Fraud & Identity Fraud & Identity


Fraud & Identity Featured Article


Fraud and Identity Battle Moves to the Biometrics Stage

July 14, 2017

As mobile devices become more complex and their capabilities continue to evolve, users are led to believe better security measures are part of that evolution, including the use of biometrics for access and authorization, with the understanding that fingerprints and retina scans are harder to hack than passwords.  Here’s the problem: that is only as accurate as security profiles of the access networks and data centers where scan details are stored and, of course, the ability of users to follow prescribed security standards and protocols.


As users of Avanti – a self-service food and beverage kiosk vendor – discovered, a breach of Avanti’s networks resulted in customers’ personal information and account details becoming accessible to hackers thanks to a sophisticated piece of malware pushed to the vending machines.  While breaches like this have become common, the alarming element to this particular breach is it also gave access to users’ biometric data, which on its own may not be particularly useful, but when paired with mobile device details and credit card accounts, could give criminals access to any accounts that have been secured biometrically.

“Having physical biometrics stolen could have a serious impact on Avanti customers as credit cards, passwords and other information can be changed, but fingerprints cannot,” said Lisa Baergen, Marketing Director, NuData Security, A MasterCard Company.  “Now that this information is in the hands of fraudsters and likely for resale on the dark web, it will be too easy to breach and take over more accounts, create synthetic identities and more.

She reasons that the Avanti breach mandates a new approach to identity verification and fraud protection in a digital economy, suggesting techniques like passive biometrics and behavioral analytics would help combat the advanced methods used by cybercriminals today.

“Using a multi-layered approach of integrating device intelligence, active and passive biometric analysis and behavioral analytics is the key to truly understanding the user behind the device,” she explains.  “It will effectively devalue the stolen identity data to any other person or entity.”

Because biometric data is becoming a very common form of identity verification, now that both Apple and Samsung are featuring fingerprint scanners, one can expect an increase in attacks targeting sources of biometric data.  These attacks could target the mobile users themselves, or they could go after the data through other sources that could just as easily compromise users and give access to their mobile devices and accounts. 

Regardless, this is merely the next phase in an endless crusade pitting identity and security against fraud and malicious actors.  It also serves as a reminder that no single part of the ecosystem is responsible for security – everyone is, from the user to the application developer to the data center provider to the network operator.




Edited by Alicia Young

Article comments powered by Disqus






Industry Insights

(MobileID) Proactive Fraud Prevention

Interconnect-related fraud such as International Revenue Share Fraud (IRSF) and PBX hacking fraud continue to be a billion dollar problem to the telecom industry.

(Defender Shield) Defense solutions for the modern SMS ecosystem

SMS is a ubiquitous communication method for person-to-person (P2P) text messaging, which has been in use globally for nearly 20 years.

(Defender Shield) Preventing Grey Routes and the Multi-billion dollar Threat

The convenience of mobile messaging has brought communication efficiency to billions of consumers worldwide. As is often the case with widely accepted technologies; however, convenience can provide a vulnerable gateway to fraudulent activity.

Product Documents

Asset Protect

While unlimited or high-volume voice and SMS plans offer great value to subscribers, sometimes fraudsters exploit these plans to avoid paying termination and interconnect fees.

Defender Shield

In a world with ever-increasing Application-to-Person (A2P) messaging needs and competition, improving customer satisfaction and eliminating revenue leakage is key for protecting SMS profits.

MobileID

Accurate and cost-efficient routing of voice calls and SMS is critical. Unfortunately, gathering reliable routing data on ported numbers and keeping up with constant changes in number plans is expensive and time-consuming.

Fraud Solutions

Communications fraud is a $20B annual global problem and growing. Companies are looking for peace of mind so that their business and their customers are protected from the onslaught of technology crime that is damaging their reputations and their balance sheets.