Account takeover instances ‘show need to improve authentication’
Online account takeover instances soared last year, according to a new report, which concluded that businesses need to improve their authentication processes.
A study by Mastercard company NuData Security found that of the 200 billion events it monitored last year, 40 per cent were flagged up as high risk. This represented a huge increase on 2016, when only 15 per cent fell into this category.
The number of account takeovers was up tenfold last year compared with 2016, a form of data fraud the company said is very hard for firms to stop, since both legitimate and fraudulent users are able to offer the correct authentication.
Vice-president at NuData Security Brian Wilk said: “As data breaches continue to break records year over year, more and more PII [personally identifiable information] becomes readily available for fraudsters to access on the dark web.
"With the password and credential reuse, and the wealth of available credentials, it is not surprising that we have seen such a stark increase.”
The report corroborates findings from UK fraud prevention service Cifas published this month that identity fraud rose to record levels in 2017. It identified 174,523 cases, with 95 per cent of these involving innocent victims.
Furthermore, the latest Cifas report found, cyber criminals are responding to tighter security controls elsewhere by targeting the most vulnerable and least aware of IT security, chiefly the elderly. For example, a third of bank account fraud victims were older than 60.
Mr Wilk noted that as the roll-out of chip and pin in the US has made it harder to carry out fraud when the card is present, criminals are increasing their focus on transactions where the card is not present.
He said that for this reason, companies need to review authentication procedures and have "multi-layered solutions" in place.
Among the means by which firms can improve authentication is to ask more questions online or over the phone when customers are attempting to carry out sensitive transactions, such as funds transfers.
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.