By layering in additional dynamic data that has little to no monetary value for cyber criminals, as opposed to relying solely on static information, companies have the potential to stop fraud, Breitenfeld added. Some of the new dynamic factors include:
- Biometrics – Authentication factors such as fingerprints and retina scans can be used to securely verify consumer identities, as these factors are more difficult for fraudsters to steal or replicate.
- IP address – Detecting if an account is being accessed from a new/unrecognized IP address can help stop fraud by challenging the user with additional authentication factors. Additionally, users can be notified if someone attempts to access their account from a new device.
- Location – Location is another way to verify users, and several companies already use this as an authentication factor for purchases. For example, if you live in Kentucky, but an item is purchased using your credentials in China, the transaction will either be blocked completely or flagged to the appropriate people.
- Selfies – Facial recognition software can be used to authenticate someone making transactions on his or her mobile device.
- Velocity checks - Checking the historical shopping patterns of an individual and matching that record against his or her current purchases for irregularities.
- Social media profiles – Analyzing a person’s social media and online accounts help identify whether they are real. For instance, someone whose Facebook profile has been established for years with a high number of friends and consistent profile information is more likely to be authentic than someone with a profile that lacks breadth and depth, which can signify a false or newly created identity.
- Authorized user activity – Monitoring identities that are being added as “authorized users” to accounts is often predictive of fraud, specifically account takeover and the creation of synthetic identities. If the same “authorized user” is being added as a new authorized user to accounts for various different people, it is likely a fraudulent identity.
Zlockie added another factor to examine is hack attack pattern matching, which can show an account takeover attempt by monitoring to see if a user is rushing through the process and matching the speed of the attempted hack with similar attacks. He said the mobile push and transaction signing is not a new authentication tactic, but it’s more secure than dated approaches that rely on passwords or static credit card CVV codes. It’s more than just a way to authenticate to an application, as it can be positioned and applied to a variety of workflow automation use cases.
Besides facial biometrics, there is also voice and iris settings that can authenticate individuals based on their inherent physical traits. “Biometric authentication has expanded beyond the fingerprint for good reason thanks to the fact that biological traits are non-transferrable and provide a high level of protection against fraud. Voice and facial biometrics are flexible in the fact that they can continually authenticate users throughout a session without alerting them that they’re being monitored,” Zlockie said.
Sign up for CIO Asia eNewsletters.