PaymentsJournal
No Result
View All Result
SIGN UP
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
PaymentsJournal
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
No Result
View All Result
PaymentsJournal
No Result
View All Result

Equifax: Rolling Thunder for Authentication

By Robert Capps
September 15, 2017
in Industry Opinions
0
1
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Payment Network Visa’s, corporate banking digitalization

My Imaginary Payment Network Is 1,000 Times Faster Than Visa’s

The Military plays a haunting melody known as taps to pay homage to those who have died for our country, and that tune should now be playing for the loss of America’s identity. The tsunami of data breaches exposing the personal identification of almost every person in the US looks like this:

*Yahoo – 1 Billion User Accounts breached

*Target – 41 million users’ information hacked

*Government Office of Personnel Management (OPM) – 22.1 million people’s information stolen

*Verizon Breach 14-Million Persons’ information exposed

*Anthem breach – 78.8 million people affected

And finally, the biggest breach yet is now the Equifax Breach that will affect 143 million Americans or more than half of the adult population in the US. Through this breach alone, cybercriminals were able to access social security numbers, names, addresses, phones, emails, passwords, and tax information that includes such things as all members of a family and their personally identifiable information (PII). If previous retail, healthcare, government, and telecom breaches were not serious enough, this time hackers got away with the most important PII – social security numbers and the ramifications for those affected will last a lifetime.

Equifax says the hackers were able to access the company’s network by exploiting a weak spot in the website software. This is just the beginning of the discovery as more revelations cascade out.  Hackers could release a portion of the information and hold the rest for ransom, but there are many complicated scenarios that could occur in the days and weeks to come.

Tsunami of Ramifications

The magnitude of the Equifax breach will be felt for years and online businesses every will be dealing with the effects for a long time. The most immediate danger will be the creation of fraudulent accounts and account takeovers as hackers now have credible information to impersonate most people in the U.S. While merchants may be starting to feel a spike in fraud as the torrent of in-depth information hits the market, it will be a while before we see the worst of it. With this information, hackers can create new accounts, apply for credit cards, open lines of credit, apply for bank loans. They may also choose to pick different pieces of various identities and combine them to create a new “identity.” Utilizing an existing consumer’s account allows the fraudster to masquerade as a genuine customer to transfer funds, use the payment method on file to make a high-value purchase, or simply use their legitimate history to mask fraudulent transactions. Everything can be easily spoofed all in someone else’s name. The ability to identify the real customer has just gotten much harder.

While credit monitoring will alert consumers to new lines of credit being taken out in their names, it will not alert them to fraudulent activity occurring on existing accounts, credit cards, or online accounts. The most you can hope for is that companies like Experian, Innovis and TransUnion give consumers immediate notice when a criminal has stolen their identity. The implications for affected consumers will be profound, and for any online or offline service that uses the four big personal identifiers—name, address, birth date and Social Security number— they will have to use some other method to verify identities. Specific steps for consumers are outlined on the Federal Trade Commission’s website, www.ftc.gov/idtheft.

Consumers should employ 2-factor authentication on all computing devices and immediately change all passwords and any other information that can be changed. Consumers must employ a defensive posture and assume that their identities have already been stolen. It is only a matter of time when identities will be attacked and compromised and now the clock is ticking.

Industry experts are urging Americans to put a credit freeze on all four credit bureaus, but there is a significant concern as to how such advice will impact merchants and Financial Institutions that rely on the flow of credit data to enable frictionless business transactions in the US. This will also put the onus on the merchants and financial institutions to take extra precautions to confirm and verify identity – adding friction to the consumer experience and putting an added burden on fraud teams.

The Call for New Authentication -Trust the user not the machine

This latest breach with such deep and accurate information is part of the rolling thunder of breaches that should provide a deafening and clear message for all industries. The need to create and define new authentication and verification methods has never been more urgent. With the latest breach, hackers now have all the pertinent information needed to perpetrate almost any type of fraud.

Financial, retail, government and all industries should be immediately implementing a multi-layer authentication and security framework that employs passive biometrics and behavioral analytics combined with the contextual data used in applications, logins and solutions. This multi-layer approach can monitor and analyze consumer behavior and data points to determine if it is the authentic user or an imposter. This approach allows entities to discern the real user even if someone has stolen the correct credentials or device by identifying customers based on their behavior. Hackers are not able to mimic individual human behavior and allows a frictionless approach to authentication.

Industries across the US need to make single points of authentication valueless to the hacker by developing in-depth authentication based on behavior as well as a variety of data points to accurately identify the true customer and lock out criminals at the login.

About the author:

Robert Capps is authentication strategist, Vice President for NuData Security. He is a recognized technologist, thought leader and advisor with more than 20 years of experience in the design, management, and protection of complex information systems – leveraging people, process, and technology to counter cyber risks.

 

*Yahoo Says 1 Billion User Accounts Were Hacked – The New York …

Dec 14, 2016 – The company says the attack was separate from the breach that led to an … It is unclear how many Yahoo users were affected by both attacks.

 

*Target to pay $18.5M for 2013 data breach that affected 41 million …

https://www.usatoday.com/story/money/…/target-pay…breach-affected…/102063932/

May 23, 2017 – More than 41 million customer accounts affected by 2013 Target data breach.

 

*Hacks of OPM databases compromised 22.1 million people, federal …

https://www.washingtonpost.com/…/hack-of-security-clearance-system-affected-21-5-…

Jul 9, 2015 – Hacks of OPM databases compromised 22.1 million people, federal authorities say … Office of Personnel Management of how many people were affected … At least 4.2 million people were affected by the breach of a separate …

 

*Verizon Data Breach

https://www.wsj.com/articles/anthem-hacked-database-included-78-8-million-people-1424807364

 

*Anthem: Hacked Database Included 78.8 Million People

https://www.csoonline.com/article/3223232/data-breach/what-is-the-biggest-threat-from-the-equifax-breach-account-takeovers.html

1
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Tags: AuthenticationData BreachEquifax

    Get the Latest News and Insights Delivered Daily

    Subscribe to the PaymentsJournal Newsletter for exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    Authorization Rates

    Boosting Revenue for Merchants by Optimizing Authorization Rates

    May 12, 2025
    Why Payment Orchestration is the key to international merchant growth

    Ensuring Payment Decisions Pay for Themselves

    May 9, 2025
    cross-border

    As Businesses Reevaluate Cross-Border Relationships, Financial Institutions Can Help

    May 8, 2025
    Nacha WEB Debit Account Validation Rule Verification Solution, Quovo ACH Payment

    The Brave New Future of the Disappearing Account

    May 7, 2025
    solana financial

    After an Upgrade, Solana is Primed to Be the Blockchain of Choice for Financial Institutions

    May 6, 2025
    PAR values

    The Connecting Thread: How PAR Values Can Mitigate Fraud and Supercharge Loyalty Programs

    May 5, 2025
    mobile banking

    How Mobile Banking Apps Can Be the Center of Customers’ Money Movement Activities

    May 2, 2025
    uk visa mastercard

    The Warning Signs Looming Over Credit Card Lending

    May 1, 2025

    Linkedin-in X-twitter
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter

    ©2024 PaymentsJournal.com |  Terms of Use | Privacy Policy

    • Commercial Payments
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    No Result
    View All Result