Jumping the Gun in Identity and Security

  • Fraud Prevention, Internet Fraud

Runners at the starting line
If you’ve ever taken a basic business course, read an article on entrepreneurship, or watched Shark Tank you are likely familiar with the advice to “find a problem and fix it”.  Being first to market with a new solution to a high-profile problem is a great way to get more funding, press, and ultimately revenue. 

With the mainstream coverage of breaches, hacks, and identity fraud over the past few years it should be no surprise to see massive amounts of VC funding being funneled to new technology solutions that promise the solution.  The rush to market for these solutions may be contributing to the problem more than solving it, however.

 We have previously discussed the concerns raised by federated identity verification (allowing an individual to verify their identity based on access to an account elsewhere), namely that unauthorized access to one account can allow a bad actor to not only access other accounts but even create new accounts fraudulently.  In a similar fashion concerns are now being raised about early biometrics implementations with the security of stored biometric data such as fingerprints and even DNA in question.

At the most basic level all identity verification is about data in exchange for access.  When companies add to either side of the equation (collecting new data points or providing new levels of access based on the existing data) then new security risks are introduced.  While most companies realize the responsibilities that come with introducing these risks, the trends so far indicate that the desire (or need) to be first to market has caused many to fail dedicating sufficient time and consideration to security.  The negative impact of solutions that have “jumped the gun” will last long after the initial security oversights.  Even properly secured biometrics solutions will be impacted by the existence of lost fingerprint data, and fraudulent accounts will continue to exist even after onboarding processes have changed.   

Companies in the identity and security industries need to remember that getting it right is more important than being first, and act accordingly.