Tag: online security

In today’s digital age, call center fraud is a growing threat that businesses can no longer afford to ignore. As fraudsters become increasingly sophisticated, it’s crucial for companies to implement robust security measures to protect both their operations and their consumers. Various forms of call center fraud can have a significant impact on businesses. To prevent this, companies can use effective strategies including multifactor authentication solutions and account takeover prevention techniques. But first, what is call center fraud? Understanding call center fraud Call center fraud occurs when fraudsters exploit vulnerabilities in customer service operations to gain unauthorized access to sensitive information and commit identity theft. This type of fraud can take many forms, including social engineering, which occurs when a fraudster manipulates a call center agent into providing information or access, and phishing, which occurs when fraudsters use deceptive tactics to obtain confidential details from unsuspecting individuals. One of the most concerning tactics used by fraudsters is impersonation, or pretending to be legitimate consumers to gain access to accounts. Once they have access, they can make unauthorized transactions, change account details, or even take over the account entirely—a scenario known as an account takeover. The impact of these fraudulent activities can be devastating, leading to significant financial losses, damage to brand reputation, and a loss of consumer trust. Key strategies for preventing call center fraud According to recent research, account takeover fraud has increased by 330% in the past two years, projecting to cost $6.24 billion globally.[1] In addition, the number of U.S. consumers who have experienced account takeover has increased from 22% in 2021 to 29% in 2023.[2] To effectively combat call center fraud, businesses must adopt a multi-layered approach that includes advanced technological solutions, comprehensive employee training, and real-time monitoring. Here are some of the most effective strategies: 1. Implementing multifactor authentication (MFA) solutions One of the most effective ways to secure consumer interactions is by implementing multifactor authentication (MFA) solutions. MFA requires users to provide two or more verification factors to gain access to an account or complete a transaction. This adds an extra layer of security, making it significantly more difficult for fraudsters to succeed even if they have obtained some of the consumer’s information. MFA can be integrated into call center operations in several ways. For example, businesses can use voice recognition as a biometric factor, requiring consumers to verify their identity through a unique voiceprint. Other methods include sending a one-time code via text message, which the consumer must provide during the call, or using mobile app verification, where consumers approve transactions directly through their smartphones. 2. Account takeover prevention Account takeover is one of the most serious threats to call centers, as they involve fraudsters gaining control of a consumer’s account, often with disastrous consequences. To prevent account takeover, businesses can employ a combination of technological solutions and best practices. First, understanding what account takeover entails is crucial. It typically begins when a fraudster obtains some of the consumer’s personal information—often through phishing, social engineering, or a data breach. They then use this information to impersonate the consumer and convince call center agents to provide them with access to the account. To combat this, businesses can employ several account takeover prevention techniques. Anomaly detection systems can flag unusual activities, such as login attempts from unfamiliar locations or devices, prompting additional verification steps. Behavioral biometrics is another powerful tool, analyzing patterns in how users interact with their devices to detect inconsistencies that may indicate fraud. Continuous authentication, where the system continuously verifies the user’s identity throughout the session, is also effective in catching fraudsters in the act. 3. Training and awareness Technology alone may not be enough to entirely prevent call center fraud—human factors are equally important. Regular training for call center staff is essential to ensure team members can recognize and respond to potential fraud attempts. Employees should be trained to identify common tactics used by fraudsters, such as social engineering, and to follow strict verification procedures before providing any sensitive information. Awareness campaigns can also play a significant role in preventing fraud. Internally, companies should run regular campaigns to remind employees of the importance of adhering to security protocols. Externally, educating consumers about the risks of fraud and encouraging them to use security features like MFA can help reduce the likelihood of successful attacks. 