Gone are the days when a masked robber would walk into a bank, wave a gun in the air and declare, “This is a stick up!” Why would any criminal run the risk of getting caught in the act when there are now opportunities to profit from all types of fraud without even leaving the comforts of home?

Since the advent of the internet, businesses have been struggling to verify the identities of users as a means of preventing fraud. As attack vectors widen with the burgeoning of the Internet of Things (IoT), businesses are exposed to new risks that require increasingly advanced authentication methods. Today’s threat actors are using more sophisticated social engineering tactics, credential-stuffing botnets and account takeover tactics to pull off all kinds of attacks. According to the “IBM Security: Future of Identity Report,” identity fraudsters have stolen $112 billion over the past six years — that’s around $35,600 every minute.

In addition, an Experian survey found that fraud has become a growing concern for 72 percent of businesses in the past 12 months. As a result, three-quarters of companies are looking for authentication tools that will help prevent these types of crimes without disrupting the customer experience. That’s a tall order, which is why businesses often forego security to deliver convenience. Advanced authentication methods can help detect malicious activity while minimizing unwanted speed bumps in the online experience.

Read Forrester’s Now Tech Report on Authentication Management

Why First-Generation Solutions Are Failing

To detect bad actors, organizations first need to understand what they are looking for, since there is no one-size-fits-all solution to managing fraud risk. Fraudulent activity is constantly evolving and can include anything from phishing scams to data exfiltration, which makes advanced authentication tools critical to any security operation.

As the Experian report stated, today’s fraudsters are “moving between channels — such as web, call center, mobile, etc. — and new schemes, such as synthetic fraud (where criminals combine real and fake information to create a totally new identity), are constantly evolving.”

According to Jody Paterson, CEO at ERP Maestro, being able to analyze internal controls around access is critical to preventing fraud. Not surprisingly, new schemes present new risks, which is why many existing authentication tools are no longer adequate in detecting fraudulent indicators.

“They go wide, but not deep,” Peterson explained, “so they are not able to go to that granular level.”

The problem with identity deception is that it is highly prevalent in environments where it is possible, which is why enterprises need advanced methods to validate user identities.

“In an era where personal information is no longer private and passwords are commonly reused, stolen or cracked with various tools, the traditional scheme of accessing data and services by username and password has repeatedly shown to be inadequate,” noted the IBM Security report.

Why You Should Invest in Advanced Authentication Alternatives

With advanced authentication tools, security teams can integrate all the right rules across multiple systems without compromising the user experience.

“If you combine broad functionality with a solution that can dig down to the right level and integrate them appropriately … you’ll be able to get the full end-to-end provisioning process in place that does take care of the big picture, but also has the ability to get down to the deeper level to get a complete understanding of what people have access to,” Paterson explained.

Still, most organizations are reluctant to invest in advanced detection and authentication solutions because they don’t want to disrupt the customer experience. The Experian report cited business leaders’ “willingness to accept higher fraud losses from authentication protocols that they concede might be deficient, but do not disrupt the user experience” as evidence of this trend.

As businesses adopt new authentication platforms, they should remain mindful of user preferences. The IBM Security report warned that by mandating that employees adopt advanced authentication mechanisms such as one-time passwords, hardware tokens or biometric authentication when accessing enterprise resources, “businesses can reach a higher level of confidence that they’re working to keep hackers out — although they often risk frustrating their users in the process.”

When It Comes to Preventing Fraud, the Choice Is Yours

Offering users multiple authentication options will help businesses determine which new access management initiatives are most likely to result in widespread adoption. Additionally, taking a risk-based approach to identity and access management (IAM) using authentication tools can help protect against criminal activity because they rely on contextual data and behavioral cues to evaluate attempts to access user accounts.

As technologies and threats evolve, businesses that have a policy in place to measure the progress of the authentication tools they implement will be in a better position to both protect against cybercrimes and deliver a quality user experience.

Read Forrester’s Now Tech Report on Authentication Management

More from Fraud Protection

Kronos Malware Reemerges with Increased Functionality

6 min read - The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

6 min read

How Security Teams Combat Disinformation and Misinformation

4 min read - “A lie can travel halfway around the world while the truth is still putting on its shoes.” That popular quote is often attributed to Mark Twain. But since we're talking about misinformation and disinformation, you’ll be unsurprised to learn Twain never said that at all. In fact, no one knows who first strung those words together, but the idea that truth spreads slowly while lies spread quickly is at least several hundred years old. The “Twain” quote also serves to…

4 min read

A View Into Web(View) Attacks in Android

9 min read - James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

9 min read

New DOJ Team Focuses on Ransomware and Cryptocurrency Crime

4 min read - While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence Index 2022 named ransomware as the top attack type in 2021. What exactly is the DOJ doing to improve policing of cryptocurrency and other cyber…

4 min read