Become a Subject Matter Expert

In the case of an account takeover, both individuals and larger organizations face serious threats and consequences regarding their reputation and online security. As fraudsters’ tactics become more advanced and sophisticated, it’s important to know the best fraud detection methods, what the motives are behind account takeovers, and methods of detection.  As the world moves increasingly online–both for professional and...

Age verification is a security method by which a company can verify the age of customers before they access websites, content, and e-commerce that is suitable only for adults, including alcohol and tobacco products, gaming/gambling, social media, dating websites, adult content, and more. Proper age verification is crucial to promote the online safety of minors and can include date of...

Anti-Money Laundering or AML refers to a set of laws, regulations, and procedures that target money laundering. The financial industry must comply with these legal requirements to monitor for and report suspicious activities that may be tied to money laundering, meaning they often must implement sophisticated customer due diligence plans. What is Anti Money Laundering (AML)? Anti-Money Laundering (or AML)...

Prior to the passage of the Bank Secrecy Act, there was no legislation of its kind that existed in the United States, offering limited oversight in regard to anti-money laundering (AML). As a result, this lack of regulation provided criminal enterprises with the opportunity to make illicit financial transactions mostly under the radar.  Thus, as a way to bolster the...

Behavioral Analytics a technique that uses machine learning, big data, artificial intelligence, and analytics to identify patterns and anomalies in human behavior. Instances of fraud are on the rise across all industries, putting merchants, governments, and individuals on alert to protect their sensitive data and assets. More specifically, fraud is impacting many online merchants as e-commerce shopping has grown rapidly...

Biometric verification technology utilizes physical characteristics, including but not limited to fingerprint, facial scan, retina scan, etc. to identify someone. Biometric technology is increasingly used in security processes to authenticate and re authenticate users to ensure a user is who they say they are. What is Biometric Verification? Biometric verification is a way for individuals to be identified based on...

Buy Now Pay Later (BNPL) Fraud encapsulates any fraudulent activity related to buy now, pay later platforms. BNPL fraud occurs mainly two categories: attacks on payment systems themselves, and fraud during onboarding for BNPL platforms.  The Buy Now Pay Later (BNPL) market has grown substantially over recent years, largely spurred on by the pandemic and increased online shopping trends. In...

The prevalence of credit card fraud is on the rise. In fact, it’s now estimated that 65% of credit card holders have been victims of fraud at some point in their lives. At the same time, online shopping is becoming more commonplace, and individuals no longer have to present a physical card to a merchant to make a transaction. In...

Consent Management is a process, system, or policy that informs users about the data collection and usage practices of companies they do business with or use. It logs and tracks consent collection to comply with current privacy regulations, including GDPR and CCPA. A Consent Management Platform is a solution that helps companies collect and manage this information. A consent management...

Continuous authentication is a way of verifying a user's identity in real-time. It works by collecting data about the user and feeding it into an algorithm. The algorithm then determines whether the user is who they claim to be. With standard authentication, users enter some credentials (such as their username and password) when they begin a session. They are then...

To meet anti-money laundering (AML) and know your customer (KYC) guidelines, financial institutions must ensure they’ve verified the identities of their customers, the type of activities they’re involved in, and where their funds come from. This is called customer due diligence, which helps organizations manage risk and ensure they’re only serving legitimate customers who aren’t involved in illegal activities like...

Deep Fake technology is a new and emerging type of AI that can be used to generate unique content for a wide range of purposes. However, the general discussion around Deep Fakes has been about the risks that it poses to society. Even still, there are a number of legitimate use cases for Deep Fakes, which we will discuss in...

A digital identity is an online likeness or an electronic file that contains personally identifiable information, or PII. The Digital Identity is an identity utilized in cyberspace across a variety of communities, businesses, and workflows. It is comprised of attributes including but not limited to username/password, social security number, date of birth, online activities (search, transactions, purchasing history, behavior), and...

