ao link
Business Reporter
Business Reporter
Business Reporter
Search Business Report
My Account
Remember Login
My Account
Remember Login

Keeping social media users safe

Daniel McLoughlin, Field CTO, OneSpan asks whether social media users be paying extra for security

 

Social media has become an integral part of our daily lives. It allows us to connect with people, share information and content, stay up to date with latest news, often all within the convenience of a singular app.

 

However, rises in cyber-crime and the increasingly complex hacking methods of criminals has meant that social media users are facing greater risks than ever. The rates at which social media accounts are being compromised has drastically increased. In 2022 alone, account takeovers increased by around 1000%. Social media users need all the protection they can get.

 

Some security methods implemented by social media platforms to protect users from these threats, include two-factor authentication (2FA), as well as various verification systems. But recent decisions from the heads of Twitter and Meta have potentially put the safety of users of the platform at risk.

 

The controversial move to apply paid verification systems and for Twitter to strip access to text message 2FA for unpaid users has been seen as compromising the security and experience of social media users. This raises an ethical debate surrounding morality and cyber-security – is it ever okay to expect social media users to pay extra for their security?

 

The age old verification challenge

The challenge of how to verify users’ identities has been a persistent concern for social media platforms since their inception. The anonymity provided by the internet has made it easy for users to create multiple accounts, steal other people’s identity, or create fake profiles, leading to severe issues like trolling and harassment, as well as brand or people impersonation.

 

This was particularly seen following Twitter’s decision to implement a paid verification system. We saw countless examples of brand-spoofing and phishing attacks, resulting in real life financial consequences for people and organisations. To tackle these problems, social media platforms need to establish robust verification and authentication systems that ensure users’ identities are genuine.

 

There are various methods to verify user identity, such as email or phone number verification, government-issued ID verification, or biometric verification. Organisations could also utilise continuous authentication, a method which combines behavioural, biometric, and keystroke dynamics data to continuously verify a user’s identity.

 

This method differs itself from standalone authentication tools by employing specialised authentication methods based on real-time risk analysis, helping to reduce fraud and alleviate the burden of MFA fatigue. 

 

Each approach in isolation has its drawbacks, meaning that a combination of methods is usually ideal. Moreover, these systems need to be scalable to millions of users and be easy to use, so as not to hinder user experience.

 

Creating a two-tier system

Outside of the issues listed above, putting a paid verification system in place on social media platforms also brings up an interesting moralistic debate. If platforms like Twitter are only allowing access to certain security protocols for paid accounts, then it creates a situation where some users are more protected than others, establishing a two-tier hierarchy of social media users.

 

Protocols like text message 2FA should be the bare minimum when it comes to account security - while it is better than nothing, it is far from what social media sites should be using. There are open standards in authentication that the likes of Twitter could have easy access to, such as OATH and FIDO.

 

The overheads for them to develop some of these would probably be lower than the cost of their SMS bill, so there really is no excuse for not providing this as a minimum. Most importantly, there shouldn’t be any need to charge users extra to access them.

 

On top of this, if other industries like gaming are anything to go by, fraudsters will often go after paid accounts because of the extra benefits they bring. This means we can likely expect a wave of phishing and account take over attacks on paid Twitter accounts, defeating the very purpose of these measures.

 

With social media account breaches already at an all-time high, decisions like this set a worrying precedent, and not just for social media. The decisions of Twitter and Meta could be the start of a trend that sees organisations looking to capitalise on rising online insecurity and charging users extra for what should be a basic digital right – the safety of your data and information.

 

The argument over whether paid verification as a concept should exist is one thing, but the security of users is an area that should not be up for debate.

 

Security as an essential, not a premium

The online experience simply must be underpinned by strenuous safety protocols, but for businesses it’s about doing so in a way that doesn’t impact the user experience. Once we accept that security is simply not an area for compromise, it then becomes a question of how do we seamlessly integrate security throughout applications in a way that doesn’t hamper usability or feel like a burden?

 

Most importantly, how do we verify and authenticate users to ensure the safety of the platform without making people pay extra or have to sacrifice their anonymity?

 

There may not be a catch-all solution, but with the increasing sophistication and technological capabilities of cybercriminals, it’s clear that social media platforms need to introduce new methods to protect users. To address these issues, these platforms need build experiences with user-security at the core.

 

Whether the tactics deployed rely on innovative approaches, such as blockchain-based verification, or algorithms that can detect fake accounts based on user behaviour patterns, security cannot be an add-on.

 

Solutions such as these will require significant investment in technology and data security measures, but ultimately the benefit of providing users with a safe experience will restore a sense of trust in social media platforms. Something that is sorely needed.

 


 

Daniel McLoughlin is Field CTO at OneSpan

 

Main image courtesy of iStockPhoto.com

Business Reporter

Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF

23-29 Hendon Lane, London, N3 1RT

020 8349 4363

© 2024, Lyonsdown Limited. Business Reporter® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543