test
2024-8-20 04:0:52 Author: securityboulevard.com(查看原文) 阅读量:17 收藏

New AI technologies are advancing cyberattacks and wreaking havoc on traditional identity verification strategies. Hackers can now easily answer knowledge-based authentication (KBA) questions using stolen data or AI-generated responses. Even some biometric authentication tools can be fooled by deepfakes and synthetic voices.

In addition to advanced threats, information security (infosec) executives are facing scrutiny from customers and regulators — intensifying pressure to fortify fraud detection approaches against AI-enhanced attacks. For example, in the UK, banks now reimburse victims of Authorized Push Payment fraud, while U.S. tensions are rising between fraud victims and businesses reluctant to financially assist their users.

Amid customer and regulatory pressure and intensifying cyberattacks, organizations must ensure their identity verification strategies match up against AI-powered fraud techniques. While shifting away from traditional authentication methods and exploring modern identity verification solutions in today’s market, how can leaders know if their integrations will meet the needs of their organization and their customers?

In this article, we’ll explore the top considerations for security leaders and their teams when performing a competitive analysis of identity verification solutions. A competitive bake-off will rigorously evaluate the effectiveness of different solutions to determine which is the best fit for a business.

Choose the Right Ingredients for Identity Verification

Infosec leaders in the market for advanced identity verification providers will soon discover that not all solutions are created equal in terms of fraud detection and deterrence, compliance, and user experience. There are a few non-negotiable requirements to consider. At the most basic level, all solutions considered must be accurate, compliant and user-friendly. The only real way to know if a potential provider can match these requirements is to perform a competitive bake-off.

Claroty

Strategically Compare

Why waste time comparing apples and oranges? When performing a competitive bake-off, comparing similar solutions is key. For example, comparing an identity verification solution that only performs database pings to a fully baked identity proofing solution with liveness detection and advanced risk signals won’t yield useful results. This is because both solutions offer vastly different capabilities. Leaders must come prepared with a checklist of capabilities they’re looking for, and then compare solutions that offer a full spectrum of similar offerings.

Testing 1,2,3

Testing new solutions isn’t straightforward — it’s a comprehensive process with many factors to consider. A rigorous procedure ensures that the solution can address current needs while remaining adaptable to evolving business demands.

Ideally, tests should include representative data sets that reflect true production traffic, as this will lead to statistically significant results. Now, let’s zoom in on the key elements to put to the test:

  1. ID Testing: With fraudulent transactions typically constituting less than 1% of the total, it’s essential to test a substantial sample of legitimate IDs to evaluate solution providers’ accuracy in identification. However, some automated solutions often fall short, with many performing no better than a coin toss at correctly identifying legitimate IDs, potentially leading to unnecessary denials. Additionally, to address loopholes, testing should include expired IDs, as automated systems often miss the punched hole indicating expiration. Testing should also encompass older or different versions of IDs, international IDs and a variety of less common ID types from multiple countries. Testing commercial driver’s licenses, paper-based licenses and IDs in different languages can easily be overlooked. Notably, legitimate ID types are never entirely black and white, and detecting such IDs is a marker of accurate identity solutions.
  2. Circumstantial Testing: Not all vendors operate 24/7, which is why it is critical to conduct testing around the clock to avoid the potential for delays. Testing performance at different times, including during off-peak hours, is critical for guaranteeing consistent responsiveness irrespective of normal business hours. Additionally, simulating real-world conditions is key. This includes adding sample IDs and selfies taken under realistic circumstances, which involves capturing ID pictures with varying lighting conditions, blurriness, excessive glare or even IDs that are bent or folded. By testing under diverse conditions, businesses can optimize their identity verification systems to handle any situation effectively, enhancing overall reliability and user experience.
  3. Speed & Accuracy Testing: Testing the speed of manual reviews is crucial in evaluating the efficiency of identity verification systems. While many solutions excel at quickly extracting information from barcodes or machine-readable zones (MRZs) on IDs like driver’s licenses and passports, response times can drastically increase when transactions enter the gray zone requiring human review, sometimes taking hours or even days. It’s essential to monitor the frequency of uncertain results, as some solution providers classify many outcomes as suspect, necessitating manual intervention and potentially slowing down the overall review process. Additionally, it is critical to test the actual verification time against advertised service level agreements, as automated solutions may promise quick results but deliver slower responses in practice.

Through comprehensive testing, businesses can ensure they integrate efficient and reliable identity verification solutions, enhancing operational effectiveness and user satisfaction.

Audit for Accuracy & Transparency

Auditing the results of identity verification processes is crucial to assess whether the solution successfully detects fraudulent IDs while also accurately verifying legitimate users. Many solutions lack transparency, returning verifications without explanations for denials. Ensure that denied verifications come with a reason code, allowing users to understand why their verification failed. Seeking a solution that provides clear feedback to users is crucial to enabling them to address issues in real time.

By conducting thorough audits and prioritizing transparent feedback, businesses can refine their identity verification systems for enhanced security and user experience.

Mastering the Recipe for Robust Security

Amid rapidly advancing cyberattack methods, bolstering identity verification systems is critical. By implementing the best practices listed in this article, security teams will be better equipped to conduct a robust, accurate competitive bake-off that will help them defend against an evolving threat landscape and meet the demands of their customers. With the proper solutions in place, business leaders will provide a seamless, secure user experience and increase overall ROI on their investments.


文章来源: https://securityboulevard.com/2024/08/test-2/
如有侵权请联系:admin#unsafe.sh