4. Real-time monitoring and analytics Real-time monitoring is a critical component of an effective fraud prevention strategy. By continuously monitoring calls and transactions, businesses can quickly identify and respond to suspicious activities before they escalate. Advanced analytics tools, including voice analytics and behavior analysis, can provide valuable insights into potential fraud, allowing companies to take proactive measures. Voice analytics, for instance, can detect stress or hesitation in a caller’s voice, which may indicate that they are not who they claim to be. Behavior analysis can track how consumers typically interact with their accounts, flagging deviations from the norm as potential fraud. Continuous improvement is key here—regularly reviewing and updating monitoring protocols ensures that businesses stay ahead of evolving threats. Preventing call center fraud in your business By using a multi-layered fraud approach through a variety of authentication solutions, your business can quickly detect call center fraud without disrupting your consumers’ experience. Identify the risk Identity-based risk detection can pinpoint when a specific identity may be in the hands of fraudsters. Device intelligence solutions can recognize the risk associated with a specific device used to attempt online access. Address the risk Knowledge-based authentication (KBA) can quickly authenticate users by asking questions only they can answer, which can deter fraudsters. MFA services can generate and deliver a one-time password to a consumer’s mobile device to verify their identity in real time. Document verification allows your business to collect and verify images of identity documents uploaded from a consumer’s mobile device. Protect your business and your consumers from call center fraud Call center fraud is a significant threat that requires a proactive and comprehensive approach to prevention. By implementing strategies such as multifactor authentication solutions, account takeover prevention techniques, and robust employee training, businesses can significantly reduce their risk of falling victim to fraud. In today’s fast-paced digital world, staying vigilant and proactive is the key to safeguarding your call center against fraud. Act now to protect your business and maintain the trust of your consumers. Enable your call center to detect risk quickly and effectively with our robust fraud prevention solutions. Get started Download our identity and fraud report This article includes content created by an AI language model and is intended to provide general information. [1] Worldmetrics.org, Account Takeover Statistics: Losses to Reach $6.24 Billion Globally, 2024. [2] Security.org, Account Takeover Incidents are Rising: How to Protect Yourself in 2024.

Replay attacks may threaten your customers’ online security Today, consumer online security is more important than ever. This year, the FTC has already received nearly six million reports of fraud, and 1.4 million of those cases were specifically identity theft.[1] In addition, a recent study reported that losses due to identity fraud amounted to almost $23 billion in 2023.[2] And consumers aren’t the only ones at risk. According to CyberArk’s global research report, 93% of organizations had two or more identity-related breaches in the past year.[3] This means it’s not only up to consumers to protect themselves against identity theft. It’s also up to businesses to protect themselves and their customers from the threat of fraud. As security technology advances, so do the tactics of hackers attempting to steal information such as usernames, account numbers, and passwords from innocent online users. One method that hackers use to obtain this information is called a replay attack, which can pose a serious threat to your customers’ online security. What is a replay attack? A replay attack is a network-based security hack in which a hacker intercepts legitimate data transmission and then fraudulently repeats it to gain access to a network or system. These attacks are designed to fool the victim into believing the hacker is a genuine user, and they happen in three steps: Eavesdropping: The hacker listens in on secure network communications, such as information sent through a Virtual Private Network (VPN), to learn about the activity happening on that network. Interception: The hacker intercepts legitimate user information – usernames, user activity, computer specs, passwords, etc. Replay: The hacker illegally resends (or “replays”) the valid information they gathered to trick the receiver into thinking that they are a genuine user. Here’s an