With 143 million consumer accounts potentially compromised, the Equifax breach was unprecedented in scale and impact, and will undoubtedly have reverberations for the long term. There is justifiably much anger against the company and between lawsuits, hearings and demands for executive changes, some immediate punishment will be meted. However, it is far more critical to pay attention to the long-term consequences of this event and mitigate that burgeoning fraud risk looming on the horizon.
Fraudsters are likely now in possession of sensitive personal information and are figuring out ways to exploit this through many means including opening new accounts, taking out loans, filing returns among other damaging actions. The heads of fraud operations at financial institutions (FIs) and corporations are at the focal point of this fluid situation as they’re now expected to raise their defenses to protect the interests of their customers. FIs need to up their game on the tools and technologies front to stay a step ahead of fraudsters. Similarly, enterprises will also need to protect against corporate identity theft and potential supplier fraud. Clearly traditional perimeter security or identity based protection initiatives will be ineffective since the credentials have already been stolen. Can anything be done?
Yes, there is still hope. What’s needed is an approach that looks beyond the login credentials and knowledge-based authentication to monitor actual user behavior, which is the last line of defense. FIs and enterprises must algorithmically examine activity in online portals, mobile apps, and payment transactions to accurately detect anomalies that may represent fraud and stop it in its tracks. That’s exactly what behavioral analytics is designed to do and is already proving to be a compelling technology for banks and enterprises alike for minimizing fraud risk.
There’s another financial reason to do this – following Equifax there is bound to be more regulation of the credit bureaus, as well as of the fraud operations function. With the cost of compliance likely to rise for banks, they would be well advised to adopt more automated, efficient tools to replace the heavy and expensive rules systems.
At Guardian Analytics we’ve always believed that the perimeter has become porous beyond fixing, and we stand by our tagline: You can steal credentials, but not behavior. Banks and enterprises should fully expect account takeover and identity fraud incidents to rise drastically and should leverage behavior-based anomaly detection to monitor and detect this new wave of impending fraud. Surprisingly many of these, even medium to large regional or national banks, still use dated rules-based systems for fraud detection that are weak and ineffective. That may have worked sufficiently well in the past but in the wake of the Equifax debacle, there is too much at stake to postpone this investment imperative.
Now, more than ever, behavioral analytics and machine learning is relevant in our lives for detecting fraud and ensuring the security of millions of consumers. Are the financial institutions and corporations listening? The time for action is NOW. Talk to us at firstname.lastname@example.org for a tailored consultation.