This article first appeared in Digital Edge, The Edge Malaysia Weekly on November 14, 2022 - November 20, 2022

Malaysia has been making huge strides in digitalisation recently. From launching its digital economy blueprint MyDIGITAL to implementing initiatives such as the #SayaDigital Movement, there is no doubt that the country is on its way to positioning itself as a regional leader in the digital economy. On top of this, the nation is one of the front runners in the idea of a cashless society, with 74% of consumers having gone cashless.

However, even as the nation continues to scale its digitalisation efforts, cybercriminals, too, have been upping their game. Bad actors are adapting and becoming more sophisticated — even as companies continue to ramp up their digital capabilities and strengthen their security.

To top it all off, it doesn’t take much to circumvent security fences today. Any Joe or Jane can now try his or her hand at becoming a criminal online, with items such as phishing kits now widely available on the web.

Digitalisation, it seems, has not only paved the way for more advanced technologies, but also created a rich environment for cybercriminals to thrive in. If that’s the case, how do we stay ahead of our criminal adversaries while reaping the full benefits of the digital world?

As we continue to advance our digital transformation journey, it has become exceedingly apparent that the intended users of any system will never be as sophisticated as its attackers.

Take the complex nature of online scams, for instance. It was reported that 68% of commercial crime cases involved online fraud, resulting in a loss of RM3.5 billion. Scammers used social engineering attacks to impersonate authorities, tricking users into revealing personal information. Attacks like these succeed because they are carefully designed to manipulate emotions and take advantage of the victims’ trust, causing them to disregard logic and ignore warning signs — until it is too late.

As we continue to see an upward trend of online shopping scams in Malaysia, it has become clear that humans are hardwired to fall for these phishing scams — and it’s up to organisations to step up with the right technology to keep their data safe. A strong cybersecurity stance today must include a mix of both consumer education and sophisticated technology that considers the multifaceted risks from cybercriminals.

To this effect, more online businesses are adopting database checks for identity verification. However, existing challenges from limited enrolment among locals or foreigners, as well as the toggling between different platforms or interfaces — which lead to consumer frustration and drop-offs — may hamper the efficacy of these digital databases. In addition, not all countries have maintained digital identity (ID) databases, which could have ramifications for business scalability and operational costs when it comes to integrating with different databases when expanding across borders.

Fortunately, reliable and secure identity verification can be achieved without compromising convenience or usability. Banks, in particular, are already implementing modern features such as facial recognition and liveness detection — which enables companies to determine the user’s physical presence behind an app — to thwart impostors and send fraud levels plummeting.

But that alone is not enough. Organisations often risk overlooking ease of use and convenience in their pursuit for newer, more secure technologies. A future-proof cyber defence strategy, however, requires picking the right technologies and implementing them in the right manner.

More consumers are demanding digital identity solutions for verification when engaging with companies online. But, they are not entirely confident that all businesses are doing everything they can to protect the online accounts of customers. According to our global survey, only 34% of consumers believe that their bank has implemented more online identity verification checks since the pandemic to protect them against online fraud and identity theft.

Though, this is not for a lack of trying. Some enterprises will, in fact, deploy multiple solutions to protect their ecosystems and users — but that often comes at a cost. From risk and fraud detection capabilities to user authentication, each disparate solution adds a layer of complexity to the system. This is further aggravated by the number of different features that need to be managed to satisfy various aspects of regulations and the consumer journey. To make matters worse, some of these technologies are not user-friendly, and risk making the system harder to use.

However, strong security can be achieved without forgoing simplicity and usability. Organisations can adopt a more comprehensive and holistic approach that benefits both the user and the organisation, while minimising costs and security risks. This can be achieved by consolidating the technologies onto one single platform, or by partnering with an integrated solutions provider.

For banks, that would mean unlocking a full suite of online ID verification, electronic know-your-customer (eKYC) and anti-money laundering (AML) solutions that leverage liveness detection, artificial intelligence, machine learning, biometrics, automated watch list screening, ongoing transaction monitoring and any necessary manual reviews through a single integrated partner. Doing so takes the heavy lifting of fraud prevention out of the hands of users, while allowing organisations to focus on their primary business.

The seamless orchestration between disparate components in a cyber defence infrastructure is critical in delivering faster and more reliable ways for detecting online fraud and simplifying regulatory compliance. The best solution should not require any additional steps from the user and allow the organisation to effectively balance security and convenience.

The reality is that cybercriminals will never stop finding new ways to attack. At the end of the day, it falls upon organisations to provide their customers more secure authentication mechanisms, without letting the new features and costs precede the real needs of users and business processes.

Ultimately, digital transformation should not be seen as a be-all and end-all solution. Rather, it is imperative that organisations in Malaysia evaluate their digitalisation strategy to future-proof systems and protect their users. And, they must do so with careful consideration of each type of technology and implementation — lest the features become yet another spoke in the wheel that could have been avoided in the very first place.

Frederic Ho is the vice-president of Jumio, a global identity verification company that provides end-to-end identity proofing, risk assessment and eKYC/AML compliance solutions

Save by subscribing to us for your print and/or digital copy.

P/S: The Edge is also available on Apple's App Store and Android's Google Play.