example: John transfers funds from one online banking account to another. A hacker illegally captures that transaction message (which is often accompanied by a digital signature or token) and “replays” that same transaction message multiple times to trigger additional fund transfers, all without the genuine user’s knowledge or permission. The bank doesn’t recognize a problem because the “replayed” transaction messages includes the legitimate digital signature/token, so the bank approves the additional transfers. Replay attacks aren’t just used for banking transactions. They can be used for various activities, such as: Internet of Things (IoT) device attacks: IoT devices include a multitude of “smart home” devices such as smart plugs, cameras, locks, appliances, speakers, lights, and more. Vulnerabilities in these devices can allow hackers to replicate commands to these devices that seem legitimate, such as turning on cameras, unlocking doors, and disabling security systems.[4] Remote keyless entry systems for vehicles: Most vehicles use a remote key fob to lock and unlock the doors. This key fob usually uses radio waves to send the lock/unlock signal to the car. Hackers can use a device to receive and transmit radio waves near a person’s vehicle that mimic that same lock/unlock signal, and then “replay” that signal to unlock the person’s car themselves.[5] Text-dependent speaker verification: Some people use voice recognition to verify their identity when accessing an account or system. Hackers can record a person’s voice when the person speaks to verify their identity, and then “replay” that voice recording to fraudulently access the account.[6] How to prevent replay attacks Replay attacks are dangerous because they are often unnoticed or overlooked until the damage has already been done. Fortunately, there are ways to stop hackers from using replay attacks to access your customers’ personal information. Device intelligence: By leveraging unique intelligence about the device being used, replay attacks can be thwarted even when fraudsters are using authentic, but stolen, information. Time stamping: By forcing a timestamp on all sent and received messages, you can prevent hackers from sending repeated messages with legitimate information obtained illegally. Geolocation review: By identifying suspicious language and/or time zones, you can compare access routes to confirm customers are authentic and secure. Why it matters for your business Consumers in the U.S. value network security more than ever, with 70% rating security a top priority, even over personalization and convenience.[7] People want to feel safe online, and if they experience a threat of identity theft or fraud, they’ll need to find a reliable resource to keep their personal information secure. Successful replay attacks allow fraudsters to impersonate real users and potentially gain partial or full access to their personal online accounts. If your customers fall victim to these kinds of attacks, the resulting stress may have a negative impact on your relationship with them. With our fraud management solutions, your business can strengthen your customers’ trust and security by leveraging highly trained fraud analysts to help uncover suspicious activity that might not be noticed otherwise. Lower fraud losses and achieve fraud capture rates that exceed industry averages. Protect your customers by using a covert, frictionless solution the reduces false positives. Improve operational efficiency by prioritizing resources across the board. Protect your consumers with powerful fraud management solutions 63% of consumers say it’s important for businesses to be able to recognize them online, and 81% say they are more trusting of businesses that can accomplish easy and accurate identification.[8] While replay attacks can cause consumers stress and anxiety, taking action to prevent them can fortify a strong, trusting relationship between your business and your customers. Protect your customers and prevent replay attacks with our powerful fraud management solutions. Get started [1] IdentityTheft.org, 2024 Identity Theft Facts and Statistics. [2] Javelin, 2024 Identity Fraud Study: Resolving the Shattered Identity Crisis. [3] CyberArk, Report: 93% of Organizations Had Two or More Identity-Related Breaches in the Past Year, May 2024. [4] Hackster.io, IoT Devices May Be Susceptible to Replay Attacks with a Raspberry Pi and RTL-SDR Dongle, 2017. [5] Automotive World, How to mitigate vulnerabilities in keyless entry systems, 2023. [6] Antispoofing, Audio Replay Attacks and Countermeasures Against Them, 2022. [7] 2018 Experian® Global Fraud Report [8] Experian® 2024 Identity and Fraud Report Highlights Evolving Fraud Landscape This article includes content created by an AI language model and is intended to provide general information.

