By digitally transforming vs merely digitising, businesses can change security challenges into new opportunities that are more relevant to users and bring value to their journeys
As the internet has become a significant component in our everyday lives, there is a constant fear of navigating to the wrong website or accidentally clicking an incorrect link. This is due to the fact that in doing so, not only are we risking the security of our device, but, more importantly, our entire identity.
However, what mitigated this fear was the thought that if consumers adhere to the security protocols of the businesses they’re engaging with, they will be safe and protected online.
Unfortunately, things aren’t as straightforward as they should be, and this is no longer the case. This is primarily because scammers have long compromised the tools businesses often use to authenticate identities.
While we know the vulnerabilities of the password, we have also seen an exponential increase in fraud attacks through another authentication method that has emerged in recent years – the one-time passcode (OTP).
Authorities in the UAE have warned customers never to share one-time passwords with unidentified callers. Abu Dhabi Police and fraud analysts at Abu Dhabi Islamic Bank (ADIB) said there has been a rise in fake online deals where scammers ask people to share their one-time passwords (OTP), also known as one-time pins.
Fraudsters have even used the text message OTP to transfer the totality of people’s life savings to them. Because businesses have increasingly depended on these methods to further bolster security, they have created more vulnerabilities for scammers to exploit.
Most of the time, consumers are left without a choice when it comes to what channels they can use to authenticate themselves when interacting with these companies.
It makes no sense for businesses to rely on the same channels fraudsters use to authenticate their customers online. As a result, businesses and consumers find themselves in a catch-22 situation, where the only way to progress is for businesses to evolve security strategies to match the needs of the modern consumer.
Analog is limited
One of the reasons our existing approach to authentication is vulnerable is that many of our methods are digitised versions of analog processes, leaving them open to attack in the online world.
Fraudsters have used the text message OTP to transfer the totality of people’s life savings to them.
Even though OTPs seems like the password’s digital iteration, it’s still just a digitised version of a physical tool. When used digitally, it’s vulnerable to significantly more attacks, from malware to SIM swap attacks and phishing. As we are spending more time on digital channels following the onset of the pandemic, it’s only logical that this would lead to an increase in online scams.
Consumers today are constantly doubting whether they have received a legitimate text message from a company or a bad actor spoofing that business. From calls telling you that you have won a prize from your bank, to text messages warning you that your account has been blocked, there are various ways in which fraudsters can try to trick you into get access to your bank account details.
The UAE Banks Federation (UBF) has launched an awareness campaign, educating people to follow a three-step approach – stop, think and protect – in order to fight bank fraud. But, as some scammers are even coaching consumers to ignore warning messages and security measures, it is getting increasingly difficult to spot these ploys.
The answer is to revaluate the channels businesses are using to authenticate consumers to prevent things from getting to this point. It’s time for businesses to begin exploring new options and looking towards solutions purpose-built to tackle today’s digital challenges.
Businesses need the right technology
In the modern threat landscape, we will see scams continue in both frequency and sophistication unless we end the cycle and stop relying on analog authentication methods. This means moving away from dependence on technologies like text message OTPs that are now as ubiquitous with fraudsters’ day-to-day activities as they are an authentication method.
Looking to more sophisticated, digital native technologies, we find alternatives that are designed to protect digital identities and fit seamlessly into customer journeys. Businesses can robustly verify digital identities by using layered contextual data and tools like behavioural biometrics on top of passwords and device or location data This will enable businesses to prove a person is who they say they are.
Businesses can robustly verify digital identities by using layered contextual data and tools like behavioural biometrics.
Solutions that work to positively identify customers while weeding out bots and malware can work passively in the background and help businesses offer true personalisation. Additionally, this allows businesses to start investing in ways to build digital trust with customers.
By digitally transforming vs merely digitising, businesses can transform security challenges into new opportunities that are more relevant to users and bring value to their journeys. The businesses that will succeed online are the ones that can earn digital trust with their customers.
To earn this trust, customers must feel confident that they are safe when interacting with a business online. The online catch-22 we’ve created must be disrupted. And the only way to do so is to reduce reliance on the same channels to authenticate customers that fraudsters are using to scam us.
Saeed Ahmad, managing director, Middle East and North Africa, Callsign.
