2023, we will see an increase in the sophistication of criminals spoofing metadata to conceal their attacks (e.g., a laptop made to appear like a mobile device) in an effort to circumvent enterprise security protocols. In 2023, organizations – especially those that rely on mobile web – will recognize the limitations of once-trusted device data and move verification services to the cloud.
10. Public sector agencies can expect more regulation to protect critical infrastructure
Global economic and political unrest in 2022 has raised questions about vulnerabilities in public infrastructure. In 2023, public sector agencies at every level can expect to see greater regulation on how their systems are secured and protected against heavily resourced, highly sophisticated bad actors, both inside and out.
If you’re interested in knowing more about iProov’s technology, you can request a demo here.
