PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

A New Weapon in the Fight Against Identity Theft

Ryan Wilk by Ryan Wilk
August 10, 2015
in Industry Opinions
0
A New Weapon in the Fight Against Identity Theft - PaymentsJournal
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

Our society may have hit the saturation point when it comes to ongoing news about data breaches. Large organizations seem to lose a lot of money, but the average consumer just changes their passwords and gets issued a new credit card. Many end up with a year or two of free credit monitoring, so all seems well. Back to life as usual. Where does identity theft enter in?

If only that were the whole story. The missing piece is that all the data from all those breaches can add up to a mighty weapon that’s impossible to trace and potentially devastating to individuals. It’s a relatively new phenomenon that’s forcing the industry to rethink Internet security.

The millions of data records that were compromised just last year are comprised of incredibly detailed personal data such as a person’s Social Security number, name, address, phone number, credit card number, name of local bank branch and so on. Data thieves sell this information to aggregators, who cross-reference and compile full identities – called “fullz” on the data black market. This increases the value and usefulness of the stolen data, which may have been gathered from multiple data breaches.

Malicious actors take this compiled data and take out loans, file tax returns or
create new bank accounts under an actual person’s name. These actions cannot be traced back to the fraudster and can cause problems for the fraud victim for years down the road. In a recent New York Times article, a reporter details how a recent healthcare data breach exposed his child to identity theft that could hinder her for the rest of her life, because her Social Security number was stolen.

The effect of compromised personal data doesn’t stop when an individual gets a replacement credit card. Instead, data from multiple breaches can build and build like an avalanche that may demolish a person’s financial future and cannot be restrained.

Fraud’s New Darling: Account Takeover (ATO)

There is a hierarchy of value on the dark Web for stolen data. Stolen credit cards can cost mere cents and are labor-intensive and low return for fraudsters. It takes many attempts for a fraud scheme to work as cards are tested and cycled through. With so many data breaches last year, credit card numbers flooded the black market, lowering their value.

Fullz would, at first consideration, seem like the best option, as they offer a full identity profile for only $5 each. However, they require a more in-depth and risky scam to be fully worthwhile. Working user accounts with a payment method attached, an easy-grab scam with lucrative results, go for $27 each and can translate into hundreds to thousands of dollars in stolen money and merchandise.

Welcome to the era of account takeover. In this type of fraud, cyber criminals attempt to hijack valid user accounts instead of creating new accounts with stolen credit cards. ATOs can be automated, including scripted attacks, or can be done with small teams of human operators posing as account holders. Helping out the scammers are middlemen who play a key role in testing the login credentials before they are used again to commit actual fraud.

On average, there are three high-risk logins for every high-risk checkout. The first login is to verify if the account works. The second time is to gain intelligence and third time is when the fraudster attempts to commit actual fraud. The transaction is no longer the point of focus for fraud – it is the login. This shift creates an imperative to look at the login and account creation – rather than the transaction – in order to stop fraud before it happens.

Consequently, organizations must not only secure their own data but also be ever vigilant against people using stolen data, through identity theft, on their websites as well. By protecting the login pages of your sites, you cut fraudsters off at the source. You stop them from being able to take control of the account in the first place.

Behavioral Analytics: Protection From Login Through Checkout

So, then, the new goal is to protect your login pages from data thieves. This is the forte of behavioral analytics. Let’s take a look at what user behavioral analytics means.

The typical way of addressing online fraud is to look for a username and password match. Some use device ID or check for password resets. But the newer, more sophisticated criminals are skilled at bypassing these mechanisms. And as we’ve seen, full packages of user information—full identities—are prevalent and cheap.

Being able to distinguish between legitimate users and identity theft fraudsters is essential; if you don’t feel confident about your ability to do this, you need to consider whether you understand your user in enough detail. Rather than a simple checklist, behavioral analytics focuses on observed characteristics of who the user is, not just who they tell you they are. User behavior analytics are aimed at observing and understanding how the user behaves.

Tags: Fraud Risk and Analytics
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    Digital Wallet Use Delivers on Convenience and Security

    Digital Wallet Use Delivers on Convenience and Security

    May 30, 2023
    5 Ways to Protect Your Financial Institution from a Cyberattack

    5 Ways to Protect Your Financial Institution from a Cyberattack

    May 26, 2023
    traditional banks

    How Traditional Banks Can Modernize Without Risk

    May 25, 2023
    identity fraud

    Javelin’s Identity Fraud Study Highlights the Changing Nature of Fraud

    May 24, 2023
    SASE, security-as-a-service

    Security-as-a-Service Secures
    Distributed IT Models

    May 23, 2023
    mule. real-time

    Early Detection of Mule Activity Requires Real-Time Solutions

    May 22, 2023
    embedded finance, ecommerce

    How Retailers Can Enter the World of Embedded Finance Confidently 

    May 19, 2023
    cross-border

    Cross-Border Trade is a Cinch with the Right Payments Partner

    May 18, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result

      Register to download this complimentary report from Brightwell: