Fintech expert Sergey Kondratenko explains that secure identity verification methods become vital as cybercrime evolves. According to statistics, data breaches continue to cause serious damage to companies, with losses from fraudulent actions in online payments exceeding $40 billion in 2022.

Combating fraud, as well as money laundering and terrorism financing remains a global focus. It involves various identity checks, transaction checks, and checks on clients for possible past financial violations to prevent their recurrence.

Another aspect of fighting fraud is maximising customer protection against potential data theft and account access theft, as well as creating a comfortable and secure infrastructure for service users.

What needs to be done to prevent financial losses, what identity verification methods are most effective, and why is this procedure so important?

From KYC to Biometric Identification: Why Identity Verification Plays a Crucial Role in Financial Services — Sergey Kondratenko

Identity verification plays a crucial role in the financial world.

Firstly, its process is needed to establish relationships between the client and the service.

Secondly, it is a way to create a secure method of client interaction with the company, where identity is verified during activity, and the client's authenticity is confirmed.

As financial services involve constant interaction with the platform, two stages of identification are necessary:

1. KYC is the primary method of identification and helps ensure:

• Client Safety. KYC helps ensure that clients are who they claim to be, reducing the risk of fraud.
• Legislative Compliance. Financial institutions must follow legislative requirements for combating money laundering, fraud, and financing terrorism. KYC is a mandatory element for meeting these requirements.
• Transparency of Financial Transactions. KYC ensures the cleanliness and transparency of financial flows, preventing their use for illegal purposes.

2. Biometric Identification – forms part of the KYC check and a further method of identity verification when using financial services. Among the advantages and factors of its application are:

• Uniqueness. Biometric data, such as fingerprints or iris scanning, are unique to each individual, making identification more accurate and secure.
• Ease of Use. Biometric identification simplifies the verification process, making it quick and convenient for users and increasing their satisfaction with the service.
• Reduced Risk of Forgery. Unlike passwords or PIN codes, biometric data are difficult to forge or steal, significantly increasing security levels.

"These tools significantly impact the relationship between the client and the company," notes Sergey Kondratenko.

It provides:

Interaction Optimization. Integrating effective identification methods facilitates smoother and more efficient customer service, reducing the time to process requests and operations.

Increased Trust. Reliable identification methods create a sense of security and trust in the financial organisation among clients, which helps to strengthen long-term relationships.

Sergey Kondratenko: The Importance of Multi-Factor Authentication for Enhancing the Security of Financial Transactions

Over the last three years, there has been a noticeable increase in attacks related to phishing and other fraud methods that use data theft. The FBI has identified such attacks as a major threat to cybersecurity. This is only confirmed by statistical data.

Sergey Kondratenko reports that cybercriminals send 34 billion emails daily, leading to over a trillion phishing emails a year.

In 2022, 84% of organisations were targeted by at least one phishing attempt, 15% more than the previous year. In the fourth quarter of 2022, the Anti-Phishing Working Group (APWG) registered 1,350,037 phishing attacks, almost 100,000 more than in the previous quarter. Moreover, their number increases annually by more than 150%.

It is proven that most such illegal schemes are attributed to the fintech sector, which accounts for 27.7% of the total. Financial companies need to seriously consider improving their authentication systems to reduce the risk of vulnerability from such intrusions.

Sergey Kondratenko believes that the key method for enhancing authentication for financial organisations is the implementation of multi-factor authentication (MFA).

The expert reports that this approach is widely used in various industries. It involves the user providing two or more of the following proofs of identity:

• Knowledge: Only the user can access information (e.g., password or PIN).
• Possession: Having a physical object or device that belongs to the user (e.g., a mobile device or a hardware security key).
• Inherence: Unique biological characteristics of the user (e.g., fingerprint or iris scan).

Despite the advantages MFA offers, there are several concerns regarding its security. Specifically, MFA can be vulnerable to attacks such as phishing or SMS interception.

"Even other forms of MFA, such as push notifications, are not without risks. The rise in attacks targeting one-time passwords and push notifications is becoming increasingly noticeable. Hackers may use interception or hacking techniques to access these notifications and bypass authentication," explains Sergey Kondratenko.

Despite these threats, MFA remains a safer alternative to classic authentication based on username and password.

Sergey Kondratenko: Approaches to Identity Verification for Preventing Fraud and Money Laundering

For effective protection, updating and improving MFA systems constantly is important. Additionally, users should be trained in methods to prevent attacks and safe online behaviour.

Sergey Kondratenko is convinced that the main focus should be authentication methods and protocols. Organisations should avoid making decisions regarding MFA that could be subjected to social engineering attacks or Man-in-the-Middle (MiTM) attacks, which can lead to data leakage or unauthorised access to accounts.

Up to 80–90% of MFA implementations can be hacked. Therefore, implementing phishing-resistant MFA is the most effective way to protect authentication processes from attacks.

"Phishing resistance implies the rejection of MFA based on passwords, SMS, voice calls, one-time passwords (OTP), or compromising push notifications. Passwordless MFA based on FIDO standards (Fast Identity Online) is recognised as the gold standard of phishing-resistant authentication. This fact is confirmed by the Cybersecurity and Infrastructure Security Agency (CISA) and OMB," concludes Sergey Kondratenko.