Online identity verification has become a basic necessity for everyday life. Consumers today might expect to upload a picture of their driver's license or answer security questions before creating a new account. And it's crucial to them — 63% say it's extremely or very important for businesses to be able to recognize them online. While many organizations have a consumer recognition strategy, moving from strategy to action and then getting the desired result isn't easy. That's particularly true when you're working to create seamless experiences for customers while fighting increasingly sophisticated fraudsters. Why is online identity verification challenging? Identity verification in the physical world might be as simple as checking a government-issued ID card — and perhaps an additional form of identification (or two) when the stakes are higher. Verification becomes more complicated as you move into the digital realm, especially when you need to automate decisions. There are many specific challenges to overcome, but some of the main ones fall into four categories. Finding the right friction: In an ideal world, every legitimate user will flow through your verification checks with ease. In reality, you may need to introduce some roadblocks to comply with know your customer (KYC) rules and prevent fraud. Finding the friction-right balance can be tricky. Accessing and using data: Using expanded data sources, such as behavior and device info, can improve outcomes without adding friction. But simply having more data isn’t the goal. You need to be able to organize, process and use the data in a compliant manner to quickly and accurately verify identities. Fighting fraud: You’re up against formidable foes who consistently test your systems for weaknesses and share the results with other fraudsters. You have to be able to spot first-party fraud, identity thieves and synthetic identities. Securing the data: Accessing and storing customer data is vital for a successful identity verification system, but it’s your responsibility to securely protect customers’ data. It also may be a legal requirement, and you need to be mindful of all the applicable regulations. These aren't fixed challenges that you can overcome in a single hurdle. Consumer preferences, fraud tactics and regulations are continually evolving, and your identity verification platform needs to keep up. Potential benefits throughout the customer lifecycle Companies that want to create, manage and continuously identify consumers are starting to take an enterprise-wide approach that relies on creating a single-customer view. The idea is to have a single identity that you can expand as you learn more about a person’s preferences and behavior. Otherwise, business units can wind up with fragmented views that lead to jumbled messaging, errors and missed opportunities. While it can be difficult to implement well, the single-view approach can also be powerful in action: Targeting and onboarding: Marketing, acquisition and onboarding aren’t necessarily handled by the same teams, but a smooth process can create a lasting good impression. There are also recent developments that can provide pre-fill capabilities with their identification verification solutions, which can create a nearly friction-free onboarding process. Prevent fraud: The single-view approach also lets you leverage cross-device and real-time data to detect and prevent fraud, and determine the right-size verification method. Using identity graphs to verify identities in real-time can also help you detect fraud, including account takeovers and first-party fraud. Customer experience: Consistently identifying customers can improve their experience — particularly when different departments can easily access and update the same identification material. In turn, this can lead to brand loyalty and the potential to upsell and cross-sell customers. The need for accurate verification is growing as people spend more time living and shopping online. Only 16% of consumers are confident businesses can consistently recognize them online, which also means there’s an opportunity to surprise and delight the skeptics. What do consumers want? Most people want to be recognized as they move throughout their digital lives. But data breaches and identity theft continuously make headlines, and people aren't ignorant of the dangers of sharing their personal information. In fact, consumers ranked identity theft (80%) as their top online security concern, a sizable +20% jump from the previous year. Finding the right balance of privacy, security and due diligence is important for earning customers' trust. However, the best approach to online identity verification may depend on who your customers are and how they interact with your products and services. Finding a great online identity verification partner Knowing how important online identity verification can be for the success of your business, you need to be sure that the digital identity solutions providers you partner with can meet your current and future needs. A good fit can: Give you access to multidimensional data: You can use online and offline data to support your digital identity verification systems. Some vendors can also help you use internal data,deterministic dataand outputs from probabilistic models to improve your results. Scale to meet future challenges: Many businesses are exploring how to use machine learning and artificial intelligencefor identity resolution and verification. These can be especially powerful when combined with robust data sources and may become more important as additional data sources come online. Protect your business: Identity verification solutions need to help you comply with the regulatory requirements and detect fraud with low false-positive rates to protect your business. First and foremost, you want to work with a partner who knows thatidentity is personal. Your customers are more than data points, and putting their needs and wants first will ultimately help you earn their trust and business. Learn more about Experian’s customer-centric identity verification solutions. Learn more

