Today, online fraud causes losses exceeding 77 trillion rupiah annually in Indonesia. Why is this happening?
As society becomes more connected online, the digital world opens up new opportunities. From bank loans, health insurance policies, to purchases on e-commerce platforms for products that were previously inaccessible. However, along with these new opportunities, a new world is also opened up for fraudsters.
Phishing, smishing, and video phishing are the three most common methods in social engineering scams. These tactics exploit psychological manipulation to trick victims into providing personal information or taking harmful actions. A study by KnowBe4 found that over 90% of phishing attacks involve social engineering tactics. In Indonesia, 99% of all phishing attacks are linked to social engineering.
Weak Passwords: The Phishing Vulnerability
The use of passwords as the primary method to protect digital accounts can actually be one of the main causes of the rise in phishing and social engineering attacks. This is due to the fundamental weakness of passwords, which can be easily guessed, stolen, or hacked by attackers. Most users tend to reuse the same password across multiple accounts or choose weak passwords, like birth dates or simple combinations.
Phishing is a type of attack where cybercriminals deceive victims into giving up sensitive information, including passwords. Phishing tactics often involve emails or messages that appear legitimate, such as from a bank or major tech company, asking victims to enter their passwords on a fake website.
According to recent data, phishing attacks have caused significant losses to many businesses and individuals worldwide, including in Indonesia. For example, Indonesia recorded more than 97,000 phishing attempts in 2023, most of which involved password theft.
In addition to being easily hacked, passwords often become a burden for users. In the end, users tend to reuse the same password across multiple accounts. This opens the door wide to cyber-attacks.
Silent Authentication to Fight Phishing
Increasingly complex digital threats like phishing and account takeover (ATO) can be combated with Silent Authentication. What is it?
Unlike traditional methods such as passwords or PINs, Silent Authentication can authenticate a user’s identity without the need for interaction like entering passwords or PINs. Users simply authenticate biometrically by taking a selfie.
So how can security be built just by using biometric authentication? Although this method appears simple from the user's perspective, the technology behind it is far more complex.
1. Device-Based Authentication
In reality, users’ devices are equipped with Public Key Infrastructure (PKI) that ensures the device can play a role in confirming the user's identity. This way, the device can confirm that account access is only granted to the user. This approach eliminates the need for passwords or OTPs.
2. Biometric Authentication
This is the only process the user undergoes. Simply like taking a selfie, biometric authentication matches the user’s face with the profile in the app and ensures it’s done from a registered device. Ultimately, the safest form of authentication is using one's own face. However, behind this, VIDA incorporates advanced technology for device authentication, providing comprehensive protection for all actions related to personal data.
Silent authentication offers a solution without needing passwords that can be stolen. It also helps prevent biometric fraud by using verified biometric data, making it difficult for attackers to replicate.
By implementing silent authentication, businesses and users can significantly enhance their digital security without sacrificing convenience.
.png)
