A Review of the Best News of the Week on Identity Mgt & Web Fraud
The Unintended Consequences of Better Fraud Prevention: Synthetic Identity Fraud (IDology, Oct 20 2017)
Synthetic identity fraud, first emerged decades ago and has recently become a prevalent method used by criminals. According to a report by the GAO it is defined as “a crime in which perpetrators combine real and/or fictitious information, such as Social Security numbers (SSN) and names, to create identities with which they may defraud financial institutions, government agencies, or individuals.”
Call Center Fraud Vectors & Fraudsters Analyzed Revisited (Pindrop, Oct 25 2017)
According to Gartner, “By 2020, 75% of omnichannel customer facing organizations will sustain a targeted, cross-channel fraud attack with the contact center as the primary point of compromise.”
SAML explained: What it is, what it’s used for, how it works (CSO Online, Oct 12 2017)
The Security Assertion Markup Language (SAML) standard defines how providers can offer both authentication and authorization services. Here’s what you need to know.
Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report
SSN for authentication is all wrong (Microsoft Secure – Blog, Oct 23 2017)
Do you agree that the best digital verifiers are: 1) Private, 2) Easily changed, and 3) Unique?
PII and the Blockchain – Rethinking the Identity Trust Problem (Cylance, Oct 26 2017)
The blockchain is an open, distributed ledger, which consists of a list of records (blocks) linked together via cryptographically-derived hash links. In most blockchain scenarios, these are public, anonymous servers – not owned or affiliated to any enterprise. Here are five basic principles underlying the technology.
Should You Make Your Users Log In? (Auth0 Blog, Oct 23 2017)
Pros, cons, and exceptions to asking users to create an account.
Why Layering Your Security is Important (Axiomatics, Oct 23 2017)
Organizations need to shift from a world where anyone has access to everything or worse, no one has access to anything (which leads to …) to a compartmentalized world where individuals get access to the applicable data under relevant circumstances.
What does it mean to be Identity Native in a 5G world? (ForgeRock.com, Oct 25 2017)
The advent of 5G networks, combined with advances in digital identity technologies presents telecom carriers with an excellent new opportunity to re-invent themselves as globally trusted digital market participants…
What is explicit consent (and why does it matter)? (Janrain, Oct 19 2017)
For years, businesses across the globe have been able to skate by with pre-checked consent forms filled with ambiguous terms, allowing them to collect vast quantities of customer data with impunity. Consumers, on the other hand, largely had little to no clue what information companies were collecting or for what purpose. The EU’s General Data Protection Regulation (GDPR) is going to put an end to many of these practices.
How to Implement Cloud Identity Access Management (IAM) in 3 Easy Steps (OneLogin, Oct 26 2017)
But how do you do this when your company subscribes to dozens of cloud applications like Office 365, G Suite, Salesforce, and Box? How do you ensure that these apps all fall in line with your org’s security and compliance requirements?
Digital Identity and the Multi-Device Quandary (ThreatMetrix, Oct 20 2017)
From the first time customers hit your website or app to open a new account, login to a current account or make a payment, dynamic data around each digital identity provides full context for each and every trust decision – even if that customer returns using a different device.