Millions of people access the internet every day using desktop computers, laptops, and mobile devices. Though an increased number of online users have been accessing the web while working from home due to the pandemic, many are still going online in public places and using public wi-fi and/or unsecured networks, such as coffee shops, airports, and internet cafes. While it may be convenient to access the internet from anywhere at any time, there are risks involved with doing so. Connecting to the internet on an unsecured network without the proper protection can render your device vulnerable to data collection, tracking, and targeting from hackers. The best way to protect yourself from these kinds of attacks is to use a Virtual Private Network, or VPN. What is a Virtual Private Network? A Virtual Private Network (VPN) creates an encrypted, private connection to the internet that allows you to securely browse the web while protecting your information from being tracked or targeted. Globally, there are approximately 1.5 billion VPN users as of 2023, making up about a third of all internet users worldwide. 43% of these people use a VPN for security reasons.[1] How does a VPN work? A VPN routes your internet traffic through a different server, rather than the server your internet service provider usually uses. The data you send and receive is then encrypted, so even if it were to fall into the wrong hands, it would be unreadable. Your data will appear to be sent from the VPN itself, instead of from your device. This provides an additional layer of privacy to your browsing experience, especially if you’re using a public or unsecured network to access the internet. How can you use a VPN? With Experian’s Secure VPN, what you search, see, and share on your mobile or desktop devices stays hidden from hackers, preventing data collection, tracking, and targeting. You can confidently connect to a stronger, more reliable, private Wi-Fi connection that secures your devices’ online or offline activity. What are the benefits of Experian’s Secure VPN? You can use Experian’s Secure VPN on an unlimited number of desktop and mobile devices, so your whole family can be protected. Secure VPN’s high-speed connection ensures that you won’t need to worry about slow loading times or dropped connections, and its unrivaled security allows you to take advantage of best-in-class privacy. Browsing the internet on an unsecured network is risky and can leave you open to data theft and identity fraud. By using a VPN, you’ll enjoy a safer, more secure internet experience. Visit our website to learn more about Experian’s Digital Privacy and Control solutions. [1]DataProt.net. VPN Statistics for 2023 – Keeping Your Browsing Habits Private.

The average person spends nearly seven hours a day online[1]. Much of that time consists of sharing personal information with a variety of websites, which can sometimes lead to bad actors gaining unauthorized access to your personal information for ill-intended purposes. Theft of your personal information – and subsequently, identity fraud – can have seriously damaging consequences. According to a report from the AARP, nearly 42 million Americans fell victim to identity fraud in 2021, costing $52 billion in losses[2]. You can proactively take three easy steps to protect and keep track of your personal information online. 1. Keep your information updated. Outdated information can lead to problems for your online accounts. If an old online account that you no longer use has outdated information such as a previous home address where you no longer live, or an email address you haven’t used recently, that information can sometimes be used to access your current online accounts. If a hacker has access to those details, they could potentially use that information for criminal activity such as making unauthorized transfers from your bank account. Solution: Make sure your information – name, email address, phone number, mailing address, etc. – is up to date across any websites you use frequently. This may include online shopping, financial information, medical records, email accounts, and/or social media networks. It’s also a good idea to delete any online accounts you no longer use and/or remove any out-of-date information from those accounts. 2. Switch up your passwords. Using the same password for too long, or for multiple accounts, can make it easy for hackers to obtain your personal information. Creating a secure password that’s also easy to remember can be a challenge. Many hackers will try to guess your password based on common information that’s easy to remember, such as birthdates, anniversaries, names of family members or pets, or street addresses. Solution: Change your password at least every six months for any websites where you’ve shared your personal information, and make sure this password can’t be easily guessed. Avoid special dates, names, or street addresses. Using a password manager can help you generate stronger passwords and keep track of existing ones across multiple online accounts, while safely storing and protecting your login information in one place. 3. Add two-factor authentication when possible. Without it, hackers can more easily break into your accounts and gain access to your personal information. Two-factor authentication adds a second layer of defense against people who try to gain access to your online accounts without your permission. Without it, a hacker only needs to obtain your email address and guess your password to get into your account and steal your personal information. Solution: Enable two-factor authentication for as many of your online accounts as possible. When this feature is turned on, a temporary code will be sent to your phone or email inbox whenever you attempt to log in to your account. Since hackers will not have access to this code, they will not be able to access your account.  Identity theft is a serious concern with potentially severe consequences. Avoid any unnecessary risk by:   Keeping your information up to date Changing your passwords often Adding two-factor authentication when possible By taking these proactive steps, you can drastically reduce your risk of falling victim to identity theft while maintaining control of your personal information online. Learn more about our identity protection services [1] Oberlo. 2022. How Much Time Does the Average Person Spend on the Internet? [2] AARP. 2022. Identity Fraud Hit 42 Million People in 2021.

