April 20, 2018
April 18, 2018
April 13, 2018
Posted December 20, 2017
Businesses may need to take another look at their fraud prevention solutions as the repeal of net neutrality rules, if fully enacted, could result in some unintended consequences — including a whole new avenue of attack for cybercriminals.
On December 14, the Federal Communications Commission (FCC) narrowly voted to repeal net neutrality rules despite vociferous opposition. Among other things, those rules have prevented broadband companies from blocking websites or charging higher rates for faster Internet connections or certain kinds of content.
The official rationale for the repeal is that deregulation will eventually yield new innovations. But consumer groups and online businesses argue that it will disadvantage those unable to pay for higher-quality Internet access, and give providers far too much power over consumers’ online experiences.
Still, the FCC’s decision is far from a done deal. Legal and political challenges are mounting, and it remains unclear when, or even whether, the repeal will ever go into full effect. But if it does, many worry it could inspire a new wave of online fraud.
The economic stratification of the Internet that repeal opponents fear wouldn’t be without risk for affluent users, either.
If tiered services do emerge to deliver faster access to those willing to pay more, premium broadband plans could instantly become irresistible targets for hackers.
Using phishing schemes, spyware and other tactics, cyber-thieves will seek to fool users into revealing login credentials that can then be sold online.
Most won’t even have to go that far. Consumers are known to overshare passwords for their favorite online services. Just look at video streaming, where up to 25 percent of viewers use somebody else’s credentials. If repeal results in the kind of sluggish Netflix experiences some predict, friends and family will be passing around credentials for the fasted broadband account they can get their hands on.
Before long, those credentials will get posted online, where they’ll join more than 9 billion other stolen credentials—names, addresses, passwords, PIN codes and more—available to fraudsters on the dark web.
As it stands, wayward login credentials will cost streaming companies $650 million in lost potential revenue this year. Across all industries, cybercrime fueled by stolen identity credentials will result in global losses of $3 trillion or more.
In a post-neutrality world, fraudulent access to premium broadband accounts could quickly lead to cascading problems.
Getting a handle on these challenges would be no small matter. Traditional user authentication systems that rely on usernames and passwords are simply unable to tell the difference between legitimate customers and fraudsters logging in with stolen credentials.
To attain that level of visibility, a growing number of businesses in virtually every industry are gravitating to digital identity-based user authentication, which goes beyond static login credentials to include hundreds of different, dynamic data elements that can’t be faked, stolen, or misused.
Using real-time threat intelligence spanning millions of daily transactions across tens of thousands of websites around the world, these solutions instantly recognize legitimate users and block out threats—without causing user friction.
Returning to streaming for an analogous business model, Netflix and others that have moved to digital identity-based authentication report dramatic reductions in many forms of fraud.
To be clear, such comparisons are imperfect at best. And it’s far too early to tell if the FCC’s repeal of net neutrality rules will even be enacted in full, let alone whether it would truly lead to the calamity opponents anticipate.
But given the difficulties businesses already face in preventing online fraud, one thing’s certain: Digital identity or not, many believe smarter forms of user authentication can’t come fast enough.
To see how digital identity-based authentication provides superior fraud prevention and can protect service-access accounts without adding friction, click here to check out exclusive case studies and more.