When artificial intelligence successfully replicates human voices and faces, simply ‘logging in’ is no longer a guarantee of security. Traditional identity verification – passwords, PINs and even SMS-based two-factor authentication – can no longer keep up with the scale and sophistication of digital fraud. The digital landscape has been profoundly transformed and trust, hitherto the foundation of online interactions, is becoming a scarce commodity.
From technical to psychological manipulation
AI today generates deepfakes that easily pass authenticity tests – not only in social media, but also in corporate communications. Incidents involving large-scale fraud due to the use of deepfake are unfortunately becoming more frequent and very severe. Such attacks are no longer scenarios from science fiction films – they are real risks faced by financial institutions, telecoms operators and public administrations.
But it is not just technology that is driving the wave of threats. Equally effective – and sometimes more so – are actions based on social engineering. ENISA alerted as early as 2023 that 75% of attacks on European SMEs use elements of psychological manipulation. Fear, time pressure or false authority – these are still more effective tools than the latest exploits.
Biometrics: remedy or false sense of security?
Biometric technologies are increasingly appearing in identity security strategies – from mobile banking to e-government. Face, voice or fingerprint recognition offers a clearly higher threshold of difficulty for cyber criminals than traditional methods. But the effectiveness of these systems is not absolute – their security is based on complex architectures that take into account, among other things, spoofing signal detection, biometric data protection and regulatory compliance.
Digital identity cannot be reduced to a single physical indicator. Without an integrated approach – combining technology, processes and organisational culture – biometrics can give a false sense of control.
Education and awareness: the cheapest and undervalued tool
At a time when AI is becoming increasingly important and every face and voice can be faked, basic digital competences are becoming not just an asset, but a prerequisite for survival in the online environment. Companies that do not invest in regular training and awareness campaigns are condemning their employees to be the weakest link in the security system.
In this context, it is worth noting the growing importance of so-called ‘cyber hygiene’ – simple but effective practices such as creating strong passwords, activating MFA or using social media prudently. From a cost and efficiency perspective, this is often the best return on investment in the entire IT security ecosystem.
Regulation: digital trust portfolio
The digital transformation of public administration and the financial sector is increasingly based on the concept of digital identity. The European eID initiative, which assumes a single digital wallet standard, is an attempt to respond to the need for standardised and secure identification in the online world. But the key challenge remains user acceptability – overly complex or intrusive systems will simply not gain popularity.
A well-designed regulation should not only create a security framework, but also facilitate access and increase trust in digital services. Otherwise, users will opt for simpler but less secure solutions.
The future of digital relationships depends on trust
Trust in the digital environment is becoming the new currency – rare, prone to inflation and increasingly difficult to verify. Companies that want to remain competitive in the data-driven economy need to invest in mechanisms to verify not only users, but also the interactions themselves.
Authenticity – in the context of identity, intent and data – is becoming a strategic asset, the loss of which can cost more than any cyber attack. Therefore, synergy will be key: advanced technologies, informed users and flexible regulation must come together to create an ecosystem in which digital identities are not only secure, but also trustworthy.
