If you thought last year’s breach of over three billion records was bad, this year has already topped that number with record hacks. The stolen records will most likely be used for identity theft or to gain unauthorized access to other user accounts, especially for services which allow resetting your password using static security questions.
Recent breaches have bred a growing market in the fraud underground selling a variety of account credentials. With the help of account checking tools such as Sentry MBA, fraudsters can take leaked data from one breach, and for mere pennies, check the validity of those credentials across a number of other popular websites.
With Black Friday and Cyber Monday coming up, it is a perfect time for fraudsters to start putting some of those credentials to use for their personal gain in hopes of getting lost in all the noise of holiday shopping. It is also the perfect time for issuers and retailers to start thinking about the benefits that the 3D Secure 2.0 protocol offers to prevent fraudulent transactions.
Risk-based authentication is at the center of 3D Secure 2.0. It enriches the transactional information and takes into consideration hundreds of behavioral predictors in order to allow the optimum balance between usability and security under the “leaked credentials” theory.
On one hand, risk-based authentication enables transparent authentication for low-risk transactions where user behavior is considered familiar by using machine learning algorithms. This significantly reduces transaction abandonment rates by more than 50% and enables issuers to grow their revenues due to the increase in successful purchases. On the other hand, the model still provides optimal protection by reducing fraud losses.
Let’s look at this in practice. Based on the UK market, the 3D Secure risk-based model developed by RSA reduced basis points to a low of 3.5 in the first half of 2017 by inducing step-up authentication in only 5% of transactions. Assuming a 0.2% interchange fee and 98.1% success rate, for a £1B customer, 5% authentication means additional £1.9M revenues per month. In addition, RSA’s model gradually reduced expense due to fraud losses from £600K to £350K, increasing monthly income by almost 20%.
There is no doubt that we live in interesting times. Mobile, wearables, and the Internet of Things are just a few of the technologies changing the digital landscape at an accelerated rate. Adaptive risk engines that leverage machine learning will be critical to solve tomorrow’s challenge. Deep entity profiling is one strategy being deployed to address these challenges through the collection of data, and the use and analysis of the data to better detect fraud.
Ready to Prevail?
Cybercrime is on the rise, and our online infographic shows the global scale of the problem. See what you could be saving with RSA risk-based authentication by using our simple online calculator.
This is a Security Bloggers Network syndicated blog post authored by Liat Ben-Porat. Read the original post at: RSA Blog