The True Cyber Menace – Identity Theft

The True Cyber Menace – Identity Theft

Early payment defaults, also known as EPDs, refer to instances where borrowers default on their loans shortly after the loan origination or within the early stages of the repayment period.

The New Cyber Menace – Identity Theft

One of the key factors that has been identified as a reason for early payment defaults is inaccurate, fraudulent or incomplete loan application information: If borrowers provide fraudulent, incorrect or incomplete information during the loan application process, lenders may approve loans based on false information. What has become evident more recently is identity theft or misrepresentation is a leading source of risk for lenders.

Warning bells in the auto sector

Recent data* from the U.S indicated that up to 70% of auto loans in which the borrower stops paying within six months of origination included fraud on the application.   Some evidence stated that early payment default (EPD) is an early indicator of fraud that was originally missed by lenders.  In practical terms this means that a person has gone to a lender and misrepresented themselves in some manner including identify theft.

We’re not alone

Here in Australia the impacts of recent fraud and cyber activity have been well documented for some of our best known organisations and brands.  There are very few risk, security and IT managers who aren’t left wondering if their organisation is going to be next.  In fact, ask any Chief Risk Officer what their number one concern is.  Their answer will not surprise.

Don’t wait…it may be too late

While CISO’s and IT managers are shoring up their firewalls, implementing patches, upgrading their servers, and dishing out big dollar contracts to cyber risk consultants, the business of originating new sales and orders continues unabated.  It’s at the point of origination of new business that the risks are born.  By the time the data has gone into the systems ether, the primary opportunity to protect the customer, the data and the business may have already passed.

While many businesses, especially financial institutions have implemented identity checking processes at the point of business origination, (including multi-factor authentication and various other forms of digital verification), recent acts of fraud (Latitude is the best recent example) have shown that the systems are far from fool proof.

Combatting identity theft – Facial liveness to the rescue

Organisations collecting customer and personal data cannot rest on their past practices or claims they are compliant with industry standards.  The smart ones are setting higher standards including implementing facial recognition – not just facial recognition but ‘live’ facial recognition.  These are processes not fooled by photos, masks, or deepfakes, and ensures that a person is physically present.  For lenders in Australia (in fact all organisations with a requirement to validate identity), this is a no-brainer.  Eliminate the opportunity for fraud at the point of collection and origination.  Once the data passes the point of liveness validation, the risk of a fraud being perpetrated falls materially.

When it comes to identity protection, no longer can we hope that we got it right.  These days we need surety.  Facial liveness is a big step in the right direction.  The BRYK Group is a leading provider of liveness solutions through it’s BRYK.ID product https://brykgroup.com/brykid/

 *According to risk management platform Point Predictive’s latest auto lending fraud trends report

Disclaimer (see below)  

 

 

 

 

 

 

 

 

No content or any part thereof (Content) may be modified, reverse engineered, reproduced or distributed in any form by any means, or stored in a database or retrieval system, without the prior written permission of BRYK Group or its affiliates (collectively, BRYK). The Content shall not be used for any unlawful or unauthorised purposes. BRYK and any third-party providers, as well as their directors, officers, shareholders, employees or agents (collectively BRYK Parties) do not guarantee the accuracy, completeness, timeliness or availability of the Content. BRYK Parties are not responsible for any errors or omissions (negligent or otherwise), regardless of the cause, for the results obtained from the use of the Content, or for the security or maintenance of any data input by the user. The Content is provided on an “as is” basis. BRYK PARTIES DISCLAIM ANY AND ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE, FREEDOM FROM BUGS, SOFTWARE ERRORS OR DEFECTS, THAT THE CONTENT’S FUNCTIONING WILL BE UNINTERRUPTED OR THAT THE CONTENT WILL OPERATE WITH ANY SOFTWARE OR HARDWARE CONFIGURATION. In no event shall BRYK Parties be liable to any party for any direct, indirect, incidental, exemplary, compensatory, punitive, special or consequential damages, costs, expenses, legal fees, or losses (including, without limitation, lost income or lost profits and opportunity costs or losses caused by negligence) in connection with any use of the Content even if advised of the possibility of such damages. BRYK assumes no obligation to update the Content following publication in any form or format. The Content should not be relied on and is not a substitute for the skill, judgment and experience of the user, its management, employees, advisors and/or clients when making business decisions. While BRYK has obtained information from sources it believes to be reliable, BRYK does not perform an audit and undertakes no duty of due diligence or independent verification of any information it receives.

