passwords

New Survey: Consumers Increase Security Expectations in Wake of Password Breaches

Several years ago, I was talking to an organization which had recently deployed risk-based authentication on its online customer portal. Based on their business model, I was especially curious to learn why they had selected to add consumer authentication to their website.  The answer was simple, “It is a competitive advantage for us.” Fast forward…

Your Cell Phone has a dirty little secret it does not want to tell you

If you are a fan of the CBS Show 60 Minutes  you may have seen a couple of well-done episodes around the espionage and intrigue of spies hacking cell phones. The problem is that these episodes don’t go far enough informing the average user as to the extent of the vulnerabilities. Inter-telco communications leverages a protocol…

Act at the Speed of Fraud: Take the Challenge

How fast can you find fraud?  That is the challenge put forth by the RSA Fraud & Risk Intelligence team at RSA Conference 2017. Why the emphasis on speed? Simply put, the faster an organization can isolate the source of fraud, the faster they can respond. And based on RSA’s research, there is a gaping…

Credential Checking Services Soar in Popularity on Dark Web

If you’ve ever needed another reason to not recycle your passwords, I give you Sentry MBA. Although the tool has been around for a couple of years, it has recently been soaring in popularity among those in the fraud community which is no surprise with more than 1.5 billion consumer credentials breached so far this year. The…

The Perils of Consumer Single Sign-On

From social media to gaming sites, every headline of a new breach makes me groan, “Time to change my password.”  It’s a begrudging task, but I still have not been pwned.  Aside from the risks associated with the common problem of password recycling among consumers, there are far too many online websites that enable consumers…

Account Takeover Gains Full Visibility with Web Behavior Analytics

Interest in and adoption of web behavior analytics is surging because of its ability to interpret the navigation and intent of each visitor to the website and as one of the best ways to protect the business against the skyrocketing rates of website fraud.  Account takeover is one of the predominant threats plaguing organizations with…

Wearables leaking your passwords? We can solve that.

Recently, I wrote about  a newly published white-paper showing the power of wearable devices to help determine if users are who they claim to be, on a continuous basis. The paper describes a method, which in part relies on correlating a user’s gestures and movement on 2 devices in proximity of each other: The user’s…

MySpace and Tumblr Breaches Put Other Consumer Brands on Alert

With the unveiling of two more “mega breaches” this morning, the headlines and news cycles are clamoring for continued updates.  The more serious of the two involved the breach at MySpace with 427 million email addresses and linked passwords stolen.  The other involved 65 million unique emails and passwords stolen from the popular site, Tumblr. …

New PCI Multifactor Authentication Rules: Is it Too Late?

The PCI Security Council just extended its requirements for multi-factor authentication to anyone who has access to credit card data. These requirements, which comes on the heels of the European Parliament adopting its revised Directive on Payment Services (PSD2) late last year, require strong authentication for all Internet transactions. PSD2 also introduces strict security requirements…

Not on My Dime: When Fraudsters Take a Phantom Ride

As any parent with children in sports knows, it is simply not possible to be in two places at the same time.  I have tried to defy the laws of time and space by magically appearing at two different baseball fields when my sons’ games are conveniently scheduled at the same time on different fields…