A digital identity wallet is an application downloaded onto your mobile device that securely holds and encrypts various identity assets containing private information. The application allows users to access pertinent personal documents without carrying an original, physical copy. Identity validation assets include items like your driver’s license, passport, birth certificate, insurance card, social security card and more. When asked to...

Organizations leverage modern technology to streamline various back-office processes, and eIDV is the latest solution to help make the identity verification process more efficient. What Is Electronic Identity Verification (eIDV)? Electronic identity verification (eIDV) refers to the process of using a computerized system to verify an individual’s identity against public records and private databases. An eIDV search will consider the...

eKYC (electronic Know Your Customer) is the automated, digital process for customer identity verification, which serves as an alternative to the traditional, physical document-based Know Your Customer (KYC) process. Know Your Customer (KYC) regulations targeting anti-money laundering (AML) have been in place for decades now, and were only further strengthened following the 9/11 attacks as an effort to fight terrorism...

Facial authentication, also known as facial verification, is a facial biometrics category that relies on a "one-to-one" matching technology. Facial authentication matches a person's face to a previously verified image from a trusted source, like a government ID or previously enrolled and authenticated biometric selfie, with the user’s consent. This form of biometric authentication is primarily used for account protection...

Facial biometrics is a broad umbrella term that encompasses both facial recognition and facial authentication. Facial biometrics are ways to authenticate a user’s identity based on their face. Facial biometric software captures, analyzes and verifies identities via comparison to either a database (recognition) or single photograph (authentication). The technology accomplishes this by collecting unique biometric data of each person. Two...

Facial Liveness Detection is the use of a computer vision technology to detect fake or non-real faces when using facial biometric technology/software for authentication. It is the technology’s ability to analyze and detect if it is an actual living person taking a photo or video of themselves in real time.  How Does Facial Liveness Detection work? To ensure the genuine...

Facial recognition is a biometric verification category that relies on a “one to many” match. This form of biometric technology detects and locates the image of a face, captures and analyzes it, converts it to data, and compares it against a database of other known faces. Facial recognition has various law enforcement applications; police, for example, deploy facial recognition when...

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) is Canada’s financial intelligence unit that is responsible for monitoring and investigating financial transactions. The purpose of the organization is to detect and prevent money laundering, terrorist financing, and other financial crimes.  In December 2001, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) went into effect as...

Compared to other types of fraud where we envision individuals being the target victims while criminals steal their personal information to perform fraudulent activities, First-Party Fraud is different in that the individual themself is the perpetrator. These individuals are often trying to mislead financial institutions. They may even be working with organized crime rings on a larger scale.  As technology...

Fraud Detection is a process or set of processes that analyzes, detects, and prevents fraud threats to a business. These threats are aimed at obtaining money or property and can include identity theft, fraudulent purchases, insurance scams, cyberattacks, money laundering, and more. Fraud detection is most effective when it is a comprehensive, multifaceted approach that can include one or more...

Fraud Monitoring is the process of tracking all activity across workflows and a customer journey: from initial login and transactions, to ensure no fraudulent activity is taking place. This monitoring evaluates actions and events, including account changes, user changes, transactions, and device registrations. Typically, a fraud monitoring system will flag suspicious activity or anomalies in user behavior to stop fraudulent...

Friendly fraud, also known as first-party fraud, can take many different forms, but it generally entails an actual consumer purchasing goods or services from a business and then making false claims. These claims can include the purchase or the delivery of the goods, the need for a refund as a result of the false claim, or the fact that they...

ID validation, or identity document (ID) validation, is the process of verifying a provided national ID, driver’s license or passport to ensure authenticity and validity. This verification process is completed via software that uses machine vision, AI, and document library, among other sources, to determine authenticity of the identity document. Software will scan and extract content from documents and analyze...

Identity Access Management is the process of managing, recording, and controlling all the ways people interact with your company's network. It's a complex system that controls authorization and authentication, which is essential to minimizing risk. Authorization is when you grant access to certain parts of your company's network and infrastructure to certain people. This can mean giving employees or third...