Experian’s latest Global Insights Report found that more than half of consumers have increased their online spending in the last three months, and 50% say it will increase in the next three months. Life online is here to stay, and consumer expectations have shifted, giving businesses and opportunity to sink or swim when building trust and gaining loyalty. This spring, Experian surveyed 6,000 consumers and 2,000 businesses across all industries to learn more about how, why, and where consumers are interacting with businesses online. Our research found that: Experience is top of mind, with 81% of consumers saying that a positive online experience makes them think more highly of a brand Digital payment options are on the rise with 62% of consumers using mobile wallets and 57% considering buy now, pay later as a replacement for their credit card Security is still a big factor, but 73% of consumers say the onus is on businesses to protect them online Download the report to get all the latest insights into consumer sentiment and how recent changes are impacting business priorities and investments. Download the report

Over the last year and a half, strong trends emerged in how businesses and consumers interact online - specifically when validating identities and preventing fraud. We initially explored these trends at a global level, and now we've explored U.S.-specific insights into online security, the customer experience, and digital activities and operations. Download the North America findings report to learn more about business and consumer fraud and identity trends impacting the way we live, work, and interact. Review your fraud strategy

The surge in digital demand over the past year reinforced the deep connection between recognition, fraud prevention and the online customer experience. As businesses transformed their operations to accommodate the rapidly growing volume of digital transactions, consumer expectations for easy, secure interactions increased at an even faster pace. That meant less tolerance for the interruptions caused by security and risk controls. We surveyed more than 9,000 consumers and 2,700 businesses worldwide about this connection for our 2021 Global Identity and Fraud Report. This year’s report dives into: Business priorities for the year ahead Why the digital customer experience remains siloed Consumer preferences that impact the digital customer journey Pandemic-era digital activities that have changed consumer expectations As we move forward into the rest of 2021 it’s crucial that businesses continue to focus on fraud prevention. In order to implement an effective fraud strategy that also makes it easier for customers to engage, businesses need to move away from a one-size-fits-all approach and focus on applying the right level of protection to each and every transaction. Download the report Review your fraud strategy

It’s clear that the digital transformation we experienced this year is here to stay. While there are many positives associated with this transformation – innovation, new ways to work, and greater online connectedness – it’s important that we review the risks associated with these trends as well.   In late 2019 and throughout 2020, Experian surveyed consumers and businesses. We asked about online habits, expectations for information security and plans for future spending. Unsurprisingly, about half of consumers think they’ll continue to spend more online in the coming year. Those same consumers now have a higher expectation for their online experience than before the onset of COVID-19.   Hand-in-hand with the online activity trends come increased risks associated with identity theft and fraud as criminals find new chances to steal information. In response to both of these trends, businesses and consumers want a balance between security and convenience.   Our latest trends report dives into the new opportunities 2020 has created for fraud, and the opportunities to prevent identity theft or manipulation and the associated losses while building stronger relationships.   Download the full North America Trends Report for a look into North American trends over the last year and to learn how fraud prevention and positive customer relationships are actually two sides of the same coin. North America Trends Report

