The Economist: Financial fraud booming as data thieves attack consumers

April 6 — Financial fraud booming as data thieves attack consumers

Robert Capps, VP of Business Development at NuData Security contributes this piece to The Economist. He covers the importance for companies to change how they authenticate users to preserve the trust and safety of their brand in the eyes of their customers.

Data breaches are big business, with many high profile companies and government agencies including Target, Sony, Ashley Madison and the US government falling victim over the past few years. If current trends are anything to go by, 2016 will be no different. Details of breaches have already been reported from the international food chain Wendy’s and HSBC, one of the largest global banking and financial services organisations. Login details, passwords, payment information and personally identifiable information are the core details that hackers desire. These data breaches are a stark reminder that personal data continues to be a desirable target, no matter how diligent a company’s efforts are in data protection.

Masking the truth

One result of the growing number of data breaches is the rising trend of Account Takeovers (ATO). Used by hackers to impersonate genuine customers, it is harder for retailers and financial institutions to both detect and safeguard against, making it a near fool proof-way for attackers to gain information such as logins and passwords.

The Internet has become awash with such stolen details and fraudsters have realised that consumers are notoriously bad at managing their online security, often reusing the same login data across many websites. The use of stolen credentials to log into high value websites, coupled with the fact that traditional fraud solutions are set up to focus on the kind of suspicious, new account transactions that are the hallmark of large credit card data breaches, are a perfect storm for fraud. Once data thieves steal this customer information, they are able to create new bank accounts and even take out loans with legitimate customer PII (Personally Identifiable Information).

Friction free

Having the correct credentials for an account is only the beginning for adjudicating identity. Knowing if the correct person is logging on is the next big challenge facing organisations as they attempt to curb the amount of stolen personal data that is currently being leaked. With consumer data now so easily available to the average cyber criminal, companies must re-evaluate their traditional reliance on easy-to-bypass Knowledge Based Authentication (KBA) and add hard-to-replicate user behavioural biometrics. Continued reliance on traditional identity signals and authentication techniques will ultimately result in a foreseeable outcome: inconvenience and friction on good a customer’s experience and financial losses to organizations and consumers.

For the complete article, go here.