Cyberattacks are hitting hard and fast. According to the Canadian Anti-Fraud Centre, Canadians lost $554 million CAD due to fraud in 2023 alone–up from $531 million in 2022.
Passwords, which are intended to act as the first layer of protection for user data, often turn out to be the Achilles’ heel. Approximately 80 percent of verified data breaches can be traced back to weak, reused, or compromised passwords.
A Mastercard Canada survey of 300 small business owners across Canada and 2,000 Canadians from the general population in Q2 2023 found that small businesses are still putting their faith in passwords to fend off cyber threats. Approximately 65 percent of these businesses said that sticking to strong passwords is their main defensive strategy.
“With Canadians increasingly targets of fraud, cyber preparedness can’t be an afterthought.”
Despite leaning on passwords, small businesses aren’t confident about their cybersecurity. Only 36 percent actually feel sure that their current defences are doing the job, according to Mastercard Canada’s report. The survey also found that nearly 60 percent of respondents find password upkeep exhausting, with small business owners feeling the brunt of it.
“Simply put, the volume is overwhelming, resulting in this fatigue and ultimately increased vulnerability,” Aviva Klein, Vice President of Digital Payments & Cybersecurity Solutions at Mastercard noted. “With Canadians increasingly targets of fraud, cyber preparedness can’t be an afterthought. It needs to be a priority for both consumers and businesses.”
With the tide of password fatigue rising and the cracks in password security widening, there’s a growing consensus we’re reaching the end of the password era. Klein recently shared with BetaKit two key technologies aiding in the fight against these challenges, and how Mastercard is using them to improve the cybersecurity posture of both consumers and businesses.
Replacing the password with the person
The vulnerability of passwords stems from their static nature, since a consistent sequence of characters can be easily duplicated by unauthorized individuals. Klein said biometric authentication, which authenticates individuals through biometric data such as facial recognition or fingerprints, will eventually replace the traditional password as we know it today.
Biometric authentication has already become an indispensable tool for businesses and consumers, streamlining everything from unlocking smartphones to accessing online banking services.
Besides being tough to fake, biometrics bring the convenience of a quick scan for authentication, cutting out the need to switch between apps or remember a long list of passwords. Biometric technology is also getting sharper, with one study revealing a jump in biometric system accuracy from a solid 96 percent in 2014 to a near-perfect 99 percent by 2018.
Tokenization can also goes hand in hand with biometric authentication, adding additional layers of protection to payment credentials. In January, Mastercard released its own biometric authentication service based on the Fast Identity Online (FIDO) Alliance standards to help users secure online purchases. The service combines biometric authentication with tokenization to ensure payment credentials cannot be used by anyone except the rightful owner of that payment credential and provides a seamless user experience..
Mastercard is a member of the FIDO, a group that also comprises companies like 1Password, Apple, and Google. FIDO standards create an encrypted key pair, or a passkey, that is stored on a user’s phone. Only that user’s biometrics, like a fingerprint or face, can unlock that passkey.
Using AI to fight fire with fire
Passkeys represent the latest stride forward from traditional passwords in the ongoing battle against cyber threats, but the landscape of technology combating cybercrime continues to expand.
Cybercriminals are increasingly turning to artificial intelligence to steal data by automating phishing attacks, or using malware equipped with AI capabilities to evade detection by traditional cybersecurity defences, as well as deepfake technology, which uses AI to manipulate audio or video recordings to impersonate trusted individuals or websites.
But while AI is helping bad actors, it’s also helping those fighting them. AI can swiftly analyze vast amounts of data, identifying patterns and anomalies that may indicate fraudulent behaviour in real time, allowing for rapid detection and response to potential threats.
Mastercard, for example, uses AI to track fraud in real time by screening billions of transactions for multiple risk factors, specific to each transaction. In mere milliseconds, Mastercard’s AI can predict the likelihood of whether a transaction is fraudulent or not.
“With generative AI, we can transform the speed and accuracy of our anti-fraud solutions, deflecting the efforts of criminals,” Klein said.
Mastercard claims its AI solutions, which it plans to deploy globally this year, can increase fraud detection by two to three times, intercepting $20 billion in fraud attacks across its global network in the past year. The company recently announced a real-time decision-making solution, powered by generative AI, that already helps banks score and safely approve 143 billion transactions globally each year.
Many of Mastercard’s cybersecurity products are developed at its Global Intelligence and Cyber Centre of Excellence in Vancouver. According to Mastercard Canada, over 36 patents have been filed at the centre since it launched in 2020.
For companies seeking to strengthen cybersecurity defences, Mastercard Canada believes both AI and biometrics offer promising avenues by reducing the complexities and vulnerabilities of traditional cybersecurity strategies.
“The future of authentication through biometrics and AI will eliminate the friction and vulnerability that endless passwords and multi-factor authentication can create, making access to data more convenient and safer for Canadians,” Klein said.
