A report released last year by PwC, titled “Managing cyber risk in an interconnected world: Key findings from The Global State of Information Security® Survey 2015” looked at the going rates for Personally Identifiable Information (PII). A complete “kit” of comprehensive information could fetch as much as several hundred dollars, health insurance credentials alone could fetch $20 a pop. And of course, given inflation, those black market prices are only going up.
The more complete a set of information is, the more valuable it is. Rather than just exploiting one account until it’s cancelled, fraudsters can use that collection of info – birth dates, Social Security numbers, addresses, employment information, income, etc. – to open new credit accounts on an ongoing basis.
This is the cold hard truth. So now the question is – how do we fix that? Well, the obvious answer is to make that information less valuable.
Fraudsters are opportunists – they aren’t going to waste their time (and risk legal implications) unless there is a substantial payoff.
Data can be devalued by employing a system that looks at the whole picture, beyond just a couple of static points like a password or credit card number.
“Effectively, observing subtle signs generated by consumer interaction with the digital world around them allows you to identify the actual human behind the device, versus the current status quo of verifying static identifiers,” NuData Security’s Robert Capps told Robert Abel of SC Magazine.
Bad actors can’t emulate behaviors with enough fidelity to truly take control of a user’s identity if the right signals are in place. The focus changes from the user’s username, password and perhaps location or secret question to his or her unique identifying behaviors. Deriving identification from measuring these behavioral indicators is so powerful because authenticators can’t be replicated.
The bottom line is that we aren’t going to be able to change consumer behavior any time soon, but we can devalue their personal data and render it useless to bad actors. Who wants to steal something that’s worthless?
Want to read more posts like this? See our full blog here.