Gone are the days when a masked robber would walk into a bank, wave a gun in the air and declare, “This is a stick up!” Why would any criminal run the risk of getting caught in the act when there are now opportunities to profit from all types of fraud without even leaving the comforts of home?

Since the advent of the internet, businesses have been struggling to verify the identities of users as a means of preventing fraud. As attack vectors widen with the burgeoning of the Internet of Things (IoT), businesses are exposed to new risks that require increasingly advanced authentication methods. Today’s threat actors are using more sophisticated social engineering tactics, credential-stuffing botnets and account takeover tactics to pull off all kinds of attacks. According to the “IBM Security: Future of Identity Report,” identity fraudsters have stolen $112 billion over the past six years — that’s around $35,600 every minute.

In addition, an Experian survey found that fraud has become a growing concern for 72 percent of businesses in the past 12 months. As a result, three-quarters of companies are looking for authentication tools that will help prevent these types of crimes without disrupting the customer experience. That’s a tall order, which is why businesses often forego security to deliver convenience. Advanced authentication methods can help detect malicious activity while minimizing unwanted speed bumps in the online experience.

Read Forrester’s Now Tech Report on Authentication Management

Why First-Generation Solutions Are Failing

To detect bad actors, organizations first need to understand what they are looking for, since there is no one-size-fits-all solution to managing fraud risk. Fraudulent activity is constantly evolving and can include anything from phishing scams to data exfiltration, which makes advanced authentication tools critical to any security operation.

As the Experian report stated, today’s fraudsters are “moving between channels — such as web, call center, mobile, etc. — and new schemes, such as synthetic fraud (where criminals combine real and fake information to create a totally new identity), are constantly evolving.”

According to Jody Paterson, CEO at ERP Maestro, being able to analyze internal controls around access is critical to preventing fraud. Not surprisingly, new schemes present new risks, which is why many existing authentication tools are no longer adequate in detecting fraudulent indicators.

“They go wide, but not deep,” Peterson explained, “so they are not able to go to that granular level.”

The problem with identity deception is that it is highly prevalent in environments where it is possible, which is why enterprises need advanced methods to validate user identities.

“In an era where personal information is no longer private and passwords are commonly reused, stolen or cracked with various tools, the traditional scheme of accessing data and services by username and password has repeatedly shown to be inadequate,” noted the IBM Security report.

Why You Should Invest in Advanced Authentication Alternatives

With advanced authentication tools, security teams can integrate all the right rules across multiple systems without compromising the user experience.

“If you combine broad functionality with a solution that can dig down to the right level and integrate them appropriately … you’ll be able to get the full end-to-end provisioning process in place that does take care of the big picture, but also has the ability to get down to the deeper level to get a complete understanding of what people have access to,” Paterson explained.

Still, most organizations are reluctant to invest in advanced detection and authentication solutions because they don’t want to disrupt the customer experience. The Experian report cited business leaders’ “willingness to accept higher fraud losses from authentication protocols that they concede might be deficient, but do not disrupt the user experience” as evidence of this trend.

As businesses adopt new authentication platforms, they should remain mindful of user preferences. The IBM Security report warned that by mandating that employees adopt advanced authentication mechanisms such as one-time passwords, hardware tokens or biometric authentication when accessing enterprise resources, “businesses can reach a higher level of confidence that they’re working to keep hackers out — although they often risk frustrating their users in the process.”

When It Comes to Preventing Fraud, the Choice Is Yours

Offering users multiple authentication options will help businesses determine which new access management initiatives are most likely to result in widespread adoption. Additionally, taking a risk-based approach to identity and access management (IAM) using authentication tools can help protect against criminal activity because they rely on contextual data and behavioral cues to evaluate attempts to access user accounts.

As technologies and threats evolve, businesses that have a policy in place to measure the progress of the authentication tools they implement will be in a better position to both protect against cybercrimes and deliver a quality user experience.

Read Forrester’s Now Tech Report on Authentication Management

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today