14 Oct 2024
by Jim Slevin

Preventing Account Takeover Fraud with NFC-Based Identity Verification

Guest blog from Jim Slevin at Inverid as part of our #UnlockingDigitalID campaign week 2024.

Account Takeover fraud is growing 

Account Takeover (ATO) fraud is rampant and getting worse – 808% Year-on-Year is not the growth headline any executive would like to see. Bank accounts, mobile numbers, and more are breached by attackers exploiting a weak point: that staff in contact centres are doing an impossible job in trying to re-verify customers.  

Account recovery requests are handled by low paid contact centre staff asking questions on a phone call to figure out if a customer is real or fake, which is now impossible when attackers can use deepfakes to fool them with relative ease.  

While businesses have watched their entry point of customer onboarding to minimally comply with KYC and AML regulations, they have neglected the ‘back door’ of account recovery attempts, allowing fraudsters to takeover the accounts of customers with frightening ease. Workforces face similar issues with attackers calling IT helpdesks to gain login credentials.  

Research shows at least 30% of contact centre phone calls are for account recovery. Businesses are paying their staff to do an impossible job, paying for the resultant fraud, and then paying staff again to handle the account restoration process. This adds up in the long run with the cost of brand reputational damage and erosion of customer trust. But with a strong remote identity verification solution in place, these losses can be mitigated, and staff taken out of the path of ATO attackers.  

Prevent fraud with chipped identity documents 

One part of the solution is already in the hands of billions of people, who largely remain unaware of the powerful technology they possess to onboard and secure their accounts. Their ID card or passport has a little known international standard feature – the embedded NFC chip. These chips are standardised by the International Civil Aviation Organisation (ICAO), a body of the United Nations.  

Unlike a photo of the ID card photo page, the chip holds a cryptographic key that proves it is the one and only genuine document and proves what the holder looks like with a high-res face image. This serves as a strong foundation for additional facial biometric verification for liveness assurance. 

Electronic identity documents, such as passports, ID cards, driving licenses, residence permits, and more are now issued by more than 170 countries worldwide, making them a widely accepted and trusted basis for remote identity verification. This approach is being used in the UK by the Government GOV.UK One Login and the UK Home Office Electronic Travel Authorisation (ETA) scheme.  

In tandem with this widespread use of electronic identity documents, most smartphones in circulation are NFC-capable, enabling individuals to read the embedded chips in their documents. Therefore, it makes perfect sense to use a mobile app to verify chipped IDs for purposes such as account recovery, as the average person already has the tools to do so in their hands.  

Using a mobile app for remote ID verification is not only more secure but also far more efficient than the outdated method of asking users to answer security questions in contact centres - questions that often fail to provide any real security.  

This approach removes the frustration and time wasted on ineffective manual processes. With the rise of deepfake technology and other forms of digital fraud, relying on visual identification or knowledge-based authentication is becoming increasingly risky. While deepfakes may mimic someone’s appearance or voice, they cannot replicate the unique cryptographic data stored on an NFC chip. 

It takes an average user less than 30 seconds to verify their identity document chip based on real-world analytics. This can be done to the same level of security whether in-person or remote – far easier, faster, and less costly than recalling all employees to headquarters to re-verify.  

It can take between 6 to 8 weeks for a team of backend infrastructure and app developers to integrate NFC document verification and begin enrolling the document chips of all existing customers that are already known to the business. Unlike KYC and AML, there is no need to run background checks again, and it complies with GDPR since the chip’s cryptography makes it unnecessary to store personally identifiable information. 

How NFC-based identity verification protects business 

Implementing NFC-based identity verification provides businesses with a considerable return on investment, typically achieving break-even within the first year of adoption. Beyond this, companies can expect ongoing annual savings, due to a reduction in the 30% of costs associated with account recovery phone calls and cost of fraud due to fraudulent account takeovers. These savings extend beyond financial and operational benefits, as customer satisfaction significantly increases. With NFC, customers enjoy stronger, more secure protection that they control themselves, making the recovery process faster and more reliable. 

By putting the NFC chip first for ID verification, companies can address two critical challenges: account recovery and ATO prevention, in one solution. This proactive approach not only safeguards customer accounts but also reduces business operational cost.

Unlocking Digital Identity widget.png

 

Welcome to techUK’s 2024 Digital ID Campaign Week! On the 14-18th Oct, we are excited to explore how our members are increasing efficiency for both businesses and users, combatting fraud, as well as what creative and innovative ways our members are expanding our understanding of Digital Identities. 

Whether it’s how we’re communicating, shopping, managing our finances, dating, accessing healthcare or public services, the ability to verify identity has quickly become a critical vanguard to the Digital Economy. 

Follow us on LinkedIn and use the hashtag #UnlockingDigitalID to be part of the conversation! 


Upcoming events 


Latest news and insights

Get our tech and innovation insights straight to your inbox

Sign-up to get the latest updates and opportunities from our Technology and Innovation and AI programmes.


Contact the team 

Elis Thomas

Elis Thomas

Programme Manager, Tech and Innovation, techUK

 

Authors

Jim Slevin

Jim Slevin

Regional Director, Inverid

Jim Slevin holds regional responsibility for the UK and Ireland at Inverid and is the global lead for Inverid’s growing Travel and Borders sector. 

The first half of Jim's career was 22 years spent working in Aviation and Transport with his career evolution being through Engineering, IT, Strategic Change Management and Security. The second half involved a move to the growing commercial strategic business units creating, deploying and supporting identity management and biometric solutions, delivering both security and facilitation to Governments, NGOs, and Private Sector companies. 

Read lessmore