The shift created by the COVID-19 pandemic is still being realized. One thing that we know for sure is that North American consumers’ expectations continue to rise, with a focus on online security and their digital experience.   In mid-September of this year, Experian surveyed 3,000 consumers and 900 businesses worldwide—with 300 consumers and 90 businesses in the U.S.—to explore the shifts in consumer behavior and business strategy pre- and post-COVID-19.   More than half of consumers surveyed continue to expect more security steps when online, including more visible security measures in place on websites and more knowledge about how their data is being protected and stored. However, those same consumers aren’t willing to wait more than 60 seconds to complete an online transaction making it more important than ever to align your security and experience strategies.   While U.S. consumers are optimistic about the economy’s recovery, they are still dealing with financial challenges and their behaviors have changed. Future business plans should take into account consumers’:   High expectations of their online experience Increases in online spending Difficulty paying bills Reduction in discretionary spending   Moving forward, businesses are focusing on use of AI, online security, and digital engagement. They are emphasizing revenue generation while looking into the future of online security. Nearly 70% of businesses also plan to increase their fraud management budgets in the next 6 months.   Download the full North America Insights Report to get all of the insights into North American business and consumer needs and priorities and keep visiting the Insights blog in the coming weeks for a look at how trends have changed from early in the pandemic. North America Insights Report Global Insights Report

For most businesses, building the best online experience for consumers requires a balance between security and convenience. But the challenge has always been finding a happy medium between the two – offering enough security that won’t get in the way of convenience and vice versa. In the past, it was always believed that one would always come at the expense of the other. But technology and innovation is changing how businesses approach security and is allowing them to give the maximum potential of both. Consumers want security AND convenience Consumers consider security and convenience as the foundation of their online experience. Findings from our 2019 Global Identity and Fraud Report revealed approximately 74 percent of consumers ranked security as the most important part of their online experience, followed by convenience. In other words, they expect businesses to provide them with both. We see this with how consumers are typically using the same security information each time they open a new digital account – out of convenience. But if one account is compromised, the consumer becomes vulnerable to possible fraudulent activity. With today’s technology, businesses can give consumers an easier and more secure way to access their digital accounts. Creating the optimal online experience More security usually meant creating more passwords, answering more security questions, completing CAPTCHA tests, etc. While consumers are willing to work through these friction-inducing methods to complete a transaction or access an account, it’s not always the most convenient process. Advanced data and technology has opened doors for new authentication methods, such as physical and behavioral biometrics, digital tokenization, device intelligence and machine learning, to maximize the potential for businesses to provide the best online experience possible. In fact, consumers have expressed greater confidence in businesses that implement these advanced security methods. Rates of consumer confidence in passwords was only 44 percent, compared to a 74 percent rate of consumer confidence in physical biometrics. Consumers are willing to embrace the latest security technology because it provides the security and convenience they want from businesses. While traditional forms of security were sufficient, advanced authentication methods have proven to be more reliable forms of security that consumers trust and can improve their online experience. The optimal online experience is a balance between security and convenience. Innovative technologies and data are helping businesses protect people’s identities and provide consumers with an improved online experience.  

