PaymentsJournal
No Result
View All Result
SIGN UP
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
PaymentsJournal
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
No Result
View All Result
PaymentsJournal
No Result
View All Result

A New Weapon in the Fight Against Identity Theft

By Ryan Wilk
August 10, 2015
in Industry Opinions
0
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
A New Weapon in the Fight Against Identity Theft - PaymentsJournal

Our society may have hit the saturation point when it comes to ongoing news about data breaches. Large organizations seem to lose a lot of money, but the average consumer just changes their passwords and gets issued a new credit card. Many end up with a year or two of free credit monitoring, so all seems well. Back to life as usual. Where does identity theft enter in?

If only that were the whole story. The missing piece is that all the data from all those breaches can add up to a mighty weapon that’s impossible to trace and potentially devastating to individuals. It’s a relatively new phenomenon that’s forcing the industry to rethink Internet security.

The millions of data records that were compromised just last year are comprised of incredibly detailed personal data such as a person’s Social Security number, name, address, phone number, credit card number, name of local bank branch and so on. Data thieves sell this information to aggregators, who cross-reference and compile full identities – called “fullz” on the data black market. This increases the value and usefulness of the stolen data, which may have been gathered from multiple data breaches.

Malicious actors take this compiled data and take out loans, file tax returns or
create new bank accounts under an actual person’s name. These actions cannot be traced back to the fraudster and can cause problems for the fraud victim for years down the road. In a recent New York Times article, a reporter details how a recent healthcare data breach exposed his child to identity theft that could hinder her for the rest of her life, because her Social Security number was stolen.

The effect of compromised personal data doesn’t stop when an individual gets a replacement credit card. Instead, data from multiple breaches can build and build like an avalanche that may demolish a person’s financial future and cannot be restrained.

Fraud’s New Darling: Account Takeover (ATO)

There is a hierarchy of value on the dark Web for stolen data. Stolen credit cards can cost mere cents and are labor-intensive and low return for fraudsters. It takes many attempts for a fraud scheme to work as cards are tested and cycled through. With so many data breaches last year, credit card numbers flooded the black market, lowering their value.

Fullz would, at first consideration, seem like the best option, as they offer a full identity profile for only $5 each. However, they require a more in-depth and risky scam to be fully worthwhile. Working user accounts with a payment method attached, an easy-grab scam with lucrative results, go for $27 each and can translate into hundreds to thousands of dollars in stolen money and merchandise.

Welcome to the era of account takeover. In this type of fraud, cyber criminals attempt to hijack valid user accounts instead of creating new accounts with stolen credit cards. ATOs can be automated, including scripted attacks, or can be done with small teams of human operators posing as account holders. Helping out the scammers are middlemen who play a key role in testing the login credentials before they are used again to commit actual fraud.

On average, there are three high-risk logins for every high-risk checkout. The first login is to verify if the account works. The second time is to gain intelligence and third time is when the fraudster attempts to commit actual fraud. The transaction is no longer the point of focus for fraud – it is the login. This shift creates an imperative to look at the login and account creation – rather than the transaction – in order to stop fraud before it happens.

Consequently, organizations must not only secure their own data but also be ever vigilant against people using stolen data, through identity theft, on their websites as well. By protecting the login pages of your sites, you cut fraudsters off at the source. You stop them from being able to take control of the account in the first place.

Behavioral Analytics: Protection From Login Through Checkout

So, then, the new goal is to protect your login pages from data thieves. This is the forte of behavioral analytics. Let’s take a look at what user behavioral analytics means.

The typical way of addressing online fraud is to look for a username and password match. Some use device ID or check for password resets. But the newer, more sophisticated criminals are skilled at bypassing these mechanisms. And as we’ve seen, full packages of user information—full identities—are prevalent and cheap.

Being able to distinguish between legitimate users and identity theft fraudsters is essential; if you don’t feel confident about your ability to do this, you need to consider whether you understand your user in enough detail. Rather than a simple checklist, behavioral analytics focuses on observed characteristics of who the user is, not just who they tell you they are. User behavior analytics are aimed at observing and understanding how the user behaves.

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Tags: Fraud Risk and Analytics

    Get the Latest News and Insights Delivered Daily

    Subscribe to the PaymentsJournal Newsletter for exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    AI Is Turning Accounts Receivable Into a Strategic Powerhouse

    AI Is Turning Accounts Receivable Into a Strategic Powerhouse

    July 15, 2025
    Embedded Finance

    Embedded Finance: Bringing Payments Under a Single Umbrella

    July 14, 2025
    Making Real-Time Payments a Reality

    Fulfilling the Promise: Making Real-Time Payments a Reality

    July 10, 2025
    mortgage

    The Rich Benefits of In-House Payment Systems

    July 9, 2025
    digital cards

    Beyond Plastic: Why Digital Cards Are the Future

    July 8, 2025
    What Premium Card Overhauls by Chase and Amex Reveal About the Credit Card Market

    What Premium Card Overhauls by Chase and Amex Reveal About the Credit Card Market

    July 7, 2025
    Rewire Acquires Imagen, Looking at Prepaid Cards for Migrant Workers

    Smells Like Team Spirit: What Makes Cobranded Credit Cards Work

    July 3, 2025
    uk banking outages

    New Continuous Strategies for Battling Account Takeovers

    July 2, 2025

    Linkedin-in X-twitter
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter

    ©2024 PaymentsJournal.com |  Terms of Use | Privacy Policy

    • Commercial Payments
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    No Result
    View All Result