This post is part of our 2023 cybersecurity prediction series.
Robert Prigge, Jumio CEO
Social media sites will be pressured to implement rigorous age verification controls.
In 2022, we saw a large push from both tech companies and governments to improve children’s safety online. Legislators have been contemplating the Children’s Online Privacy Protection Act (COPPA 2.0) and Kids Online Safety Act (KOSA), while California passed the Age-Appropriate Design Code Act (AADCA). At the same time, Instagram and Yubo recently launched AI-powered age verification programs that go beyond traditional age checks, like questionnaires where minors can easily lie about their age.
In 2023, social media sites will be placed under increased scrutiny for allowing minors on their platforms without parental consent. We will see more social media sites following Instagram’s footsteps in deploying security measures that accurately verify the age of their users, but the privacy vs. protection debate will continue. Digital identity verification that leverages the power of AI and biometrics will be a crucial tool to confirm users are the age they’re claiming to be.
In 2023 and beyond, more transactions will be done with digital identity than a credit card.
The financial services industry is at a turning point, where the global economy is shifting to authorizing purchases and other transactions based on user identity rather than credit card numbers. Consumers are increasingly leveraging biometric authentication to access their saved credit card information, banking apps and digital payment methods, like Apple Pay. As consumers increasingly use their identity to access and complete transactions in 2023, it’s likely we’ll see the number of transactions completed with digital identities surpass those of credit cards.
Bala Kumar, Jumio CPO
Financial fraud will become the world’s top crime threat to business.
Earlier this year INTERPOL unveiled its inaugural Global Crime Trend report, which measured current and emerging threats across its 195 member institutions around the globe. It should come as no surprise to business leaders that the top three threats consisted of money laundering, ransomware and phishing.
Financial fraud came in at number four on INTERPOL’s 2022 list, though in 2023, it would not be a surprise to see this category top the charts. Cybercrime and financial crime go hand-in-hand with so many fraudulent financial activities enabled by increasingly sophisticated AI and other digital technology. With the proliferation of financial crime-as-a-service in the contemporary business landscape through email compromise, CEO fraud and e-commerce scams, we can expect to see this threat to remain front and center in the year ahead.
Stuart Wells, Jumio CTO
Enterprises will shift to multimodal biometrics for identity verification.
The era of passwordless authentication is well underway as businesses across sectors continue to adopt biometric identity verification. Biometric verification technology has improved significantly in recent years — so much so that it’s been ingrained in many everyday tasks, like unlocking our mobile devices. Even as facial recognition technology reaches upward of 99% accuracy, fraudsters have engineered workarounds through the likes of face morphs, deepfakes, digital image manipulation and the use of synthetic masks.
These concerns will remain top of mind for enterprises heading into the new year, which paves the way for the rise of multimodal biometric adoption in conjunction with multimodal liveness. Introducing an additional level of biometric verification to the authentication process adds another layer of insulation between enterprises and malicious actors. Supplementing facial recognition with an additional biometric like voice or iris detection provides additional security for businesses seeking to verify their customers, patients, employees and other users. Additionally, adding multi-modal liveness detection further strengthens the protection the person is real. Techniques such as correlated mouth moment and speech, and detecting blood flow in the face all make the authentication process much harder to spoof.
Veronica Torres, Jumio Worldwide Privacy and Regulatory Counsel
As the conversations around technology vs. privacy continue in 2023, Congress will be forced to agree on a national privacy framework.
We’ve seen considerable momentum surrounding data privacy in the U.S. over the past few years, as consumers and watchdogs continue flagging concerns over the innumerable amount of data technology companies are collecting and storing about them. While state-level regulations have been a great starting point in protecting consumers, they have also brought a number of challenges, such as compliance issues for businesses operating in different states.
It’s only a matter of time before the U.S. comes to an agreement on a federal bill that creates a national standard for how consumers’ data should be handled and safeguarded. The American Data Privacy and Protection Act has already been making its way through Congress, and it’s highly likely we’ll see some version of this bill passing in 2023. Once a federal framework is established, tech companies will be required to implement additional measures that prioritize the privacy of their users.
Miles Hutchinson, Jumio CISO
Organizations will be forced to abandon MFA as fatigue is high and prompt bombing rises.
Dating back to the mid-1990s with the inception of phishing, hackers have long employed the use of social engineering attacks for credential access and network breaches. Today’s hackers, however, aren’t hunting their next victims in AOL chat rooms — instead, they’re right beneath our fingertips spamming users into approving push notifications and sign-in attempts that grant outsiders inside access.
The likes of Microsoft, Cisco and Uber, among other large-scale organizations, have all been struck by this multi-factor authentication (MFA) fatigue technique. The widespread success of this tactic, also referred to as prompt bombing, will soon force businesses to leave behind MFA strategies and search for verification alternatives. It’s likely that many organizations will begin to look toward passwordless authentication as the preferred method of authentication — and a sure way to avoid users falling victim to MFA fatigue.
We will see more foreign governments hiring third-party hackers to target other nations .
Following the start of the Russia-Ukraine war, we’ve seen a significant rise in hacktivism, and it’s likely these attacks will further evolve in 2023. Researchers found that out of a total of 57,116 DDoS attacks discovered in Q3 2022, the majority seemed to be politically motivated. In the coming year, we can expect to see military groups around the world increasingly rely on expert hackers to attack other nations’ critical infrastructure and private business operations. To defend themselves against politically motivated cyberattacks, both government agencies and private sector organizations will need to deploy robust network defense tools that can detect suspicious activity and vulnerabilities.
Philipp Pointner, Jumio Chief of Digital Identity
We will see more enforced regulations around digital identity at the federal level.
For the better part of 2022, various iterations of a digital identification bill have circulated through the legislative process. As recently as October, the Senate entertained legislation intended to establish new federal, state and private sector guidelines for digital identity credentials.
Since 2021, bills of this nature have garnered bipartisan support, but not enough traction to pass through both houses of Congress. Recent survey data suggests that robust identity verification practices are quite popular among American consumers. Should we expect to see that public support translate to action at the federal level? More likely than not, yes. With the issue of digital identity receiving this kind of backing in the court of public opinion, it seems probable that next year we will see a bill succeed in regulating digital verification for organizations across the public sector.