Risk managers, legal experts and brokers say phishing and social engineering are, by far, the biggest security threats facing their companies and clients. In fact, 80 percent of legal experts polled by Advisen for Experian Data Breach Resolution’s 2017 Cyber Risk Preparedness and Response Survey, 68 percent of brokers and 61 percent of risk managers cited phishing/social engineering as their top concern. Why do they feel that way? A look at the numbers and some insight into human nature can explain their fears — and help you understand why your organization should be just as concerned about phishing risks. By the numbers Phishing and social engineering are particularly effective forms of cyberattack because they use technology and knowledge of human nature to manipulate employees into actions that serve the attacker’s purpose. How effective are they? Employees succumbing to a targeted phishing attack was one of the top two insider risks cited by executives who responded to the Ponemon report Managing Insider Risk through Training and Culture. Sixty-one percent of information security professionals polled by Wombat Security for its 2017 State of the Phish report said their organization had been the victim of a phishing attack. According to the Ponemon Fourth Annual Preparedness Study, 38 percent of respondents are not confident they can deal with a spear phishing incident The human risk factor Phishing in general and spear phishing in particular are successful because human beings are often the chink in an organization’s cybersecurity armor. All it takes is one overly curious and under-cautious employee clicking on a suspicious email, or a well-meaning worker who responds to a seemingly authentic request for proprietary information. Those scenarios are the stuff of nightmares for information security professionals, and unfortunately they happen all too frequently. Multiple studies show that negligent employees cause more data breaches than other sources, whether they succumb to a phishing attack or lose a company laptop at the airport. However, studies also show that cybersecurity training, including a component on phishing, can help reduce employee-related risks. Training is critical Among organizations that train employees on how to spot and avoid phishing attacks, 52 percent reported they were able to see quantifiable results — fewer successful attacks — based on their training, Wombat said. Respondents to the Advisen survey stressed the importance of creating a company culture in which cybersecurity is everyone’s job and knowledge of phishing and how to thwart attacks is the norm. Employee training in cybersecurity should begin as part of the onboarding process when the worker joins your organization, and everyone should get a refresher at least annually. While 67 percent of those surveyed by Ponemon said their organizations didn’t incentivize employees to proactively protect sensitive information or report potential issues, any successful culture of security should reward those who are embracing their roles as protectors — and not just punish those who fall short. Learn more about our Data Breach solutions

Our guest blogger this week is Karen Barney of the Identity Theft Resource Center (ITRC). The rise of online functionality and connectivity has in turn given rise to online security issues, which create the need for passwords and other defenses against information theft.  Most people today have multiple online accounts and accompanying passwords to protect those accounts.  I personally have accounts (and passwords) for sites I no longer even remember.  And while I have more accounts than most due to my profession, my hunch is that many people deal with the issue of password overload.  Password overload is when you attempt to use your Pinterest, Twitter, work email and university login passwords (one after another) to get into your Money Market Account only to be locked out.  Now you have to go into the branch with photo ID, or endure the dreaded “customer service hotline” (not-line) to prove that “you are you.”  I expect that you have experienced such “password overload” inconveniences, or you almost certainly know someone who has. The problem seems like it could be easily solved by using the same password for everything.  One password to remember, and no more jumbling through your notebook trying to find what password you used for your newest account creation or Facebook app.  The problem with this approach is that if you are using the same passwords for all (or even several) of your accounts, then if someone manages to get the password for say, your Instagram account, they would probably be able to then drain your savings account, phish your family for personal information (such as your Social Security Number), or rack up a warrant in your name for writing bad checks….  This could all happen because you logged into Facebook at an unsecured Wi-fi location, where your password for that one account is compromised, and it happens to be the same password you use for multiple accounts. So, what do you do if you don’t want to tattoo 25 passwords on your arm and you don’t want to end up cuffed for felony check fraud? The answer is a password manager.  This new service was created so that users can remember just one password, yet have access to all other passwords. The best part is that you can have access to these passwords from anywhere as most of the new password managers are internet based. As the need for password management increases, the options consumers have grown leaving even the strictest cybersecurity aficionado pleased with the service. A few things you should look for when finding a password manager are: Is it cross platform? Will it work on your iPhone and your PC? How is the information (your passwords) encrypted? Does the service sync automatically, or will the user need to update the password storage database every time they sign up for a new account? What is the initial authentication process and how strong is it? How reputable is the company who created the product and what is reported about the product itself? By asking yourself these questions you should be on your way to making sure that your passwords are protected and you won’t lose your mind trying to keep track of them all. Just make sure you protect your login credentials for your password manager…. like really, really well…