Identity Assurance Level or IAL refers to the levels of confidence or assurance that a system can have in a user’s identity and credentials. There are three levels used as measurement in the identity proofing process: Some confidence, completed via self assertion, often a password High confidence, two factors of authentication Very high confidence, a combination of two factors of...

Identity authentication is an essential part of many security frameworks, both on and offline. What is Identity Authentication? Identity authentication is the process of verifying that an individual is the authorized user before they can access a network or system, complete a transaction, or initiate a high-risk action. The goal of identity authentication is to safeguard accounts, resources, and sensitive...

Identity decisioning is the process of determining if a customer is authentic in onboarding, transaction monitoring and credit underwriting. Companies in the financial and adjacent industries will need adequate decisioning to meet KYC/AML compliance requirements, mitigate fraud, and evaluate risk when onboarding new customers. Identity decisioning is often automated via an Identity Decisioning Platform, which is a comprehensive system for...

Identity fraud occurs when a bad actor uses stolen personal, private, and/or financial information to make fraudulent transactions. How bad actors can obtain a user’s identity occurs in a variety of ways, including both physical and digital means. A bad actor can utilize a fake ID, false credit card or bank accounts, fraudulent transactions, and a fake criminal record. Identity...

Identity management is how an organization identifies and authenticates individuals for access to its network or applications. This process will ensure individuals and groups have the right access, rights, and restrictions with established identities for these organizational resources while keeping those assets and their data secure. Identity management systems include software, hardware, and procedures used to identify and authorize a...

Identity orchestration is the framework that businesses can use to weave a variety of identities together in a multi-cloud environment. Identity Orchestration allows businesses to enable consistent identity and access to a business’s apps and/or services, regardless of which identity system is used. Identity orchestration requires dynamic user journeys for IAM across the entire identity lifecycle, including fraud detection, identity...

Identity proofing is the process of verifying an individual's identity, either in person or online. It's sometimes called identity authentication or ID proofing. Identity proofing is helpful for any entity that needs to verify the identities of its customers, contractors, employees, partners, and more. Identity proofing may be used for any online or physical system that requires authentication, such as...

Injection attacks pose significant security risks to applications, websites, and other systems. Though they were originally discovered in the late 1990s, decades later, cybercriminals continue to execute injection attacks as a way to exfiltrate data, compromise or modify databases, and engage in other exploitative activities for their personal gain. What Is an Injection Attack? Injection attacks are a common type...

A lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate.

Although Know Your Business compliance is relatively new in the United States (since 2016), it plays an important role in upholding the integrity of the economy and keeping crime organizations from getting access to valuable financing. Thus, the implications of Know Your Business regulations are extremely widespread, even concerning public safety. Knowing who your corporate clients are is an important,...

Know Your Customer (KYC) is a set of standards and regulations used by financial institutions to make sure that they're doing business with a legitimate, law-abiding person or entity. When you open a bank account, apply for a credit card, or take out a loan, the financial institution you do business with will ask you to provide some personal information—namely, your...

Not all threats to a company’s security come from bad actors outside the organization. Unfortunately, individuals who already have access to company systems and networks may be a lurking threat, waiting for the right opportunity to initiate their attack. In fact, according to some estimates, upwards of 37.45% of cybersecurity incidents stem from internal actors. Luckily, organizations aren’t helpless against...

Knowledge Based Authentication or KBA for short is a security process that requires asking users for answers to personal information questions to authenticate their identity when accessing accounts or services. Users are required to answer questions that only the individual would know the answer to; for example, secret phrases, names of relatives, or prior transactions. There are three types of...

Liveness Detection is the use of a computer vision technology to detect fake or non-real faces when using facial recognition biometric technology/software for authentication. It is the technology’s ability to analyze and detect if it is an actual living person taking a photo or video of themselves in real time.  How does Liveness Detection work? To ensure the genuine presence...

Model Governance is a pillar of operational integrity and reliability. From financial institutions to retail giants, organizations across industries are increasingly reliant on machine learning models—complex algorithms and statistical tools—to predict outcomes, optimize processes, and drive strategic initiatives. Model governance is borne from a need for robust governance frameworks to oversee these models, which can create organizational risk. What is...

