The drop in account takeover may be due in part to a few different things.
Less breaches. There was a drop in data breaches from 221 million records in 604 breaches during 2009 to 26 million records breached in 404 reported breaches during 2010. Criminal hacker Albert Gonzalez and his gang were responsible for many of those hacked records and he and many of his cohorts are now in jail.
PCI standards. All those responsible for accepting credit cards are now under strict Payment Card Industry Standards rules and regulations that require a level of security that took about 5 years to implement. Today many of those merchants are doing a much better job of protecting data.
Device reputation management. Technology that checks an Internet transaction by looking at the PC, smartphone or tablet to see if it has a history of bad behavior or is high risk based on device characteristics and behavior. iovation is one such company that has blocked 35 million fraudulent transactions of this sort just last year.
Javelin reports “When examining account takeover trends, the two most popular tactics for fraudsters were adding their name as a registered user on an account or changing the physical address of the account. In 2010, changing the physical address became the most popular method, with 44 percent of account takeover incidents conducted this way.”
If device reputation was integrated at the “profile update / account update” website integration point, a flag would go up when:
– Too many devices are accessing the account (the business has a predetermined threshold)
– Too many countries are accessing the account (Ex: a United States account is being accessed from Ghana)
– A non-allowed country accesses the account (Your United States-only dating site just had devices from Russia and Romania trying to get into accounts, but it’s blocked automatically with customized business rules.)
It’s no secret that it’s often a few bad apples that upset the bunch. Here’s where the 90/10 rule applies. 90% of people are honest whereas maybe 10% aren’t. And it’s the 10% that do 90% of the stealing. Device reputation knows who is good and who isn’t. Identity thieves are stopped cold and can’t use the hacked data to commit fraud.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Study Shows Banks Blocking More Fraud
Network World reports, “The Financial Services Information Sharing and Analysis Center (FS-ISAC) polled 77 financial institutions and asked how many account takeovers occurred in 2009 and during the first six months of 2010. The FS-ISAC consists of a group of banks that shares threat information and interacts with the federal government on critical infrastructure issues.
- Identity Theft Still On the Rise
For the 12th year in a row, identity theft complaints top the list of consumer complaints [PDF] received by the Federal Trade Commission. 15% of more than 1.8 million total complaints filed in 2011 involved identity theft. Javelin Strategy & Research estimates that nearly 12 million Americans were victims of identity theft in 2011—a 13% increase
- 67% of Companies Fail Credit Card Security Compliance
All merchants who accept credit cards are now subject to strict Payment Card Industry standards, rules, and regulations, which require a level of security that took about five years to finally implement. PCI exists to increase credit card security and, among other goals, to stave off government intervention. While significant effort has been made to improve
- Credit Card Data Breaches Cost Big Bucks
Javelin Strategy & Research estimates that credit and debit card issuers spent $252.7 million in 2009 replacing more than 70 million cards compromised by data breaches. In 2009, an estimated 39 million debit cards and 33.3 million credit cards were reissued due to data breaches, for a total of 72.2 million. An estimated 20% of those
- Credit Card Theft increasing for Banks and Retailers
2013 was the year of 740 million records involving data breaches. And that number may be erring quite on the conservative side, according to the Online Trust Alliance. The records come from a list on the Privacy Rights Clearinghouse Chronology Data Base. The list is that of publically disclosed breaches, including the alleged 110 million that struck
One Response to “Survey Shows “Account Takeover Fraud” Drops”
[…] This post was mentioned on Twitter by Robert Siciliano, George. George said: Survey Shows “Account Takeover Fraud” Drops http://t.co/3fM9R9h via @robertsiciliano […]
Leave a Comment
You must be logged in to post a comment.