Follow us on
For all the latest business news from the UAE and Gulf countries, follow us on Twitter and LinkedIn, like us on Facebook and subscribe to our YouTube page, which is updated daily.
By Saeed Ahmad
More of this topic
An online authentication ‘catch-22’
By digitally transforming vs merely digitising, businesses can change security challenges into new opportunities that are more relevant to users and bring value to their journeys
As the internet has become a significant component in our everyday lives, there is a constant fear of navigating to the wrong website or accidentally clicking an incorrect link. This is due to the fact that in doing so, not only are we risking the security of our device, but, more importantly, our entire identity.
However, what mitigated this fear was the thought that if consumers adhere to the security protocols of the businesses they’re engaging with, they will be safe and protected online.
Unfortunately, things aren’t as straightforward as they should be, and this is no longer the case. This is primarily because scammers have long compromised the tools businesses often use to authenticate identities.
While we know the vulnerabilities of the password, we have also seen an exponential increase in fraud attacks through another authentication method that has emerged in recent years – the one-time passcode (OTP).
Authorities in the UAE have warned customers never to share one-time passwords with unidentified callers. Abu Dhabi Police and fraud analysts at Abu Dhabi Islamic Bank (ADIB) said there has been a rise in fake online deals where scammers ask people to share their one-time passwords (OTP), also known as one-time pins.
Fraudsters have even used the text message OTP to transfer the totality of people’s life savings to them. Because businesses have increasingly depended on these methods to further bolster security, they have created more vulnerabilities for scammers to exploit.
Most of the time, consumers are left without a choice when it comes to what channels they can use to authenticate themselves when interacting with these companies.
It makes no sense for businesses to rely on the same channels fraudsters use to authenticate their customers online. As a result, businesses and consumers find themselves in a catch-22 situation, where the only way to progress is for businesses to evolve security strategies to match the needs of the modern consumer.
Analog is limited
One of the reasons our existing approach to authentication is vulnerable is that many of our methods are digitised versions of analog processes, leaving them open to attack in the online world.
Even though OTPs seems like the password’s digital iteration, it’s still just a digitised version of a physical tool. When used digitally, it’s vulnerable to significantly more attacks, from malware to SIM swap attacks and phishing. As we are spending more time on digital channels following the onset of the pandemic, it’s only logical that this would lead to an increase in online scams.
Consumers today are constantly doubting whether they have received a legitimate text message from a company or a bad actor spoofing that business. From calls telling you that you have won a prize from your bank, to text messages warning you that your account has been blocked, there are various ways in which fraudsters can try to trick you into get access to your bank account details.
The UAE Banks Federation (UBF) has launched an awareness campaign, educating people to follow a three-step approach – stop, think and protect – in order to fight bank fraud. But, as some scammers are even coaching consumers to ignore warning messages and security measures, it is getting increasingly difficult to spot these ploys.
The answer is to revaluate the channels businesses are using to authenticate consumers to prevent things from getting to this point. It’s time for businesses to begin exploring new options and looking towards solutions purpose-built to tackle today’s digital challenges.
Businesses need the right technology
In the modern threat landscape, we will see scams continue in both frequency and sophistication unless we end the cycle and stop relying on analog authentication methods. This means moving away from dependence on technologies like text message OTPs that are now as ubiquitous with fraudsters’ day-to-day activities as they are an authentication method.
Looking to more sophisticated, digital native technologies, we find alternatives that are designed to protect digital identities and fit seamlessly into customer journeys. Businesses can robustly verify digital identities by using layered contextual data and tools like behavioural biometrics on top of passwords and device or location data This will enable businesses to prove a person is who they say they are.
Solutions that work to positively identify customers while weeding out bots and malware can work passively in the background and help businesses offer true personalisation. Additionally, this allows businesses to start investing in ways to build digital trust with customers.
By digitally transforming vs merely digitising, businesses can transform security challenges into new opportunities that are more relevant to users and bring value to their journeys. The businesses that will succeed online are the ones that can earn digital trust with their customers.
To earn this trust, customers must feel confident that they are safe when interacting with a business online. The online catch-22 we’ve created must be disrupted. And the only way to do so is to reduce reliance on the same channels to authenticate customers that fraudsters are using to scam us.
Saeed Ahmad, managing director, Middle East and North Africa, Callsign.
Follow us on
Latest News