Data Protection Frenzy:  Like Seagulls to Hot Chips

Data Protection Frenzy: Like Seagulls to Hot Chips

In the wake of the damaging cyber-attacks on some of Australia’s best-known companies, their brand value has taken a significant hit.  Take Optus for example.  Optus’s brand value fell 19% dropping their ranking in the top 100 most valuable brands* from 11th in 2022 to 17th in 2023.  In dollar terms that equates to a fall in value of circa $700m adding to the already eye-watering cost of the breach.  It would be fair to assume that most companies listed in the top 100 brands would be loath to see similar values wiped from their brand.  In both the consumer and business world trust is paramount in building brand.  What can take decades to build, can take moments to destroy.

Following the breaches, data security firms from start-ups to the largest publicly listed cyber businesses have been like seagulls to hot chips – a literal feeding frenzy.  Problem is most are late to the party; once the oil has spilled into the ocean, it’s nigh on impossible to put it back into the tank.  So, the best solution is not to let the problem happen in the first place. Right? Easier said than done.

The reactive solutions being touted included strengthening passwords (there’s a novel approach), use 2-factor/multi-factor authentication (OK, but far from fail safe), update software on all devices (sure), be mindful of scams (getting harder to establish), and monitor credit files and accounts for unusual activity (what percentage of the population are doing that?).

Being perfectly candid, we’re in a sophisticated game of cops and robbers where the robbers are constantly inventing new ways to break into ‘data safes’ and the cops (aka security experts) are trying to stay one step ahead.  It’s a game where the slightest misstep can have dire consequences.  The focus needs to be on keeping ahead of the game.  One of the key proactive approaches is the adoption of facial liveness detection that focuses on verifying that a system user is a real person and not an impersonator or fraudster.

Facial liveness detection involves analysing the user’s facial features and movements to determine if they are a living person.  This can be done through a variety of methods, such as asking the user to blink, smile or nod their head, and using sophisticated computer algorithms to analyse facial expressions and movements.  Facial liveness detection can be a powerful tool for preventing fraud as it can help to ensure that the person attempting to access a system or service is the legitimate user and not someone using stolen credentials or a fake identity.  Facial liveness detection is much harder to bypass as it requires the user to physically demonstrate that they are a real person.

For organisation’s intent on protecting their brand and reputation, adopting an identity system that incorporates facial liveness is one of the most proactive steps that can be taken to combat the increasing threats.  By way of example, can you imagine inside your organisation an identity system that no longer requires employees to enter their usernames and passwords?  No more pet names to protect your most valuable asset!

Undoubtedly, the most secure path is the adoption of a highly sophisticated digital identity service that those businesses recently targeted by hackers, could now use to verify people’s identities to minimise (if not eradicate) the need to collect and store digital identity data and images of identity documents.  Facial liveness built into the overall identity and security strategy will be a powerful tool in combatting the inevitable continuing threats.  Liveness does not stand alone as the solution.  Rather, when carefully and strategically embedded into the overall identification process, it will provide the extra layer of security that has been sorely missing.  No doubt, many Australian businesses will be looking for specialists to help them implement these much needed security solutions.

*Source: Brand Finance annual report on the most valuable and strongest Australian brands, January 2023    

Disclaimer (see below)  

 

 

 

 

 

 

 

 

No content or any part thereof (Content) may be modified, reverse engineered, reproduced or distributed in any form by any means, or stored in a database or retrieval system, without the prior written permission of BRYK Group or its affiliates (collectively, BRYK). The Content shall not be used for any unlawful or unauthorised purposes. BRYK and any third-party providers, as well as their directors, officers, shareholders, employees or agents (collectively BRYK Parties) do not guarantee the accuracy, completeness, timeliness or availability of the Content. BRYK Parties are not responsible for any errors or omissions (negligent or otherwise), regardless of the cause, for the results obtained from the use of the Content, or for the security or maintenance of any data input by the user. The Content is provided on an “as is” basis. BRYK PARTIES DISCLAIM ANY AND ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE, FREEDOM FROM BUGS, SOFTWARE ERRORS OR DEFECTS, THAT THE CONTENT’S FUNCTIONING WILL BE UNINTERRUPTED OR THAT THE CONTENT WILL OPERATE WITH ANY SOFTWARE OR HARDWARE CONFIGURATION. In no event shall BRYK Parties be liable to any party for any direct, indirect, incidental, exemplary, compensatory, punitive, special or consequential damages, costs, expenses, legal fees, or losses (including, without limitation, lost income or lost profits and opportunity costs or losses caused by negligence) in connection with any use of the Content even if advised of the possibility of such damages. BRYK assumes no obligation to update the Content following publication in any form or format. The Content should not be relied on and is not a substitute for the skill, judgment and experience of the user, its management, employees, advisors and/or clients when making business decisions. While BRYK has obtained information from sources it believes to be reliable, BRYK does not perform an audit and undertakes no duty of due diligence or independent verification of any information it receives.

