By Shawn Hall, Director of Fraud Prevention & Strategy
The anti-fraud and authentication industry has seen some major happenings in 2017.
Overall, we saw an increase in call center fraud rates, with a noted rise in the use of mobile devices and ANI spoofing, for fraudulent activities. At the beginning of the year, the fraud rate had increased 113% and, within only a few months following, it rose to 160%. From massive data breaches to a governmental pivot in viable personal identifiers, this year’s events and outcomes will likely inform the future of anti-fraud and authentication efforts in 2018 and beyond.
A Year of Massive Breaches
From beginning to end, 2017 was a year of massive breaches, across multiple industries. From healthcare and credit to retail and travel, each month seemed to bring a new breach.
In response, while individual consumers worried about their security, businesses floundered to protect themselves and their customers. As of just a few days ago, SC Media editor Doug Olenick wrote about businesses’ need for data breach response plans. And the U.S. Senate has now introduced the Data Security and Breach Notification Act, which would require jail time for failure to notify consumers about breaches.
While breach response is important, it’s also vital to understand what the frequency and scope of these breaches means for consumers and businesses. These breaches are nothing new, but as they become more and more common, personal information becomes dramatically less expensive. The lowered cost of that data means increased availability to fraudsters, allowing them to make more aggressive and more sophisticated attacks.
Social Security Numbers and PII No Longer Viable for Authentication
For decades, United States citizens have used their Social Security numbers as nearly universal personal identifiers. And the U.S. is not alone. Throughout the world, businesses and government entities have traditionally used personally indentifiable information (PII) for identity authentication, and industries around the globe are suffering from the fallout of data breaches.
Using the U.S. as an example, Social Security numbers have been presumed as private and secure information, not easily accessible to fraudsters. In the age of the data breach, that simply is not the case anymore, and even the U.S. government has taken note, introducing the Social Security Fraud Prevention Act of 2017.
“Every time we use the Social Security number, you put it at risk,” Bloomberg quoted Rob Joyce, special assistant to the president and White House cybersecurity coordinator, in reference to the lack of viability of Social Security numbers as personal identifiers.
It is now painfully obvious that personal identifiers — such as Social Security numbers, PII, and knowledge-based questions — cannot be trusted. Traditional authentication methods are outdated, stale, and inadequate against data readily accessible from ongoing breaches. Without next-gen authentication and anti-fraud solutions, fraudsters have a rich and easy path to continue to commit these types of crimes.
As a result, businesses across industries are finding new means to provide more secure authentication through biometrics. The iPhone X implemented facial recognition, which Wired recently tried (and failed) to spoof, and Ally Bank is testing its services’ usability with Amazon’s Alexa.
As the world continues to adopt these new forms of biometrics, it’s clear that 2018 will be the year of voice. This new interface, for much of IoT, amplifies the need for strengthening security in departments of organizations that have typically not been focused upon.
How will the voice movement impact your organization?
About Shawn Hall
Shawn Hall is the Director, Strategy and Fraud Prevention at Pindrop. Prior to working with Pindrop, Shawn was the Director of Fraud Operations at E*TRADE Clearing and has more than 15 years of experience in the fields of financial services and retail operations, spending the past 10 years dedicated to fraud and risk mitigation, detection and prevention at E*TRADE. He has extensive experience related to the development, implementation and modeling of effective online, call center and transactional fraud applications and solutions. He is an active participant in the NCFTA, ACFE and RSA forums.