Monday, August 20, 2018
The company said its research suggests breach activity fell from 2017 during the first three months of the year, but began rising during the second quarter, and is on track to exceed the 3,000 reported breaches reported in 2017.
Fraud remains the number one source of compromised records, representing 47.5 percent of all records compromised between Jan. 1 and June 30, Risk Based Security said. Hacking led the pack in terms of number of breaches, accounting for 54.6 percent of all reported breaches during those six months. Phishing for user names and passwords, then using the stolen credentials to access systems or services “stands out as a particularly popular attack method” employed by hackers so far this year, the firm added.
“At the mid-year point, 2018 closely mirrors 2016’s breach experience but still trails the high water mark set in 2017,” the firm wrote. Risk Based Security specializes in risk identification and management tools that it develops based on its own data breach and vulnerability intelligence gathering.
This year “is remarkable in that the number of public disclosed breaches appears to be leveling off while the number of records exposed remains stubbornly high,” said Inga Goddijn, executive vice president at the firm. “It’s not easy to characterize 2.6 billion records exposed as an improvement, even if it is less than the 6 billion exposed at this time last year,” she added.
Michael McGrath, director of global regulations and standards at OneSpan Inc., the digital security firm formerly known as Vasco Security, agreed, stating, “2.6 billion records is a staggering number. Sadly Americans have become accustomed to breach notification letters arriving in the mail.”
Ryan Wilke, vice president of customer success at NuData Security, said the deluge of exposed records has been driving merchants and their banks to step up their fraud detection and mitigation activities with new tools that can work in real time.
“These companies are increasingly taking steps to ensure that the massive amounts of stolen credentials cannot be used by fraudsters to log into an intended victim’s account, or otherwise be used for fraud,” Wilke said. “Fortunately, new multilayer approaches incorporating passive biometrics and behavioral analytics are enabling retailers, ecommerce entities and others to actually analyze user interactions and contextualize behavior in real time before fraud can occur.”
With these tools a customer’s identity can be verified using hundreds of indicators, including their unique online behavior, rather than through static information such as passwords and security questions, Wilke explained. “Such unique information defies fraudulent replication and helps stop fraud attempts in their tracks,” he said.
NuData specializes in online and mobile fraud solutions that leverage biometrics and machine learning tools to flag potential fraudulent transactions and interactions. The company was purchased last year by Mastercard, which said at the time of the acquisition that it was intended to strengthen the card company’s efforts around device-level security and authentication, and to support “near real-time collaboration” between card issuers, merchants and transaction processors.
Editor's Note:
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
