What is More Important: Convenience or Security?
Close your eyes for a moment and picture the Family Feud board where the top responses from an audience survey are listed. Now imagine that the top 5 answers are listed on the board based on the survey question: "What are the most essential features when it comes to using digital products/services?” According to a McAfee study conducted in November of 2021, if you selected security as your answer, you would have picked the number one response. While innovative apps, speed, convenience, payments, and the latest mobile platform upgrades get the attention, security is a primary concern for digital users whether using online or mobile channels. This should come as no surprise based on the number of stories about security breaches that appear in the news.
According to the Identity Theft Resource Center in their 16th Annual Data Breach Report, the percentage of breaches that stole sensitive data like Social Security Numbers was up from 80% to 83% year over year. And the number of data compromises for 2021 is the highest ever recorded. Hackers know that stolen personally identifiable information (PII) is a valuable commodity because it can be used for everything from accessing bank accounts to opening fraudulent new accounts and loans, and one of their personal favorites… purchasing electronic devices. While consumers cannot control the breaches, they can employ safety methodologies to thwart the hacker from gaining access to their information.
At the most basic level, the use of strong passwords (complex characters in a long password) is a prudent first step. But it is the use of "unique" strong passwords for each digital application that limits fraud. However, in a 2019 Google/Harris Poll, 52% of respondents said they use the same password for multiple accounts, and 13% use the same password for all of their accounts! Combined, 65% of the respondent group is a pretty large target for hackers to hit, especially based on the sophistication of their attacks. While 79% of the respondents believed that updating security software is very important, 33% indicated that they don't regularly update their applications or don’t know if they update their applications. (If you are one who overlooks doing your Windows updates, and then curse under your breath when your computer defiantly reboots on its own… this warning is for you). The lack of digital user caution about password reuse across multiple sites or applying security updates to operating systems puts the organizations holding one’s data in a precarious position.
While the news stories often want to point a finger at companies for the compromise of consumers' personal information (and yes, there are weak organizational security practices just like the personal inadequate security practices mentioned above), it is often the end-user who is a significant contributor to the theft of their own information. Consider this scenario: Your friend sends you a video attachment entitled "a dog climbing backward up a tree." Even if you don't understand fundamental physics, there is a 90% chance something is amiss. Why 90%? Well, it could be a fallen tree on an angle, and Fido probably could walk backward up that tree. But chances are that the title of that video is intriguing enough to make you want to click on it. The video opens, and astonishingly, the dog climbs right up the tree backward! Amazing right? In the back of your mind, you suspect that the video has been manipulated, and you are probably right. What you don't realize is that the video has keylogger malware attached to it, and since your PC has low security protection, the malware gets installed. Now, when you visit websites and enter your credentials, everything you are typing is being sent back to the hacker.
Scary stuff, yes. You may have heard a term called "enhanced security." Enhanced security is like the proximity device in your car's key fob as it’s used in conjunction with the chip in your car's ignition system. Even if you leave the doors unlocked, the ability of a thief to steal your vehicle is highly reduced because the proximity device and the chip in your ignition act as an "enhanced security measure" to start your car. If the key fob isn’t present, it’s significantly more difficult to start the engine based on how the ignition system’s chip is configured to perform. Relating this concept back to banking and PII, enhanced security applications provide an extra level of security to protect your account information at the point of account login.
Perhaps the most widely recognized enhanced security application for mobile devices is biometrics, or the "fingerprint reader." While the fingerprint reader is often touted as the authentication method that speeds up login (after all, it is often called "quick access"), it is also an extra layer of security because only you can unlock the device or the application. Mobile biometric security is also available through facial recognition, which captures select data points from a scan of your face and uses those data points for authentication. In addition to fingerprint and facial recognition, some applications are starting to use voice authentication. If you have used an application that asks you to read a sentence several times until the application recognizes your voice, then chances are you have used a form of voice biometrics. The use of biometric security technology has primarily been used in the mobile channel since the device is always with you.
Multifactor authentication has grown in popularity over the past few years because it can be used in both online and mobile channels. Multifactor authentication occurs when the system asks you to enter a numeric code (most often six digits) upon successful login. Unless the fraudster has your mobile device or knows the login to your email (which means you needed a strong password for your email application) and/or your text messages, they cannot complete the security chain to gain access to the account. Multifactor authentication adds friction to access the account. That extra step in the login process can be the difference between a hacker getting into your account or getting frustrated and moving on. Frustration is an important point to mention here because hackers are often concerned with the volume of PII they can obtain to resell. Any additional friction on an account is an extra deterrent and sufficient cause for the hacker to move to an account with minimal security. Also, keep in mind that multifactor authentication is not just for logins anymore. Some application providers have added multifactor security as an additional authorization step for select transactions, such as high dollar bill payments or wire transfers.
The point here is that you want to employ as many different security measures as possible to increase the complexity (friction) for a hacker to access your account. The next time you let out a frustrated sigh when an application asks for your multifactor code and your phone is across the room, or you have to look for an email to get the code, just remember that the inconvenience of accessing that code is precisely what is providing additional security.
Let's return to where we started with the McAfee study. Hopefully, you have a better understanding of the large-scale problems that a little extra attention to security may help mitigate. Updating your device's operating system and applications to the latest releases ensures that you have their latest security updates installed. Using unique and strong passwords for EACH of your accounts increases the difficulty for a hacker to log into your accounts. By using multifactor authentication, you are ensuring that there is an additional security step causing enough friction that the hacker may look elsewhere. While there will undoubtedly be future security compromises, adding extra security to your accounts can be the difference between being an easy target or a challenging target.