A Review of the Best News of the Week on Identity Management & Web Fraud
Zero Trust – The Importance of Identity-centered Security (Forgerock, Jan 27 2018)
In a zero trust model, authentication and authorization decisions need to happen much more frequently, leverage more information about the context of the event, and can no longer be limited to simple username/password authentication.
Registered at SSA.GOV? Good for You, But Keep Your Guard Up (Krebs on Security, Jan 26 2018)
KrebsOnSecurity has long warned readers to plant your own flag at the my Social Security online portal of the U.S. Social Security Administration (SSA) — even if you are not yet drawing benefits from the agency — because identity thieves have been registering accounts in peoples’ names and siphoning retirement and/or disability funds. This is the story of a Midwest couple that took all the right precautions and still got hit by ID thieves who impersonated them to the SSA directly over the phone.
LexisNexis Risk Solutions acquires ThreatMetrix for $817M to ramp up in risk-based authentication (TechCrunch, Jan 29 2018)
This is a big exit for ThreatMetrix, which was last valued at around $237 million in its last funding round, in 2014, according to PitchBook analysis.
Mastercard to Implement Biometrics for In-Store Card Payments (Infosecurity Magazine, Jan 25 2018)
Consumers will be able to identify themselves with fingerprints or facial recognition when they shop and pay with Mastercard.
Authentication today: Moving beyond passwords (Help Net Security, Jan 29 2018)
Generational differences also emerged showing that younger adults are putting less care into traditional password hygiene, yet are more likely to use biometrics, multifactor authentication and password managers to improve their personal security.
12 best practices for user account, authorization and password management (Google Cloud Platform Blog, Jan 29 2018)
Google Cloud Platform (GCP) brings several tools to help you make good decisions around the creation, secure handling and authentication of user accounts (in this context, anyone who identifies themselves to your system — customers or internal users).
File Your Taxes Before Scammers Do It For You (Krebs on Security, Jan 29 2018)
Jan. 29, is officially the first day of the 2018 tax-filing season, also known as the day fraudsters start requesting phony tax refunds in the names of identity theft victims. Want to minimize the chances of getting hit by tax refund fraud this year? File your taxes before the bad guys can!
Are Biometrics Usernames or Passwords? (ID.me, Jan 26 2018)
The next time someone tells you that biometrics can’t be used as password, simply ask them how they know that their mom is actually their mom when they speak with her.
New Voice MFA Tool Uses Machine Learning (Dark Reading, Jan 25 2018)
Pindrop claims its new multi-factor authentication solution that uses the “Deep Voice” engine could save call centers up to $1 per call.
Old Bitcoin transactions can come back to haunt you (Help Net Security, Jan 26 2018)
A group of researchers from Qatar University and Hamad Bin Khalifa University have demonstrated how years-old Bitcoin transactions can be used to retroactively deanonymize users of Tor hidden services.
Amazon Twitch declares “Game Over” for bots (Naked Security – Sophos, Jan 26 2018)
The makers of the illegal bots were ordered to give up the bot business and to pay a fine of more than $1.3m.
BigID pulls in $14 million Series A to help identify private customer data across big data stores (TechCrunch, Jan 29 2018)
As data privacy becomes an increasingly important notion, especially with the EU’s GDPR privacy laws coming online in May, companies need to find ways to understand their customer’s private data. BigID thinks it has a solution and it landed a $14 million Series A investment today to help grow the idea.
Nine Myths of Account Takeover (Cloud Security Alliance Blog, Jan 25 2018)
On average we find at least one compromised account in half of our new installs, oftentimes finding that they have been there for months. We hope this blog can provide a better understanding of how they work and how to defend against them.
Google Cloud Least-Privilege Function Goes Live (Dark Reading, Jan 31 2018)
Custom Roles for Cloud IAM now available in production from Google.
BehavioSec Raises $17.5M Series B Investment Led by Trident Capital (Behaviosec, Jan 29 2018)
Cisco Investments and ABN AMRO Digital Impact Fund join the round alongside existing investors Octopus Ventures and Conor Venture Partners
Machine Learning And Behavioral Biometrics: A Match Made In Heaven (Forbes, Feb 01 2018)
Today’s behavioral biometric technologies can capture more than 2,000 parameters from a mobile device, including the way a person holds the phone, scrolls, toggles between fields, the pressure they use when they type and how they respond to different stimuli that are presented in online applications.
Privacy Tools Adds Transparency to Microsoft Windows Data Collection (eWEEK, Jan 25 2018)
The upcoming Windows Diagnostic Data Viewer app and revamped Privacy Dashboard will allow users to see the data Microsoft has collected on them.
Why Improved Authentication May Stop the Online Fraud Epidemic (eWEEK, Jan 29 2018)
Research shows that 71 percent of businesses know that they deny more transactions than they should. This doesn’t just lead to a loss of sales; it’s also likely to damage the lifetime value of that customer.
Lyft investigates allegations of employees snooping on riders (Naked Security – Sophos, Jan 29 2018)
On an anonymous site, a purported Lyft worker claimed that employees look up ride data on exes, actors, porn stars and Mark Zuckerberg.
Fraudster almost got $900K from Harris County (Houston Chronicle, Jan 29 2018)
Federal and local law enforcement are investigating the attempted theft of nearly $900,000 from Harris County by someone posing as a contractor doing repairs after Hurricane Harvey.