Abstract in English:
The concept of granting digital access to users based on proper identification has been the very core of how people access online services since the emergence of the public internet in the 1980s. The power of confirming an identity and being granted access to services of value has attracted billions of users to the internet, and as society moved to this parallel universe, so have other parts of it, namely fraudsters, con men and organized crime. In the past six years, USD 112 billion has been stolen through identity fraud, equating to USD 35,600 lost every minute. The more services are offered to the general public—with additional features for convenience and usability that rely on the internet—the wider the window of opportunity for attackers. Javelin Strategy Research expects fraud related to the creation of new online accounts to rise as much as 44 percent by 2018, increasing losses from USD 5 billion to USD 8 billion in a matter of four years. While consumer personal information has been compromised on an ongoing basis for years, the massive data breaches of 2017 removed all doubt: Criminals clearly have access to the very information that many banks, companies and other businesses use to grant their users remote access to services. Even social security numbers, which are considered highly private and sensitive personal information, were exposed for hundreds of millions of consumers in 2017. Recent data breaches have been a resounding wake-up call to the fact that new methods are needed to validate our identities online. In an era where personal information is no longer private, and passwords are commonly reused, stolen or cracked with various tools, the traditional scheme of accessing data and services by username and password has repeatedly shown to be inadequate.