Written by: Mikhaylo Pavlyuk, Digital Identity Consultant
The Illusion of Progress: Why We Buy Instead of Solve
Lately, we’ve noticed a recurring pattern — especially among banks and fintechs pushing hard on digital transformation and service security. Too often, they confuse buying a face authentication software with actually solving their security problem.
And honestly, it’s a very human thing. We want to feel like we’ve done something. Bought something. Implemented something. So we can say the issue is “closed”. It’s like buying a gym membership and feeling like you’re one step closer to being healthy — even though, in reality, you’ve just spent money and nothing’s changed.
The same happens in digital banking. Take client face authentication in 2FA / MFA systems, for instance. Everyone wants to quickly boost security, reduce fraud, and simplify onboarding. So what happens? The companies jump straight into product selection — evaluating biometric tools, KYC platforms, and anti-fraud systems. They compare vendors, sign contracts, and launch projects.
Sounds logical, right? But very often, nobody stops to ask the simple yet crucial questions:
Not long ago, we watched one panel discussion called "Fraud Using Deepfake Technologies: How Not to Become a Victim" where experts talked about the tech, specific cases, huge financial losses, and possible solutions.
But no one talked about the most important thing: who are we actually protecting ourselves from? What kinds of threat actors are we dealing with? Which threat scenarios are realistic for a specific business or user? And what would really happen if one of those attacks worked?
We often talk about examples and tools — but not always about who, why, and what then.
The result? Companies end up buying expensive face authentication systems that:
And honestly, it’s a very human thing. We want to feel like we’ve done something. Bought something. Implemented something. So we can say the issue is “closed”. It’s like buying a gym membership and feeling like you’re one step closer to being healthy — even though, in reality, you’ve just spent money and nothing’s changed.
The same happens in digital banking. Take client face authentication in 2FA / MFA systems, for instance. Everyone wants to quickly boost security, reduce fraud, and simplify onboarding. So what happens? The companies jump straight into product selection — evaluating biometric tools, KYC platforms, and anti-fraud systems. They compare vendors, sign contracts, and launch projects.
Sounds logical, right? But very often, nobody stops to ask the simple yet crucial questions:
- Where are our real risks?
- Who might attack us?
- What exactly are we trying to protect?
- At what point in the customer journey is verification necessary — and where might it just create friction?
Not long ago, we watched one panel discussion called "Fraud Using Deepfake Technologies: How Not to Become a Victim" where experts talked about the tech, specific cases, huge financial losses, and possible solutions.
But no one talked about the most important thing: who are we actually protecting ourselves from? What kinds of threat actors are we dealing with? Which threat scenarios are realistic for a specific business or user? And what would really happen if one of those attacks worked?
We often talk about examples and tools — but not always about who, why, and what then.
The result? Companies end up buying expensive face authentication systems that:
- Don’t solve their specific security problems
- Create unnecessary UX barriers for clients
- Look impressive in presentations but fail in real life
Download the White Paper: Threat Model for Remote Biometric Identification
What to Do Before Choosing a Face Authentication Vendor?
The answer is surprisingly simple — yet it’s often skipped.
First, analyze your own business processes. Understand where key customer actions happen, where risks truly lie, and where fraudsters could actually cause harm.
Next, develop a threat model. Who might attack you? How? How likely are these scenarios?
Only after that should you start choosing a face authentication software.
Because buying a product is not the finish line. It’s not even the middle of the journey. It should be a consequence — the last step after you fully understand your security risks and needs.
Otherwise, you’re just creating the illusion of progress, wasting money, and staying stuck with the same problem.
Don’t just buy security. Build it — the right way.
First, analyze your own business processes. Understand where key customer actions happen, where risks truly lie, and where fraudsters could actually cause harm.
Next, develop a threat model. Who might attack you? How? How likely are these scenarios?
Only after that should you start choosing a face authentication software.
Because buying a product is not the finish line. It’s not even the middle of the journey. It should be a consequence — the last step after you fully understand your security risks and needs.
Otherwise, you’re just creating the illusion of progress, wasting money, and staying stuck with the same problem.
Don’t just buy security. Build it — the right way.
Build secure digital identity with 3DiVi BAF — biometric identity verification platform for banks, fintechs, and government services.
➟ Explore 3DiVi BAF
