InfoSec community observes Identity Management Day

Identity Management Day, taking place today, April 12, 2022, has garnered strong responses from security leaders worldwide, many of whom are sounding the bell for stronger authentication methods. The international event is designed to educate business leaders, IT decision makers, and the general public about the importance of managing and securing digital identities.

Slated for the second Tuesday of April each year, Identity Management Day was established in 2021 by the Identity Defined Security Alliance and National Cybersecurity Alliance. Consumers, practitioners, vendors and end-user organizations are all invited to participate in the day, which aims to drive awareness about identity management best practices.

Nils Gerhardt, chief technology officer at Utimaco, noted that identity management remains a key issue in the global commerce ecosystem, despite technological advances. "Managing identity is one of the key challenges for the modern world; despite living and working in a digital society for decades, we are still seeing major data breaches caused by weak passwords and poor security practices," he said. "Meanwhile, around 99 percent of [organizations] believe that their identity-related breaches were preventable."

Jaime Ferreira, vice president of global data science at Feedzai, agreed, stating that living the digital lifestyle adds a world of convenience but also provides low-risk, high-reward opportunities for fraudsters. "It's the perfect place for fraudsters to hide—in a massive number of low-dollar amount transactions," he said. "The more transactions, the more opportunities for them to test stolen cards or other scams. Consumers and banks need to watch out for those small fraud transactions before they add up to big bills."

Consumer best practices

Ferreira pointed out that fraud is on the rise, citing research data from Feedzai's Q2 2022 FinCrime Report: The RiskOps Age, published April 5, 2022, which found 65 percent growth in online transactions and 233 percent growth in online fraud attacks.

Noting that fraudsters can easily hide in voluminous transaction environments, Ferreira urged financial institutions to take a proportional response. "From a fraudster's point of view, this is the best-case scenario," Ferreira said. "But it also creates opportunities for banks to create more effective and personal products and services. It's for both reasons that we've called this report The RiskOps Age. Now is the time to connect teams and data to prevent fraud and provide elevated customer experiences." 

Feedzai researchers listed the top five attacks against consumers as account takeover (ATO); social engineering; purchase scams; impersonation scams and smishing scams—schemes that are largely preventable, they noted, by implementing the following best practices:

• Remember, the click is a trick: Don't open or click on suspicious links via email or text. Fraudsters can't trick you if you don't click on their links.

• Update devices: Install and regularly update anti-malware software. When your computer or phone prompts you to install updates, do it.

• Protect your privacy: Don't provide personal information about yourself or your employer unless you are 100 percent sure the person you're interacting with should have access to that information.

• Use multi-factor authentication: Do not reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes clicking on links sent via email.

• Don't believe the hype: If an offer, prize, or opportunity is too good to be true, it isn't true. Don't fall for tempting out-of-this-world offers.

A copy of the report is available at feedzai.com/resource/feedzai-q2-2022-financial-crime-report/

Enterprise best practices

Gerhardt suggested that identity management revolves around a fundamental question: Is the person I am interacting with who they say they are? Much of the hardware and software that Utimaco creates is designed to answer that question to avoid misuse of digital identity by securely generating, storing and processing sensitive data, he added.

"Solutions like public and private key architecture and data protection are all based on this basic principle and are a key component to securing digital identities and the overall digital security ecosystem with a secure root of trust," Gerhardt said. "Manual tools and processes necessitate a great deal of human effort, which can make the process inefficient and prone to error."

Gerhardt further noted that manual tools tend to fragment visibility, making remediation more difficult and increasing security risks. For this reason, Utimaco welcomes the Identity Defined Security Alliance's focus on identity management, he stated, adding that the company adds its voice to those calling on decision makers to understand the importance of security best practices, processes and technology.

Additional information about Identity Day and the Identity Defined Security Alliance is available at www.idsalliance.org/

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.