Identity Theft hit an all-time high in 2016 according to Javelin Strategy and Research latest report. While the new EMV chip credit cards helped, it led to other types of fraud. Don Duncan, Security Engineer at NuData Security commented below.
“There is no doubt that the shift to EMV is causing fraudsters to adapt their methods by turning to card-not-present fraud. This was the trend seen in Europe when they made the change a few years ago. The fraudsters will continue to shift their sights on untapped vulnerabilities as we shift our defenses. Account takeover (ATO) is the result of all the personally identifiable (PII) data that has escaped by way of massive breaches. Steadily increasing rates of ATO indicate that passwords and 2-Factor Authentication are hopelessly compromised. NuData also found that there was an overall decline in high-risk credit card activity last year. The data showed that high-risk events more than doubled since last year, with a 40% increase in login attacks, and a 600% increase in login anomalies, and half the number of credit card cycling events. All data points a clear shift from credit-card fraud to login.”
Don continues, “All of this points to a much needed paradigm shift in how we think about authentication, whereby identity isn’t tested online with a single factor such as a password, 2FA, physical biometric or any other single data point. Instead, the verification should be based on multiple factors that are combined and analyzed to give a more complete risk assessment of the user – even if legitimate credentials are presented by the hacker. The test should also be based on dynamically generated information that isn’t stored and therefore isn’t subject to theft, mimicry or spoofing. There are tools, such as passive biometrics, on the market now that base their verification tests on dynamic data, not solely single-factor data such as a password or 2FA. These multi-factor methods are the only way we are going to move beyond much of this identity fraud in the future.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.