The authentaverse: a new era in fighting digital fraud

Answer

The rise of digital fraud

Transactions and services are inevitably moving towards digitalisation. This offers greater capabilities, convenience and cost-effectiveness for consumers alongside significant commercial opportunities for businesses. The accompanying shift from face to face to online interactions has also created a new dilemma: how do users and businesses verify that they’re dealing with the correct entity?

The risk of digital impersonation is arguably most widespread – and most damaging – within the context of fraud. Last year, digital fraud attacks were estimated to have increased up to 43%. In the UK, more than £459 million was reportedly lost to authorised push payment (APP) fraud alone.

‘APP fraud’ describes where a fraudster tricks a victim into willingly authorising payments into an account controlled by the fraudster. The nature of the attack relies on the victim failing to digitally unmask an impostor; criminals often use information from intercepted email chains to present themselves as the victim's intended recipient of the funds.

While regulators are introducing a raft of protections, such as the Payment Systems Regulator introducing the new mandatory reimbursement rules for victims of APP fraud on 7 October, the underlying issue clearly requires enhanced digital protections for consumers and businesses.

Introducing the authentaverse

Enter the 'authentaverse'. Simply put, the ‘authentaverse’ describes a platform for instant, reliable and interconnected authentication processes, which safeguard consumers from the vulnerabilities of traditional platforms. This article will explore the concept of an authentaverse, including the key factors that will be crucial to its success.

Replacing knowledge-based authentication

One of the key vulnerabilities of traditional authentication methods is that they involve a range of 'knowledge-based' responses for users to verify their identities.

The use of passwords provides opportunities that can be exploited by fraudsters. For example, users are asked to select unique and secure values across a range of websites, which increases the likelihood that they’ll keep a separate record of their passwords. This additional database creates a secondary target for cyberattacks and increases the likelihood of the information falling into the wrong hands. Moreover, significant computing power is becoming increasingly affordable and accessible to criminals, allowing the testing of millions of possible passwords per second. Such tests can be targeted for those containing publicly available personal information, which many users rely on to memorise different passwords across several platforms. Additionally, passwords are extremely vulnerable to phishing attacks; the already limited security offered by a password becomes irrelevant if the user willingly hands it over.

Security question-based authentications also offer minimal protection given they frequently rely on nonconfidential information. Few users will carefully guard the knowledge of their favourite book, birthday or the model of their first car; all this information can often be discovered through social media or social engineering and manipulation. Further questions, such as a user's favourite food, can also be generalised or predicted by AI. The issue is exacerbated by the fact that this information, such as a user's mother's maiden name, can’t be 'reset' once it’s compromised – the result is that the security question is permanently ineffective once the answer is compromised.

In contrast, the authentaverse is characterised by a multi-factor authentication approach relying on a range of extremely difficult-to-replicate data. Biometric data such as fingerprints, facial recognition and iris scanning can be combined with behavioural analysis to determine whether the correct user is attempting to access an account or platform. AI and machine learning can also be used to analyse these patterns of behaviour to further identify fraudulent use of accounts or even their use under duress. The result: it becomes nearly impossible for digital fraudsters using conventional methods toboth (i) compromise online accounts such as e-mail inboxes to manipulate a transaction; and (ii) impersonate a legitimate user so as to divert funds from the intended recipient.

Improving trust and transparency through blockchain

The authentaverse also has the potential to integrate blockchain into digital identity verification. At its core, blockchain is a decentralised ledger that records transactions across multiple computers so that the record can’t be altered retroactively. For identity verification, this means each user's identity data can be stored across a network of nodes, rather than on a single central server. This decentralisation reduces the risk of a single point of failure and may enhance security for users.

Blockchain also employs advanced cryptographic techniques to secure data. Each piece of identity information can be hashed (converted into a fixed-size string of characters) and linked to previous data entries through cryptographic keys. This ensures that any attempt to alter the identity data would require altering all subsequent hashes, which is computationally infeasible. Once an identity record is added to the blockchain, it becomes immutable; it can’t be changed or deleted. This immutability provides a reliable audit trail for verifying identities and ensures the integrity of personal information over time. This secures each transaction and maintains user privacy through advanced encryption techniques. This approach has been successfully implemented by the Estonian government using blockchain to successfully secure the personal data of its residents.

A one-stop authentication process

The authentaverse also promises the potential for a one-stop approach to verification. While users traditionally complete separate verification processes across multiple bank accounts or online platforms, the authentaverse promises instant verification across a range of platforms.

The authentaverse would therefore further reduce the friction within existing authentication processes. Users are already accustomed to 'auto-fill checkouts' for their bank details and a similar level of speed and convenience can be applied to digital identification processes. This would enable a seamless integration of a single authentication process across various sectors such as banking, ecommerce and healthcare.

Challenges

The principal challenge to the authentaverse is designing a human-centric platform to encompass these technologies; the underlying technology is ready, but it must be delivered with a personalised approach. For example, certain users may be reluctant to provide biometric data or analysis of their digital behaviour, regardless of the potential benefits. An iterative and bespoke approach is required, which could include certain legacy features of traditional authentication processes such as passwords in its prototype form. Early feedback will be essential in creating an authentaverse that users are comfortable subscribing to at scale, especially given the highly sensitive nature of the information provided. 

In addition, the increased processing of personal data will undoubtedly bring new challenges. For example, platforms will need to carefully consider their compliance with data protection laws such as GDPR rules in Europe as well as further regulatory compliance across multiple jurisdictions. In addition, authenticating platforms will need to thoroughly investigate their internal fraud prevention measures given the likelihood of serious harm should there be malicious actors within an authenticating organisation. The successful navigation of these challenges will undoubtedly be make-or-break to fostering a new era of digital trust.

Conclusion

The authentaverse is more than just a security platform; it’s a visionary approach to safeguarding our digital future. As cyber threats and new avenues for digital fraud continue to evolve, this innovative system stands as a potential beacon of digital trust. If implemented successfully, the result promises a verification process that’s not only significantly more secure, but also considerably faster and therefore reduces friction for the user. By integrating advanced technologies into a cohesive and empathetic framework, the authentaverse could redefine digital interactions and provide a new answer to the rising cases of digital fraud.

Andrew Spencer is a trainee solicitor at Taylor Wessing.