BRYK Group Achieves SOC2 Certification

BRYK Group Achieves SOC2 Certification

Data security is paramount at the Brykgroup. It is our guiding principle. With this in mind, we are pleased to have achieved the next level of information security certification becoming SOC2 compliant (Level 1 & 2).
Achieving this additional level of certification reinforces our commitment to privacy and data protection for our clients and partners. We have an unwavering focus to deliver and maintain the highest standards when it comes to security and will continue to invest in our people and systems to ensure we consistently meet industry standards.
We recognise the engagement with Prescient Assurance, a leader in security and compliance attestation for B2B SAAS companies worldwide, and the skilled assistance from the Vanta team.

InnovationAus Awards For Excellence 2021

InnovationAus Awards For Excellence 2021

Finalist: BRYK:ID and facial authentication based cybersecurity

Article by Rachael Bolton

Online security is a comfortable illusion we each choose to believe so that we can continue with the essential activities of our modern lives. So says David Brykman, founder and chief executive of software development and consulting firm Bryk Group.

And Mr Brykman should know. He has been trying to keep people and enterprises safe in the browser since the early 2000s.

“At the beginning, when the internet came in, what people did is they took the normal structured computer science discipline, and they threw it out the window,” Mr Brykman says. “They created applications that had user interface, business, logic data, everything else, all thrown in together: a bunch of spaghetti.

“From the beginning, we said: that’s why it’s failing.”

He offers the example of loan applications. Back in the 2000s, if you knew how to look at a page’s source code, you could often see the code for the business logic that would determine a particular decision and outcome. You could literally read what the website wanted you to say in order to get a loan approved.

In addition to these kinds of exposures, all kinds of data has often been intermingled and stored in the same place. Once you jumped over the garden fence, so to speak, you’d find that the house had no doors and no windows: free access to any and all information on a company’s entire system.

Mr Brykman says breeches like that are not only bad for business, divulging commercial secrets and exposing customer data, it has eroded public trust in institutions over time.

“When we get to the biometric security there are many solutions out there that, quite frankly, make you think they’re doing something when they’re not,” he says.

He claims that most biometric security measures like traditional facial and fingerprint scans, passwords, all of these, can be spoofed and in some cases – like providing copies of official documentation – can actually expose the customer to additional risk.

“We have two problems that we want to solve,” Mr Brykman says. “But they are in conflict. One is, we want to be ultra-secure. The other is, we want to have good customer experience.”

BRYK is a finalist for the InnovationAus Awards for Excellence 2021 in the cybersecurity category for a next-level proof of identity software they call BRYK.ID.

It creates a three-dimensional map of the face and compares it against known government records to positively identify the user in seconds without the need for passwords or other “authenticating” data.

While traditional facial recognition software can accurately determine identity with a reliability of about 50 to one, BRYK.ID has an accuracy of 13,000 to one.

It is also the only product in class that can accurately determine liveness. This means that you can’t fool it with a video or a photo or even a deepfake of the real person you’re trying to imitate. More disturbingly – but I think we’d all agree very importantly – you also can’t fool the system by presenting it with the corpse of the authorised person.

The software employs machine learning to constantly improve its algorithm so every time a hacker tries to get around it, they are actually teaching the software to provide even better protection.

BRYK.ID customers are currently mainly focused in the financial and government sectors, but the technology has potential applications for any service where confirming live identity is a priority.

https://www.innovationaus.com/finalist-bryk-id-and-facial-recognition-based-cybersecurity/

Contact BRYK Group:

Use the form below or details to the right and some one from our team will connect with you regarding your questions or project.

    BRYK Group CEO on the pitfalls of complexity

    BRYK Group CEO on the pitfalls of complexity

    BRYK Group CEO, David Brykman says the government is “overcomplicating and overengineering” its online jab booking system as the state continues to lag behind the rest of the country. “The systems we introduce, such as online booking, should make things easier, not more difficult,” he said.

    Contact BRYK Group:

    Use the form below or details to the right and some one from our team will connect with you regarding your questions or project.

      We won!

      We won!

      The BRYK Group is thrilled to have won the 2020 iAward for Technology Platform of the Year today.

       

      I am very proud of the team and looking forward to further developing this product.

      Contact BRYK Group:

      Use the form below or details to the right and some one from our team will connect with you regarding your questions or project.