A Review of the Best News of the Week on Identity Mgt & Web Fraud
Equifax Reopens Salary Lookup Service (Krebs on Security, Nov 02 2017)
Equifax has re-opened a Web site that lets anyone look up the salary history of a large portion of the American workforce using little more than a person’s Social Security number and their date of birth. The big-three credit bureau took the site down just hours after I wrote about it on Oct. 8, and began restoring the site eight days later saying it had added unspecified “security enhancements.”
FaceID is Brilliant Because It’s Subtraction Instead of Addition (Daniel Miessler, Oct 31 2017)
“I think one of the best ways to think about the advancement that FaceID represents is to realize that it’s removing an action instead of adding one. True perfection is achieved not when you have nothing left to add, but when you have nothing left to take away. ~ Antoine de Saint-Exupery”
Are You Easily Tricked? Take Our Halloween Fraud Quiz To Find Out! (Riskified Blog, Oct 30 2017)
Fraudsters employ all sorts of tricks to deceive online retailers and get away with eCommerce fraud. Take the quiz, based on data from real orders, to find out if you’re easily tricked, or could cut it as a fraud analyst!
Heart Size: Yet Another Biometric (Schneier on Security, Nov 02 2017)
Turns out that heart size doesn’t change throughout your adult life, and you can use low-level Doppler radar to scan the size — even at a distance — as a biometric.
How to wear your password on your sleeve, literally (Naked Security – Sophos, Nov 02 2017)
Scientists store digital passwords and IDs in clothing. A dress with an electronic display you can control via your smartphone? Trippy. Clothing made with photoluminescent thread and embedded eye-tracking technology that’s activated by spectators’ gaze?
The Best Authentication Technology Might Be Your Own Fingers (Co.Design (blog), Nov 01 2017)
Scientists at the Department of Electrical and Computer Engineering at Rutgers University-New Brunswick have developed a new technology that uses an extremely simple mechanism to turn any solid surface into an authentication surface.
Identity Theft Ring Hit with Credit Card Fraud Indictment (Dark Reading, Oct 27 2017)
The ID theft ring allegedly purchased thousands of stolen credit card and debit card numbers and then encoded that information, along with identities belonging to real people, onto forged credit cards, the DOJ claims.
Security Sense: How Do You Do Knowledge Based Authentication When All Knowledge is Public? (Windows IT Pro, Oct 30 2017)
How do you authenticate people based on data attributes they know when that very information is continually popping up in data breaches? It’s a hard problem with no easy answers.
Virtual Identity Management (JumpCloud, Oct 30 2017)
Over the last two decades, the identity and access management space has remarkably stayed the same. Is the future of IAM virtual identity management? [said by the virtural identity mgt vendor…still, it’s an interesting read]
Slack Plugs ‘Severe’ SAML User Authentication Hole (Threatpost, Oct 27 2017)
Cloud-based communications platform Slack finished patching a severe security hole Thursday affecting portions of its platform that used Security Assertion Markup Language for user authentication.
Don’t Be Catfished: Protecting Yourself From New Account Fraud (Security Intelligence, Oct 31 2017)
Cybercriminals are getting savvier, leveraging stolen identity details to catfish banks and open completely new accounts under fake or stolen names and bypassing common red flags by waiting to use them. This is mostly a marketing piece about Trusteer’s offering, but is interesting for awareness of how some firms are dealing with account takeover.
Massive Identity Data Exposure Leads to Rising Tides of New Account Fraud — What’s Next? (Security Intelligence, Oct 31 2017)
By definition, NAF takes place within 90 days of a new account being opened. Most savvy criminals patiently wait at least 30 days before using the account to bypass common red flags that rely on account age to detect suspicious activity.
How Staples is Fighting eCommerce Fraud this Holiday Season (Whitepages Pro, Oct 30 2017)
Whitepages Pro is talking to fraud managers at major online retailers who have been through it all before. Elie Chemaly from Staples joined us for the second in a webinar series. (Registration required)
Update: Possibly everyone in Malaysia had their mobile records stolen (SC Magazine, Nov 01 2017)
It is possible that everyone in Malaysia may have had their mobile phone records stolen and put up for sale on the Dark Web. This Halloween, we’ve decided to put our readers to the test! Take our quiz, based on data from real orders we’ve reviewed, to find out if you’re easily tricked, or could cut it as a fraud analyst!
The internet of identities is coming and will bring massive IAM changes (CSO Online, Nov 01 2017)
New demands for scale, security and machine learning will support massive proliferation of internet-connected devices.
AI joining the anti-fraud beat as financial-services CIOs fight rising fraud (CSO Online, Nov 01 2017)
Steadily growing rates of fraud are driving APAC financial-services institutions to embrace new technologies at a world-leading pace as they tap into machine-learning tools designed to pinpoint telltale signs of fraudulent activity.
Image management in identity management: a picture paints a thousand words (CSO Online, Oct 31 2017)
Image management can give us the tools to secure and optimize image-based PII.
Introducing LastPass Support for OpenYOLO (The LastPass Blog, Nov 02 2017)
Last year Google introduced their OpenYOLO API that makes it easier for developers to create apps that automatically fill credentials with password managers like LastPass. This means passwords on mobile apps get a whole lot easier, and LastPass now supports OpenYOLO for Android.
Introducing the Sift Science Digital Trust Platform (Sift Science Blog, Nov 01 2017)
Sift Science announces its Digital Trust Platform, a holistic way for online businesses to maximize their revenue with legitimate users while protecting both themselves and their customers from the ever-expanding attack vectors of fraud and abuse.
Introducing the Definitive Guide to Digital Identity #NextGenID (ThreatMetrix, Nov 01 2017)
The Guide was created to further the understanding of digital identity as an important new form of user verification and authentication in digital channels. It provides guidance on how businesses of all sizes can use digital identities to grow profitably on digital channels while minimizing the risks associated with cybercrime.