A recent study conducted by Javelin Strategy & Research found account takeovers (ATOs) are trending at the highest loss rate, up 72 percent over the prior year. This is due in large part to technological advancements that have made it easier for criminals to manipulate and socially engineer information, while simultaneously making it harder to detect account takeovers without additional security infrastructure.
The study’s expert recommendations for financial service providers, merchants and other technology companies is to push consumers from static passwords to safer authentication methods. The data suggests that consumers are open to making this change, but lack the motivation to do so. This presents a good point: why should the burden fall on the consumer to drive authentication change?
Businesses must think beyond the liability factor and realize that reducing risk on the behalf of customers not only prevents fraud and identity theft, but improves consumer trust and customer experience. 51% of consumers surveyed in the Ponemon Institute’s “The Impact of Data Breaches on Reputation & Share Value” said that in the past two years, they had been notified by a company/government agency that their personal information was lost or stolen as a result of one or more data breaches. Nearly two-thirds reported that the incidents caused them to lose trust in the breached organization, and almost a third took steps to terminate their relationship with the organization.
Relying on passwords and one-time MFA hurt more than help
On the Dark Web, more than 15 billion stolen account credentials are for sale, with 5 billion of them considered unique, according to research by Digital Shadows. One of the largest reasons this trove exists is because passwords are simply too easy for hackers to acquire, be it via credential stuffing, brute force attacks, keylogging, unsecure Wi-Fi or phishing scams.
Additionally, one-time MFA methods can be overcome via network session hijacking, account/password recovery attacks or duplicate code generator attacks. 74% of cyber security leaders agree that traditional passwords and two-factor authentication methods are no longer sufficient.
Since consumers are becoming more savvy about what protections to look for, using passwords only tells them that a business isn't taking their security seriously enough. One-time MFA gives them false hope, leading to greater marring of brand reputation once the inevitable notification of compromised credentials rolls in. Many organizations are currently not using any form of additional authentication method outside of passwords and traditional MFA. The time has come to change the standard..
Zero Trust Identity = continuous CIAM
Most failed identity authentication incidents are due to one thing: authentication that is not continuous. Trust is critical for consumers to feel comfortable when accessing accounts, and for businesses to definitively know that the account access attempts are legitimate. Continuous authentication delivers and develops that trust.
Even for users of one-time MFA, adding continuous authentication prevents hijacked sessions from utterly wreaking havoc, as they require additional authorization when an attacker wants to access sensitive data or perform destructive actions.
Acceptto delivers a frictionless customer experience in addition to continuous security. Our risk engine calculates whether an access attempt is legitimate or not by tracking user and device posture pre-authentication, during authentication, and post-authorization. We supply a continuous, step-up authentication process with real-time threat monitoring, automatically finding the optimal policy for each transaction to maximize security while minimizing friction with AIML analytics. Resultantly, organizations provide safer access, consumers have a seamless experience, and mutual trust between parties is achieved.
Whether through web, mobile, workstation or IoT, we deliver the most intelligent continuous authentication system available. Learn More here.