Identity theft is spiraling out of control and it's becoming harder and harder to prove who you are on the internet.
Cyber criminals are advancing their techniques and aiming at cyber identity vulnerabilities to cash out by stealing personal data to sell at profit, on the dark net.
And it's not exactly nuclear physics, all the hackers need to do is gain your name, login, e-mail address to avoid detection and pass themselves off as the user. This has propelled cyber security firms to double their efforts in upping the stakes for user identity technology, with multi-factor authentication methods, requiring passwords and fingerprints to take users to the next level of protection.
The updates keep on coming and so do the startups, in pilot stages right now is 'CognitiveID' (looking for Investor cash according to Calcalist) which allows apps to identify the user by nuances in their psychological profile.
By learning over 700 parameters of a user's behavior, CognitiveID developed a technology which identifies a user through their cognitive, physiological and psychological traits.
[Cyberhub Summit is Coming back to Atlanta, Ga | October 9-10, 2018 - Cyber Security education for executives and business owners and Powerful Networking. | Get the latest from Cyberhub Summit by signing up for their newsletters. ]
CognitiveID builds a profile of the user to notice unusual or uncharacteristic behavior akin to a forensic psychological interrogation. These parameters include the way users' type, navigate or hold a device, areas of interest, times of device use.
This may provide that extra layer of protection we have all been looking for, but it sounds a little intrusive right, as individuals we are more and more under the microscope.
It is also somewhat terrifying if that information was stolen and 'repurposed' for marketing objectives.
Imagine if marketing firms could predict your next thought, action or incentive to buy?
Less intrusive to the user, but deeply invasive to the device is device profiling.
Device identification or device profiling, relies on the digital fingerprint your IP leaves and has probably been used by your bank and ecommerce merchant. Your Computer ID has the ability to protect the online consumer and the website where the transaction is taking place. Typical questions asked at the purchasing site are:
- Is this a repeat device at our site?
- Have other sites interacted with this device and was there any untoward actions?
- Are there inconsistencies in the transactional data?
- What behavior can we observe from this device that sheds light on risk (multiple credit card use /botnet / proxy server)?
For online businesses device profiling could be a great solution to mitigate risk and provide valuable data, as not only can it reveal potential frauds but is less disruptive to the customer journey.
Users aren’t requested to re-identify themselves several times over, or in potentially annoying ways that may disturb the consumer enough that they chose not to purchase.
This isn’t only applicable in eccommerce, think about online dating? With device profiling, a user could know that the IP location is where the user says it is, for example.
The potential issue lies yet again with marketing, where storage of data becomes a threat to privacy. As consumers we don’t mind being protected through online identification, but as individuals we don’t wish to be marketed to with the same data.
How will our computers data be secured; how will we prevent it being stolen or lost?
Both Cognitive identification processes and Device profiling are useful tools in authentication detection, but they both hold the drawback of being overly intrusive and thus a threat to our details if exposed, stolen or hacked.