INSUBCONTINENT EXCLUSIVE:
Image copyrightGetty ImagesIsabelle, an actor based in London, had her identity stolen in 2017
"I got home one day and found my post box had been broken into," she says."I had two new credit cards approved which I hadn't applied for,
trying to track down cards issued in her name."It's a huge amount of work and money", says Isabelle, who asked for her last name to be
withheld.Identity theft is at an all-time high in the UK
The UK's fraud prevention service CIFAS recorded 190,000 cases in the past year, as our increasingly digitised lives make it easier than
ever for fraudsters to get their hands on our personal information
So how should we keep our identities secure online? The first line of defence is, more often than not, a password.But these have been in the
news lately for all the wrong reasons
Facebook admitted in April that the passwords of millions of Instagram users had been leaked.Late last year, question-and-answer website
Quora was hacked with the names and email addresses of 100 million users compromised
And Yahoo! recently settled a lawsuit over the loss of data belonging to 3 billion users, including email addresses, security questions and
Image copyrightGetty ImagesImage caption
Microsoft is moving toward password-free products
No wonder
that Microsoft announced last year that the company planned to kill off the password, using biometrics or a special security key.IT research
firm Gartner predicts that by 2022, 60% of large businesses and almost all medium-sized companies will have cut their dependence on
passwords by half."Passwords are the easiest approach for attackers," says Jason Tooley, chief revenue officer at Veridium, which provides a
biometric authentication service."People tend to use passwords that are easy to remember and therefore easy to compromise."Not only would
getting rid of passwords improve security, it would also mean IT departments would not have to spend valuable time and money resetting
productivity," says Mr Tooley."In a large organisation that's a really significant cost." More Technology of BusinessPhilip Black is
commercial director at Post-Quantum, a company designing powerful encryption systems for protecting data.He agrees that passwords are
"You have to create and manage so many passwords
That's unmanageable, so people end up using the same passwords, and they become a vulnerability." New rules laid down by the EU are designed
The updated Payment Services Directive, known as PSD2 , require businesses to use at least two factors when authenticating a customer's
identity.These can be something the customer has in their possession (such as a bank card), something they know (such as a PIN), or
something they are, which includes biometrics
Image copyrightGetty ImagesImage caption
Natwest is trialling debit cards with fingerprint scanners
Overlooked in the past in favour of tokens, passwords, and codes sent by SMS, interest in biometrics is growing
According to the 2019 KPMG International Global Banking Fraud Survey, 67% of banks have invested in physical biometrics such as fingerprint,
voice pattern and face recognition.This year, NatWest began trialling debit cards with a fingerprint scanner built directly into the card
Biometrics offer a more frictionless consumer experience, but has been held back by the need for specialised equipment
With the latest smartphones, many of us now carry the necessary hardware in our pockets
Research by Deloitte has found that a fifth of UK residents own a smartphone capable of scanning fingerprints, and that number is rising
Yet just as our personal data is vulnerable to thieves, biometric information can also be stolen
In September, Chinese researchers at a cybersecurity conference in Shanghai showed it was possible to capture someone's fingerprints from a
photo taken from several metres away.If you think resetting your password is difficult, try changing your fingerprints
To boost security, companies are increasingly relying on multiple factor authentication (MFA) which seeks to identify people using as many
different ways as possible.This can include not just explicit measures such as PINs and fingerprint scans, but background familiarity checks
such as your location, purchase history, keystrokes, swiping patterns, phone identity, even the way in which you hold your phone
Image copyrightBunqImage caption
Bunq says a combination of authentication is going to replace passwords
"Is biometrics going to replace passwords? No, a combination of factors is going to replace passwords, we are and we should be moving
toward this," says Ali Niknam, chief executive of Bunq, a mobile banking service.Yet there is a risk of that this sort of multi-factor
authentication, while secure, will make the authentication process even more opaque
If you don't know what is being used to identify you online, how can you protect that information?"I'm careful about internet security - my
date of birth isn't anywhere, my address isn't anywhere," says Isabelle."I'm 33, relatively young and tech-savvy, but I'm not sure I'd know
how to be more careful." She does remember, however, that one bank initially refused to cancel the account the thief had opened in her
name, because she didn't know the password
