2013: The Year of the Password Apocalypse
Posted November 25, 2013
ThreatMetrix Offers Advanced Cybercrime Prevention Measures in Response to the Many Data Breaches throughout 2013
San Jose, Calif. – November 25, 2013 – ThreatMetrix®, the fastest-growing provider of integrated cybercrime solutions, today announces several strategies businesses can implement in place of passwords to prevent data breaches and other cybercrime risks. Sophisticated cybercriminals have figured out several ways to take advantage of weak login information and easily decodable password hints to compromise hundreds of millions of accounts, leading to the downfall of passwords.
Passwords have proven to be an ineffective system of protecting personal account information and online businesses should seek alternative methods for protecting their customers. Recent high profile data breaches – including those of Adobe and LivingSocial – have compromised more than 130 million customer accounts.
Following recent data breaches, companies now walk the fine line between increasing cybersecurity to protect sensitive account data and alienating their customers through arduous screening processes. Some businesses implement layered strategies such as two-factor authentication to ward off attackers while others aren’t heightening their security measures at all for fear of inconveniencing customers – and both methods are a mistake.
“Retailers are caught between a rock and a hard place. They loath introducing speed bumps, such as resetting passwords or requiring two-factor authentication, as these steps pose an inconvenience to their customers,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “It’s crucial to adapt effective technologies that can quickly identify potential threats without negatively impacting the user experience for customers.”
Many companies now find themselves searching for the balance between cautious and intrusive. ThreatMetrix offers these recommendations for retailers for businesses to protect their customers above and beyond password:
• Integrate Login and Payment Screening to have a single view of the customer whether they do a guest checkout on a friend’s iPad or use a registered credit card on their mobile. Most retailers do not have automated means for sharing risk profiles between their fraud and security operations that not only lets hackers through, but can lead to false positives.
• Leverage Shared Intelligence Networks to passively recognize both valuable customers and cyber threats based on anonymized shared intelligence of device and persona reputation and behavior. A consortium view makes it easy to detect out of pattern or out of context behavior based on past transactions on other websites.
• Implement Trust Tags to associate user accounts and devices with additional context by tagging, for example, if a registered user’s email and password was compromised on another site.
The risk of passwords as a preventative strategy is that once account login information is obtained, cybercriminals apprehend personal data that can be used for committing bank fraud or spreading malicious software. Once an attacker has a username and password, the possibilities for fraud are endless, especially if the same information is used for multiple accounts. Of all industries that use passwords as a primary means to protect user accounts, retailers tend to see an increase in activity during busy shopping periods throughout the year. With a high volume of transactions due to holiday shopping, it is even more important for retailers to differentiate between trusted users and cyber threats this time of year.
“Stored credit cards are the shortest path between criminals and cash this holiday season,” said Faulkner. “Consumers that store credit cards online or use the same login information across sites might as well hand their account information to cybercriminals. However, the bulk of the responsibility falls on retailers, who must implement a comprehensive cybercrime protection platform that differentiates between suspicious and authentic transactions without inconveniencing customers.”
With the holiday season under way, retailers and consumers must be more cautious than ever and avoid depending on passwords to protect account information. Instead, retailers and other businesses operating online can leverage such technology as the ThreatMetrix™ Global Trust Intelligence Network (The Network), the most comprehensive data repository that profiles tens of millions of users, to process hundreds of millions of login, payment and wire transfers every month. Overall, businesses must face the reality that the password is dead and more effective strategies must be put in place to protect transactions.
ThreatMetrix secures Web transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including banking, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
© 2013 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.