How AI has the power to save the world from identity theft
Identity theft rose to the top of crimes reported by US customers and it continues to affect thousands of people. ID theft, unauthorized payments, and even blackmail is possible with the information that hackers steal every year. Is artificial intelligence the solution that we need to protect our sensitive information on a global scale? New technologies such as DeepCode may reduce ID theft.
While climate change is set to disproportionately affect the world’s poorest people, there is another crisis brewing that is set to hit those of us in the developed world the hardest.
Over the last few years, identify theft has leapfrogged all other crimes to top the list of crimes reported to the FTC by U.S consumers. Unfortunately, the number and complexity of these crimes is growing every year. Put simply, though most of us remain blissfully unaware of it, ID theft is quickly spiraling out of control.
In July of this year, U.S bank holding company Capital One revealed that it had suffered a data breach that had seen hackers make off with over 100 million records of people who had recently applied for a credit card.
Capital One revealed that along with names, addresses, ZIP codes, phone numbers, email addresses and birthdates, 140,000 social security numbers and 80,000 bank account numbers of U.S citizens had been stolen.
With this information, it is possible for anyone to commit a range of crimes that include:
- ID theft
- Unauthorized money transfers/payments
- Phishing scams
- Blackmail / Extortion
- Harassment / Threats
- Targeted Ransomware
While such large scale breaches are relatively infrequent, there are thousands of data breaches occurring every day.
Unfortunately, the picture is getting bleaker by the day.
In its 2019 Official Annual Cybercrime Report, The Herjavec Group noted a 12% increase in cybercrimes in 2018. This is a phenomenal growth rate that should serve as a warning to businesses and governments everywhere. The fundamental problem behind these kinds of cybercrimes is that the security element is usually one step behind the hackers.
In a typical cybercrime of this nature, hackers will probe around until they find a security weakness in a firm’s security infrastructure.
While a proportion of cybercrimes still remain ‘inside jobs’, where an individual leaks vital security or personal data to an outside party, the vast majority of future cybercrimes will involve exploiting security weaknesses.
Given that these weaknesses revolve around software ‘holes’ that both the original developers and the code reviewers have overlooked, a new solution must be found to overcome such human failures. The cost of any breach is massive – once any piece of information is stolen, it cannot be recovered.
Where artificial intelligence-based ID security stands today
Artificial intelligence, while today technically only machine learning, is already a powerful weapon in the battle against ID theft. Even before a software program/platform has been released, AI systems are hard at work helping to identify potential security weaknesses in the code that underlies ID programs of all kinds.
Increasingly, software developers are relying on automated AI code reviews to help reduce both costs and the chance of human error. A prominent example of this exciting new technology at work is DeepCode.
Featured in a VentureBeat article earlier this year, the company’s CEO highlighted that such systems are able to create a “live knowledge base of all known bugs and their appropriate solutions”.
Herein lies AI’s true advantage. Since this “live” learning is, in effect, ubiquitous, they are able to learn and apply fixes on a global scale, meaning that once a problem has been identified and solved, it can be almost instantaneously solved all over the world.
For the global human developer community, this information would likely never reach a vast majority of developers, meaning repeats of this error may occur very frequently. What this means is that AI systems could effectively close off all identified and solved security weaknesses that can be used to exploit systems to gain access to ID-related information.
The beauty of such a system is that as the database grew, so would its ability to learn and understand ever more types of code errors and ways that hackers might exploit a system.
Another area where AI is and will continue to have a dramatic impact on digital ID security is biometric data. In the past few years, the technology behind facial recognition software has advanced considerably. It has the potential to greatly bolster Identity and Access Management (IAM).
The news recently broke that France is planning laws that will make it a requirement for systems to incorporate facial recognition technology as part of a mandatory digital identity. Soon, facial identification will be a requirement for any French citizen wishing to access their tax and other records online. While facial recognition systems are not impervious to being hacked, they do require far more complex breaches in order to do so. This will greatly limit the number of hackers with the expertise to bypass systems that incorporate this technology.
However, today the application of AI is limited by the immaturity of its development and the technologies used to run them. As these programs become increasingly sophisticated with time, and the computer power develops to run them, AI promises a very exciting future.
An AI-powered future
What is certain is that the AI will continue to evolve in the direction outlined in the examples above. Current systems will become increasingly more sophisticated and therefore accurate.
Accuracy and learning are key when it comes to data protection. Systems that are able to quickly and accurately identify us by our biometric data as well as protect systems from unauthorized access will be invaluable in the fight against ID theft.
The really exciting and potentially revolutionary use of AI in identity theft will come from specialist tools that monitor the use of our ID in real-time. While these are some way off, they will make it incredibly difficult for all but state-sponsored hackers to get access to our identity data and other personal information.
Let’s consider the banking industry, which is one of the main drivers of artificial intelligence ID software development.
AI systems are already being implemented to supplement existing firewalls and security infrastructure. These systems include learning programs that are able to identify such things as large bank transfers etc., which are immediately flagged up to human operators who then act.
Allowing AI systems access to real-time data such as our phone location (already collected by banks via our banking apps) and biometric data such as our voices (also collected) will allow sophisticated banking systems to verify our ID from a vast range of criteria that would be very hard for hackers to fake. Whereas in the past, a simple password was used to secure our online banking, banks have progressively introduced more and more security layers to try to protect accounts.
Today, we are required to enter 1 to 2 passwords with the addition of a special code generated by a bank code generator in order to access our accounts.
In the future, biometric data and metadata relating to our behavior patterns, and possibly an immutable blockchain ID solution will completely rid us of the need for passwords and the tiresome task of generating codes. Not only will that be a relief to us all but these solutions will be a lot more secure.
AI-powered learning systems will also be able to overcome traditional security holes such as changes in appearance.
Since they will be able to monitor real-time changes in our appearance, they will be able to fight ID theft by rejecting the old images that hackers might have been able to obtain from previous data breaches. It is entirely possible that we will see real-time passports where only the latest images of a person’s appearance are allowed in the not too distant future.
Another positive offshoot of such complex systems is that they will take far more time and resources to breach.
It is entirely likely that AI systems will end the reign of the individual hacker as they simply won’t have the ability to identify gaps and exploit them before the system reacts. A well-developed AI security system would have the power to react to close a breach in nanoseconds, something that even a team of hackers simply could find no way around. Consequently, both the number of hackers and the power of their equipment will need to multiply exponentially to keep up.
This will likely result in only state-level sponsored attacks to large systems such as those run by Capitol One, especially as future, hacks will likely require AI systems of their own to overcome the AI security systems protecting the systems they are attacking.
So as you can see, the real question is not whether AI is going to take the lead in global ID security solutions, but rather how much data will we allow these third party systems access too.
The only real limit to the power of AI to protect our identities is the access these systems have to our data. As we have unfortunately seen with recent revelations about the NSA and Facebook, the power of this information is too much to be left in a single set of hands, especially when they have profit as their primary motive.
With states such as California already enacting laws to limit the use of facial recognition software, the real question will come down to the cost of future data breaches vs. our right to privacy.
How this battle will go, no one can predict.