Artificial intelligence has long been a transformative force across industries, reshaping everything from customer experiences to operational efficiency. But alongside the benefits comes a darker reality: AI-driven fraud committed by actors adopting and exploiting the latest technologies and techniques.
In a recent panel discussion, I connected with industry leaders to examine how businesses can adapt their fraud prevention and identity strategies in light of these challenges, and what actions they can take today to protect users and revenue indefinitely.
Biometrics vs. Traditional Authentication: Why the Stakes are Higher Than Ever
One of the most prominent discussions during the panel was the role of biometrics in authentication. As the use of facial recognition, fingerprints, and voiceprints becomes more widespread, the question arises: is it enough to stay ahead of an ever-growing contingent of fraudsters?
The discussion zeroed in on the inherent differences between biometrics and traditional authentication methods such as passwords. Unlike passwords, biometrics are unique to each individual and are generally considered more secure because they are harder to replicate. However, with AI advancing at an unprecedented pace, this uniqueness is no longer an impenetrable defense. Deepfakes, for example, are eroding the effectiveness of biometrics by enabling bad actors to simulate a person’s voice or likeness with astonishing accuracy.
The National Institute of Standards and Technology (NIST) has long recognized the potential benefits and risks of biometrics. Eve Maler, president and founder of Venn Factory, highlighted how NIST guidelines address the unique challenges of using biometrics, noting that AI-driven attacks such as deepfakes require new layers of security. One key takeaway from the panel was that relying solely on biometrics is no longer sufficient in today’s environment. Businesses must integrate biometrics with other forms of authentication to create a multi-layered security approach.
AI’s Disruptive Impact on Biometrics
The rapid evolution of AI presents new hurdles for biometrics adoption. AI has fundamentally disrupted biometrics by enabling the creation of synthetic identities—fake personas that can pass as legitimate. Voice-based biometric systems, for instance, are particularly vulnerable to attacks using AI-generated voice replicas.
The session brought to light some alarming examples of how AI is already being weaponized. From finance workers being duped by deepfake CEOs to telecom companies transmitting fraudulent robocalls, the threats are real and growing. Loren Russen, VP of Product Management at Ping Identity, stressed the need for businesses to stay vigilant and continually evolve their fraud detection capabilities to combat these increasingly sophisticated attacks.
Pairing Biometrics with Multi-Factor Authentication: A Stronger Defense
Given the vulnerabilities inherent in relying solely on biometrics, one of the resulting recommendations was to pair biometric authentication with multi-factor authentication (MFA). By combining biometrics with other forms of authentication, such as passkeys or verifiable credentials, businesses can enhance their security posture.
Verifiable credentials, in particular, were identified as a powerful tool for strengthening authentication. Russen highlighted the value of using these credentials to create a more secure and verifiable digital identity. He also pointed out the potential for further innovation in this area, such as expanding decentralized credential issuance and orchestrating multiple signals to create a more robust authentication process.
Living in a Low-Trust Digital World
Trust is an increasingly rare commodity online. The proliferation of deepfakes and other AI-driven threats has made it harder for businesses to maintain trust with their customers. But, businesses need to balance a focus on fraud with adapting to the broader low-trust environment.
One practical strategy is to use behavioral biometrics as a fourth “half factor” in authentication. Unlike traditional biometrics, which rely on static characteristics such as fingerprints or facial recognition, behavioral biometrics analyze patterns of behavior—how a user interacts with their device, for example. This creates a dynamic layer of security that is much harder for fraudsters to mimic. By pairing behavioral biometrics with other forms of authentication, businesses can create a more secure environment that is resilient to AI-driven threats.
Beyond the Security Arms Race: Innovating to Stay Ahead
Perhaps the most significant takeaway from the panel was the need to innovate beyond the traditional security arms race, while still upholding the context and ingenuity that can currently only come from human experts. Bots battling bots for incremental gains won’t cut it—AI-driven fraud is evolving so quickly that incremental or single-issue improvements in fraud detection will always lag behind.
Instead, businesses must explore new and innovative approaches to security. One example is leveraging decentralized identity solutions such as verifiable credentials to create a more trustworthy digital ecosystem. Russen suggested that combining decentralized credentials with proof-of-personhood technologies could offer a new frontier in fraud prevention. By verifying a person’s identity at the OS, device, or browser level, businesses can add a powerful layer of security that is less vulnerable to AI-driven threats.
Another innovative approach is the use of orchestration. Orchestration involves coordinating multiple signals—biometrics, behavior, and environmental factors—to create a more comprehensive picture of a user’s identity and risk profile. This enables businesses to make more informed decisions about whether to trust a user, even in the face of AI-driven fraud attempts.
The Role of Security Communities and Data-Sharing Networks
As AI-driven fraud becomes more sophisticated, it is becoming clear that no single business or organization can tackle this problem alone. Eve Maler stressed the importance of collaboration within the security community. By sharing data and insights across organizations, businesses can better understand the evolving threat landscape and develop more effective defenses.
One example of this is the Shared Signals Framework (SSF), a collaborative initiative designed to facilitate the sharing of threat intelligence between organizations. By participating in networks like SSF, businesses can gain access to real-time information about emerging threats and respond more quickly and effectively.
Agility and Contextual Sensitivity
Agility is core to success—businesses must be able to adapt quickly to new threats and adjust their security strategies in real-time. This requires not only investing in the right technologies but also fostering a culture of agility within the organization.
Contextual sensitivity is another important factor. Fraud detection systems must be able to recognize the context in which a user is operating and adjust their risk assessments accordingly. For example, if a user’s behavior deviates from their usual patterns, the system should flag this as a potential risk. By incorporating context into their decision-making processes, businesses can improve their ability to detect and prevent AI-driven fraud.
Fraud Ops at Scale: A Marathon, Not a Sprint
Winning the race against AI-driven fraud is not something that can happen overnight. But online threats are evolving too quickly to stick to static solutions. The future of fraud prevention lies in harnessing the power of AI to outsmart AI-driven attacks. By combining biometrics, behavioral analysis, verifiable credentials, and other innovative approaches, businesses can build a more resilient defense against the threats of today and tomorrow.
Together, we can create a digital world where everyone trusts the internet.
Dig into more recent fraud trends with our Q3 2024 Digital Trust Index report, Beyond the Breach: Account Takeover Data & Insights.