Multi-Factor Authentication, or MFA for short, is a security system that aims to provide an extra layer of protection for your account. It requires you to confirm your identity in at least two separate ways when logging in to your account: Something you know (like a password) Something you are (like a fingerprint) Something you have (like a code sent...

Passwordless authentication refers to a method that allows users to log in to an application or IT system without the use of a password. By this method, users can authenticate themselves via physical security keys, apps, or biometrics. This process eliminates the need to create or remember a static password to both provide a better, more streamlined user experience and...

Fraudsters continue to find new ways to exploit security system vulnerabilities and gain unauthorized access to sensitive data and networks. One specific method used to deceive biometric authentication is a presentation attack. While biometric verification is considered one of the most secure forms of authentication today, it is not a foolproof method for security. However, this doesn’t make it a...

A privileged access management (PAM) tool is a solution that mitigates any risk of privileged access via monitoring, detecting, and/or preventing unauthorized access to system resources. As an organization expands and adds new users with new permissions over the years, they can quickly lose sight of all accounts that have elevated privileges and access to sensitive data.  At the same...

Proof of Identity is a very important concept throughout the cybersecurity world. It is an idea that helps maintain the security and integrity of digital systems. As such, it can be applied in a variety of contexts, which we will explore in further detail below.  What Is Proof of Identity? In a cybersecurity context, Proof of Identity refers to the...

An important cybersecurity practice that keeps your online accounts safe, Reauthentication is widely used across the web today and provides various benefits that you may not even be aware of. What Is Reauthentication? Reauthentication is a cybersecurity concept that refers to the process of requiring users to offer additional verification or authentication credentials to regain their access to a system,...

Not every type of fraud has a clear victim. Sometimes, the person whose identity is being used in fraudulent activities is just as involved as the person actually committing the illicit actions. This type of scheme is called second-party fraud, and the victim in this scenario is typically the organization or institution where the fraudulent activity takes place. What is...

Verifying individuals’ identities when they’re in person is straightforward. They can provide you with a driver’s license or other form of photo identification, and you can verify that the person presenting the document is the same individual shown in the document. Identity verification gets a bit more complicated for online services. It becomes harder to verify that the person providing...

Synthetic Fraud is a complex form of identity theft that occurs when a fraudster uses a combination of both fake and legitimate personal information or legitimate personal information from more than one individual to create a false or “synthetic” identity to build credit, make fraudulent purchases, and more. This process could combine a stolen Social Security Number with a fake...

What Is Third Party Fraud? Third-party fraud occurs when a bad actor uses someone else’s identifying information to fraudulently open a new account in their name without the victim’s knowledge. This type of fraud is more commonly known as identity theft and is highly prevalent in the financial services industry. Fraudsters may use a victim’s identity to secure credit or...

Two Factor Authentication, also known as 2FA, is a two-step verification, or dual-factor authentication security process that requires users to provide two different types of credentials for authentication. Two Factor Authentication is designed to provide an additional layer of validation than methods that use one (namely a password). This authentication method relies on the user providing a password and a...

In today’s digital world, documents, photos, and videos can be easily doctored using deep fake technology or Photoshop. While this can be innocent when used purely for entertainment purposes, the reality is that bad actors and criminals can get their hands on this technology just like the rest of us, making it easier for them to defraud unwitting victims. As...

Zero trust security is an IT framework that secures all access across corporate networks and environments by the default assertion that no user or application can be trusted. Verification is required from anyone attempting to gain access to a network. Zero trust utilizes continuous monitoring and validation, least privilege access, strict controls on device access, multi-factor authentication, and micro-segmentation. This...

Zero-Knowledge Proofs offer strong assurances of authenticity, integrity, and confidentiality, all while preserving the confidentiality of protected information–which is why they have become so popular in cybersecurity today.  As cybercriminals become more sophisticated with their tactics and traditional username-password methods of Proof of Identity become weaker, the power of Zero-Knowledge Proofs could prove monumental for the industry.  While the definition...