Light Dark
October 23, 2018 By Kacy Zurkus 3 min read
Identity & Access
Fraud Protection

Gone are the days when a masked robber would walk into a bank, wave a gun in the air and declare, “This is a stick up!” Why would any criminal run the risk of getting caught in the act when there are now opportunities to profit from all types of fraud without even leaving the comforts of home?

Since the advent of the internet, businesses have been struggling to verify the identities of users as a means of preventing fraud. As attack vectors widen with the burgeoning of the Internet of Things (IoT), businesses are exposed to new risks that require increasingly advanced authentication methods. Today’s threat actors are using more sophisticated social engineering tactics, credential-stuffing botnets and account takeover tactics to pull off all kinds of attacks. According to the “IBM Security: Future of Identity Report,” identity fraudsters have stolen $112 billion over the past six years — that’s around $35,600 every minute.

In addition, an Experian survey found that fraud has become a growing concern for 72 percent of businesses in the past 12 months. As a result, three-quarters of companies are looking for authentication tools that will help prevent these types of crimes without disrupting the customer experience. That’s a tall order, which is why businesses often forego security to deliver convenience. Advanced authentication methods can help detect malicious activity while minimizing unwanted speed bumps in the online experience.

Read Forrester’s Now Tech Report on Authentication Management

Why First-Generation Solutions Are Failing

To detect bad actors, organizations first need to understand what they are looking for, since there is no one-size-fits-all solution to managing fraud risk. Fraudulent activity is constantly evolving and can include anything from phishing scams to data exfiltration, which makes advanced authentication tools critical to any security operation.

As the Experian report stated, today’s fraudsters are “moving between channels — such as web, call center, mobile, etc. — and new schemes, such as synthetic fraud (where criminals combine real and fake information to create a totally new identity), are constantly evolving.”

According to Jody Paterson, CEO at ERP Maestro, being able to analyze internal controls around access is critical to preventing fraud. Not surprisingly, new schemes present new risks, which is why many existing authentication tools are no longer adequate in detecting fraudulent indicators.

“They go wide, but not deep,” Peterson explained, “so they are not able to go to that granular level.”

The problem with identity deception is that it is highly prevalent in environments where it is possible, which is why enterprises need advanced methods to validate user identities.

“In an era where personal information is no longer private and passwords are commonly reused, stolen or cracked with various tools, the traditional scheme of accessing data and services by username and password has repeatedly shown to be inadequate,” noted the IBM Security report.

Why You Should Invest in Advanced Authentication Alternatives

With advanced authentication tools, security teams can integrate all the right rules across multiple systems without compromising the user experience.

“If you combine broad functionality with a solution that can dig down to the right level and integrate them appropriately … you’ll be able to get the full end-to-end provisioning process in place that does take care of the big picture, but also has the ability to get down to the deeper level to get a complete understanding of what people have access to,” Paterson explained.

Still, most organizations are reluctant to invest in advanced detection and authentication solutions because they don’t want to disrupt the customer experience. The Experian report cited business leaders’ “willingness to accept higher fraud losses from authentication protocols that they concede might be deficient, but do not disrupt the user experience” as evidence of this trend.

As businesses adopt new authentication platforms, they should remain mindful of user preferences. The IBM Security report warned that by mandating that employees adopt advanced authentication mechanisms such as one-time passwords, hardware tokens or biometric authentication when accessing enterprise resources, “businesses can reach a higher level of confidence that they’re working to keep hackers out — although they often risk frustrating their users in the process.”

When It Comes to Preventing Fraud, the Choice Is Yours

Offering users multiple authentication options will help businesses determine which new access management initiatives are most likely to result in widespread adoption. Additionally, taking a risk-based approach to identity and access management (IAM) using authentication tools can help protect against criminal activity because they rely on contextual data and behavioral cues to evaluate attempts to access user accounts.

As technologies and threats evolve, businesses that have a policy in place to measure the progress of the authentication tools they implement will be in a better position to both protect against cybercrimes and deliver a quality user experience.

Read Forrester’s Now Tech Report on Authentication Management

 |  |  |  |  |  |  |  |  | 
Kacy Zurkus

More from Identity & Access
April 23, 2024

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

April 16, 2024

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

March 5, 2024

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature