Retail Online Integration

You will be automatically redirected to retailonlineintegration in 20 seconds.
Skip this advertisement.

Advertisement
Follow us on
Connect
Advertisement
 

The Password is …

Merchants need new authentication tactics to protect themselves from an epidemic of data breaches

April 2014 By Andreas Baumhof
Get the Flash Player to see this rotator.
 

The problem is magnified by the fact that users tend to have the same password for many different accounts. Multiple studies show that upwards of 50 percent of individuals use the same password for all or most of their login accounts, including work, online merchant accounts, banking applications and social networking sites. This is dangerous for a number of reasons. Crime rings, for example, use social networking and other sites with relatively weak security to crack passwords. Sites without velocity checks to detect automated scripts or botnets are repeatedly exploited until valid credentials are discovered. Once passwords are ascertained on these weaker sites, the credentials can be used to gain access to numerous other sites.

Armed with cracked, guessed or stolen login credentials, cybercriminals enter the front door so to speak. Using normal login procedures, hackers directly access user and even privileged system accounts to register fake accounts, make fraudulent purchases, steal credit or debit card data, download intellectual property and disrupt information systems.

Context-Based Authentication
The vast majority of authentication systems break because of one reason: they focus entirely on evaluating login credentials, usually passwords, and completely fail to detect or even look for imposters who have stolen but valid credentials.

It's clear that a new approach is needed — one that adds authentication layers to increase trust when necessary, but doesn't impact the experience of legitimate users. And, most importantly, the solution needs to look at the entire picture, not just login credentials.

Fortunately, with the advent of context-based authentication, the entire set of circumstances that surround a login attempt can be evaluated. There are numerous indicators and techniques now available that detect with a high degree of accuracy when an imposter is attempting to gain access, even if he or she has valid credentials. Imposters are challenged and denied access, and legitimate users are allowed to connect without friction.

Merchants can protect themselves from cybercriminals by implementing context-based authentication, which provides a number of advanced capabilities and benefits, including the following:

  • Sophisticated processes profile the user's device to identify the specific PC, laptop, tablet or phone, and to detect the presence of malware or other threats. IP address, geolocation, language or other configuration mismatches, cookies, and numerous additional risk factors are evaluated.
  • Shared global trust intelligence networks to examine a user's identity and activity, recognizing both legitimate users and threats based on anonymous shared intelligence. Multiple contextual elements all work together to establish trusted and untrusted attempts by users to log in, including device health, history and associations with fraud, user persona and behavior, and trust associations.
  • A trust-based approach that's capable of "tagging" identifying elements such as the combination of a specific user and device with levels of trust or untrust. This provides you with advanced security features and a frictionless experience for legitimate users. 
  • Elevate trust when necessary by implementing two-factor or out-of-band authentication.

In light of the countless recent high-profile data breaches — and more certain to come — businesses must be more cautious than ever and implement effective authentication procedures that do more than just evaluate login credentials. The entire context surrounding each login attempt must be analyzed to detect and stop imposters, even if they have valid credentials.

Andreas Baumhof is the chief technology officer at ThreatMetrix, a provider of integrated cybercrime prevention solutions. Andreas can be reached at abaumhof@threatmetrix.com


 

Companies Mentioned:

COMMENTS

Click here to leave a comment...
Comment *
Most Recent Comments:

SPONSORED CONTENT

MORE ON E-COMMERCE >>

FROM THE BOOKSTORE

You have a worthy project AND you’ve identified a prospect with means. How do you connect the two in a way that produces a sizable gift? Jerold Panas, America’s premier fundraiser, shows you exactly how in How to Make a Case Your Donors Will Love. Making a Case Your Donors Will Love

You have a worthy project AND you’ve identified a prospect with means. How do you connect the two in a way that produces a sizable gift? Jerold Panas, America’s premier fundraiser, shows you exactly how in How to Make a Case Your Donors Will Love....

ORDER NOW

You know you need to gather donor data. But why? And more 
importantly, how? And even more importantly, what do you do with it once
 you've gathered it? Are you gathering too much? Or the wrong kind?
	This new 
	FundRaising Success
	webinar brings the case-study format of our popular Engage conference 
to an extended, value-added webinar that will dig deep and give 
nonprofits guidance on the best ways to gather and use donor information
 — as well as take the mystery and trepidation out of the whole issue.
	Featuring:
	Page Bullington, Target Analytics; Mazarine Treyz, "The Wild Woman of 
Fundraising and Social Media"; and Roger Hiyama, Russ Reid
	Duration: 75 minutes
	Cost: $19.95AVAILABLE ON-DEMAND UNTIL 9/9/14
	Click here to view this webinar today! Engage Virtual Workshop: Driving Donations with Data

You know you need to gather donor data. But why? And more importantly, how? And even more importantly, what do you do with it once you've gathered it? Are you gathering too much? Or the wrong kind? This new FundRaising Success webinar brings the case-study format of our popular...

ORDER NOW

 

SUBSCRIBE TO eM+C Daily

Receive our FREE Daily
e-newsletter:
     Privacy Policy
 

RETAIL ONLINE INTEGRATION MAGAZINE:

Get Your FREE Subscription to Retail Online Integration:
July/August 2014
     Privacy Policy