Preventing Account Takeover Fraud with NFC-Based Identity Verification
Account Takeover fraud is growing
Account Takeover (ATO) fraud is rampant and getting worse – 808% Year-on-Year is not the growth headline any executive would like to see. Bank accounts, mobile numbers, and more are breached by attackers exploiting a weak point: that staff in contact centres are doing an impossible job in trying to re-verify customers.
Account recovery requests are handled by low paid contact centre staff asking questions on a phone call to figure out if a customer is real or fake, which is now impossible when attackers can use deepfakes to fool them with relative ease.
While businesses have watched their entry point of customer onboarding to minimally comply with KYC and AML regulations, they have neglected the ‘back door’ of account recovery attempts, allowing fraudsters to takeover the accounts of customers with frightening ease. Workforces face similar issues with attackers calling IT helpdesks to gain login credentials.
Research shows at least 30% of contact centre phone calls are for account recovery. Businesses are paying their staff to do an impossible job, paying for the resultant fraud, and then paying staff again to handle the account restoration process. This adds up in the long run with the cost of brand reputational damage and erosion of customer trust. But with a strong remote identity verification solution in place, these losses can be mitigated, and staff taken out of the path of ATO attackers.
Prevent fraud with chipped identity documents
One part of the solution is already in the hands of billions of people, who largely remain unaware of the powerful technology they possess to onboard and secure their accounts. Their ID card or passport has a little known international standard feature – the embedded NFC chip. These chips are standardised by the International Civil Aviation Organisation (ICAO), a body of the United Nations.
Unlike a photo of the ID card photo page, the chip holds a cryptographic key that proves it is the one and only genuine document and proves what the holder looks like with a high-res face image. This serves as a strong foundation for additional facial biometric verification for liveness assurance.
Electronic identity documents, such as passports, ID cards, driving licenses, residence permits, and more are now issued by more than 170 countries worldwide, making them a widely accepted and trusted basis for remote identity verification. This approach is being used in the UK by the Government GOV.UK One Login and the UK Home Office Electronic Travel Authorisation (ETA) scheme.
In tandem with this widespread use of electronic identity documents, most smartphones in circulation are NFC-capable, enabling individuals to read the embedded chips in their documents. Therefore, it makes perfect sense to use a mobile app to verify chipped IDs for purposes such as account recovery, as the average person already has the tools to do so in their hands.
Using a mobile app for remote ID verification is not only more secure but also far more efficient than the outdated method of asking users to answer security questions in contact centres - questions that often fail to provide any real security.
This approach removes the frustration and time wasted on ineffective manual processes. With the rise of deepfake technology and other forms of digital fraud, relying on visual identification or knowledge-based authentication is becoming increasingly risky. While deepfakes may mimic someone’s appearance or voice, they cannot replicate the unique cryptographic data stored on an NFC chip.
It takes an average user less than 30 seconds to verify their identity document chip based on real-world analytics. This can be done to the same level of security whether in-person or remote – far easier, faster, and less costly than recalling all employees to headquarters to re-verify.
It can take between 6 to 8 weeks for a team of backend infrastructure and app developers to integrate NFC document verification and begin enrolling the document chips of all existing customers that are already known to the business. Unlike KYC and AML, there is no need to run background checks again, and it complies with GDPR since the chip’s cryptography makes it unnecessary to store personally identifiable information.
How NFC-based identity verification protects business
Implementing NFC-based identity verification provides businesses with a considerable return on investment, typically achieving break-even within the first year of adoption. Beyond this, companies can expect ongoing annual savings, due to a reduction in the 30% of costs associated with account recovery phone calls and cost of fraud due to fraudulent account takeovers. These savings extend beyond financial and operational benefits, as customer satisfaction significantly increases. With NFC, customers enjoy stronger, more secure protection that they control themselves, making the recovery process faster and more reliable.
By putting the NFC chip first for ID verification, companies can address two critical challenges: account recovery and ATO prevention, in one solution. This proactive approach not only safeguards customer accounts but also reduces business operational cost.
Welcome to techUK’s 2024 Digital ID Campaign Week! On the 14-18th Oct, we are excited to explore how our members are increasing efficiency for both businesses and users, combatting fraud, as well as what creative and innovative ways our members are expanding our understanding of Digital Identities.
Whether it’s how we’re communicating, shopping, managing our finances, dating, accessing healthcare or public services, the ability to verify identity has quickly become a critical vanguard to the Digital Economy.
Follow us on LinkedIn and use the hashtag #UnlockingDigitalID to be part of the conversation!
Upcoming events
Latest news and insights
Get our tech and innovation insights straight to your inbox
Sign-up to get the latest updates and opportunities from our Technology and Innovation and AI programmes.
Contact the team
Elis Thomas
Elis Thomas
Elis joined techUK in December 2023 as a Programme Manager for Tech and Innovation, focusing on AI, Semiconductors and Digital ID.
He previously worked at an advocacy group for tech startups, with a regional focus on Wales. This involved policy research on innovation, skills and access to finance.
Elis has a Degree in History, and a Masters in Politics and International Relations from the University of Winchester, with a focus on the digitalisation and gamification of armed conflicts.
- Email:
- [email protected]
- Website:
- www.techuk.org/
- LinkedIn:
- https://www.linkedin.com/in/elis-thomas-49a1aa1a1/
Authors
Jim Slevin
Jim Slevin holds regional responsibility for the UK and Ireland at Inverid and is the global lead for Inverid’s growing Travel and Borders sector.