Nowadays, everyone has at least a dozen different accounts to perform various online activities. Be it ordering goods, purchasing services, or making banking transactions – all of these activities require proof of identity that can easily be stolen if one doesn’t take proper precautions.
Unfortunately, people often employ only basic security measures, such as an average-strength password, to safeguard their accounts. As a result, cybercriminals often hack unprotected accounts, gather personally identifiable information, and use it to create fake identities. The victims of such attacks usually experience massive financial losses and reputational damage, not to mention ongoing challenges with their credit score and financial risk profile.
For this reason, we talked to Jennifer Greene, the Digital Marketing Manager at Q5id – a company that offers Proven Identity & Access management services – about the effective digital identity protection solutions, most common fraud methods, and ways to avoid identity theft.
How did Q5id originate? What would you consider the biggest milestones throughout the years?
Q5id was founded in 2018 by Steve Larson and several close colleagues who shared a vision: the concept of a self-managed, highly secure identity that individuals could use as a single method of access to any account or system in the world. While that vision is still in the future, we are proud to have initiated several pilot programs with banking and financial institutions. We’re also incredibly proud of our soon-to-be-launched Q5id Guardian app, powered by our patented identity proofing process which ensures a safe, verified community of volunteers to help find missing children.
Can you introduce us to your Proven Identity solution? What technology do you use to verify identities?
Our Proven Identity Solution utilizes our patented identity proofing process to capture facial biometric characteristics and palm print readings. Then, it compares the facial biometrics against the image on your government-issued ID to verify that you are who you claim to be and that you’re a real person. Once an identity has been enrolled in the system, it can be used as a passwordless authentication method to access any accounts integrated with Q5id. The identity verification process is a combination of proprietary technologies, but we are happy to discuss it in greater detail with organizations interested in using our solutions.
What fraud methods do you notice threat actors use most often nowadays?
One method that's certainly on the rise and incredibly hard to detect is synthetic identity fraud – where bad actors blend legitimate information to create a fake identity. Many bad actors will create synthetic identities and conduct legitimate business with them for months or even years to build up credit before defaulting on debt and abandoning the accounts. When combined with other threats, such as ransomware, bad actors can create legitimate-looking synthetic identities, funnel their ill-gained money into those accounts to launder the funds, and then transfer the money or make large purchases they never intend to pay back. When the fraudulently created accounts are abandoned, the financial institutions are left holding the liability and the debt.
How do you think the recent global events affected the cybersecurity landscape?
There will continue to be an increase in the volume and severity of cyberattacks originating from Russia, and many governments have likely underestimated the potential severity of these threats. In particular, threats to utilities and communications are worrying. Older systems may be especially vulnerable to ransomware or phishing attacks due to outdated technology that may not offer the same level of protection as more modern MFA or other cybersecurity solutions.
In your opinion, which organizations are a high target for fraudsters and should implement quality identity verification measures as soon as possible?
Banking and other financial institutions are a prime target due to both the monetary assets under their control and the quantity of immensely valuable personally identifiable information at their disposal. While attacks on healthcare providers have decreased somewhat as COVID numbers have declined, they remain a target for cybercriminals as well.
Besides quality Identity & Access Management solutions, what other cybersecurity measures do you think every company should implement nowadays?
Utilizing a zero-trust architecture throughout the organization is a significant step toward improving cybersecurity. Zero-trust is heavily augmented by quality IAM solutions but is significantly more than just effective identity management. By implementing policies, such as database vaulting for secure data storage (even at rest), segmenting the network, and encrypting data in transit, organizations can ensure that their systems are always appropriately secure.
As for personal use, what security measures can average individuals take to prevent their identity from being stolen?
In a perfect world, we’d be able to use a proven identity authentication system like Q5id for all personal access control. Until more businesses utilize services like Q5id’s Proven Identity app, use a password manager to help create and manage unique passwords for all digital accounts. In addition, take advantage of free credit check services, and regularly log in to online accounts to check activity and ensure nothing is unusual. Additional steps include using a different email address for your social media accounts than those used for accounts that handle money, such as your bank or PayPal accounts. This way, if your social media accounts end up hacked or their credentials are stolen, it does not also compromise your financial accounts.
What do you think the future of identity and access management is going to be like? Do you think the use of biometrics is going to take off?
The shift to a single, self-managed identity is slow but inevitable. Individuals will demand that level of control over not just their data but how their identity is used online. With platforms, such as the Metaverse, coming online and shifting our paradigms for engaging online, control over our personal information will be more critical than ever. Using biometrics as an authentication method is already taking off; every day, millions of people use Apple FaceID to access their iPhones, Windows Hello to log in to their computers, or fingerprint readers to unlock their phones. The next step is for a more secure biometric authentication technology to come in and safeguard our entire identity, not just our devices.
Would you like to share what’s next for Q5id?
We are excited to be preparing to launch our Q5id Guardian app this summer, which will help bridge the gap between the hundreds of thousands of children who go missing each year and the mere dozens of AMBER alerts issued to help find them. Additionally, our core Proven Identity Solution is on track for multiple pilot programs, and you may find our technology embedded as part of financial transactions or many other applications we have not imagined yet.