Consumers, businesses, retailers, and even the media are becoming numb to news about data breaches. Not a week goes by when we don’t hear of another major breach affecting thousands or even millions of customer accounts.
Criminal hackers are getting smarter and savvier all the time, and they often have better technology than the banks and retailers tasked with protecting your data.
Time reported on a recent Javelin Strategy and Research survey in which Javelin analyzed 23 of the biggest credit card issuers’ online security practices. When companies were graded on a 100-point scale, the average result was just 59. Javelin head of security and risk analyst Phil Blank, who authored the study, explained, “The good news is issuers are doing a better job overall of resolution, but that’s the easiest thing to do. Prevention is the hardest to do but it’s got the biggest payback.”
The report also found that for a full year after your bank account information has been hacked, there is a strong chance that you will be a victim of credit card fraud. So even though you may be getting a little hardened to data breach warnings, you still need to watch your credit card statements closely. As long as you dispute unauthorized credit card charges within 60 days, federal laws limit liability to $50. Unauthorized debit card charges must be reported within two days, or liability jumps to $500.
One of the FFIEC’s recommendations for financial institutions involves using complex device identification. iovation, an Oregon-based security firm, offers an advanced device identification service that incorporates real-time risk assessments, the history of fraud on linked devices (such as chargebacks, identity theft and credit application fraud) and exposes fraudsters working together to steal from online businesses.
“Complex device identification” involves the creation of a digital fingerprint based on several characteristics of the device including hardware and software configuration, Internet protocol addresses, and geolocation. Unfortunately, complex device ID by itself only increases the strength of identification; it does little to increase the efficacy of an overall anti-fraud strategy.
“Device reputation” offers all of the security measures that complex device ID does, but it also strategically incorporates velocity, anomalies, proxy busting, webs of associations (linking devices and accounts), and fraud and abuse histories. Device reputation moves from a micro to a macro view of transactions which takes into account how particular devices behave or have behaved beyond its activities with a financial institution, its usage by a current user or other users, and/or its relationship to other devices. This chart explains what is involved with each:
Leading financial institutions aren’t merely complying with the FFIEC’s security recommendations, but are going beyond it by incorporating device reputation and other authentication and anti-fraud tools into their layered security approach.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Why Complex Device Identification Isn’t Enough
“Simple device identification” relies on cookies or IP addresses to confirm that a customer is logging in from the same PC that was used to create the account. The Financial Federal Institutions Examination Council has explained the fallibility of this system: “Experience has shown this type of cookie may be copied and moved to a fraudster’s PC, allowing
- Identity Fraud Victim every two Seconds
Yes, identity fraud is SO common that someone becomes a victim every two seconds. The 2014 Identity Fraud Study, as reported on javelinstrategy.com, turned up some alarming results. Though the dollar amount stolen had decreased over the year preceding the study, the number of victims had increased. People at highest risk were ages 35 to 44. Account
- 5 Ways to Protect Your Credit Card
Credit card fraud happens in a number of ways. Sometimes your bank or credit card company will notify you of fraud and other times they won’t. So it’s up to you protect yourself. Smart retailers on the other hand are already protecting consumers behind the scenes by implementing multiple layers of fraud protection. 1. Whenever you
- Regulation E Protects Consumers, Not Businesses
Consumers enjoy a certain level of protection that business bank accounts do not, and it’s called “Regulation E.” Here is Regulation E in black and white: “ELECTRONIC FUND TRANSFERS (REGULATION E) Limitations on amount of liability. A consumer’s liability for an unauthorized electronic fund transfer or a series of related unauthorized transfers shall be determined as follows: 1. Timely notice
- Study Shows Banks Blocking More Fraud
Network World reports, “The Financial Services Information Sharing and Analysis Center (FS-ISAC) polled 77 financial institutions and asked how many account takeovers occurred in 2009 and during the first six months of 2010. The FS-ISAC consists of a group of banks that shares threat information and interacts with the federal government on critical infrastructure issues.
Leave a Comment
You must be logged in to post a comment.