Account takeover instances ‘show need to improve authentication’

Account takeover instances 'show need to improve authentication' (imaginima via iStock)

Online account takeover instances soared last year, according to a new report, which concluded that businesses need to improve their authentication processes. 

A study by Mastercard company NuData Security found that of the 200 billion events it monitored last year, 40 per cent were flagged up as high risk. This represented a huge increase on 2016, when only 15 per cent fell into this category.

The number of account takeovers was up tenfold last year compared with 2016, a form of data fraud the company said is very hard for firms to stop, since both legitimate and fraudulent users are able to offer the correct authentication.

Vice-president at NuData Security Brian Wilk said: “As data breaches continue to break records year over year, more and more PII [personally identifiable information] becomes readily available for fraudsters to access on the dark web.

"With the password and credential reuse, and the wealth of available credentials, it is not surprising that we have seen such a stark increase.”

The report corroborates findings from UK fraud prevention service Cifas published this month that identity fraud rose to record levels in 2017. It identified 174,523 cases, with 95 per cent of these involving innocent victims. 

Furthermore, the latest Cifas report found, cyber criminals are responding to tighter security controls elsewhere by targeting the most vulnerable and least aware of IT security, chiefly the elderly. For example, a third of bank account fraud victims were older than 60.

Mr Wilk noted that as the roll-out of chip and pin in the US has made it harder to carry out fraud when the card is present, criminals are increasing their focus on transactions where the card is not present. 

He said that for this reason, companies need to review authentication procedures and have "multi-layered solutions" in place. 

Among the means by which firms can improve authentication is to ask more questions online or over the phone when customers are attempting to carry out sensitive transactions, such as funds transfers.