22 October 2017
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

739Posts 2,037,801Views 62Comments

Survey Shows Account Takeover Fraud Drops

15 February 2011  |  3669 views  |  0

Account takeover happens when your existing bank or credit card accounts are infiltrated and money is siphoned out. A hacked account or stolen credit card is often to blame.

The drop in account takeover may be due in part to a few different things.

Less breaches. There was a drop in data breaches from 221 million records in 604 breaches during 2009 to 26 million records breached in 404 reported breaches during 2010. Criminal hacker Albert Gonzalez and his gang were responsible for many of those hacked records and he and many of his cohorts are now in jail.

PCI standards. All those responsible for accepting credit cards are now under strict Payment Card Industry Standards rules and regulations that require a level of security that took about 5 years to implement. Today many of those merchants are doing a much better job of protecting data.

Device reputation management. Technology that checks an Internet transaction by looking at the PC, smartphone or tablet to see if it has a history of bad behavior or is high risk based on device characteristics and behavior. iovation is one such company that has blocked 35 million fraudulent transactions of this sort just last year.

Javelin reports “When examining account takeover trends, the two most popular tactics for fraudsters were adding their name as a registered user on an account or changing the physical address of the account. In 2010, changing the physical address became the most popular method, with 44 percent of account takeover incidents conducted this way.”

If device reputation was integrated at the “profile update / account update” website integration point, a flag would go up when:

- Too many devices are accessing the account (the business has a predetermined threshold)

- Too many countries are accessing the account (Ex: a United States account is being accessed from Ghana)

- A non-allowed country accesses the account (Your United States-only dating site just had devices from Russia and Romania trying to get into accounts, but it’s blocked automatically with customized business rules.)

It’s no secret that it’s often a few bad apples that upset the bunch. Here’s where the 90/10 rule applies. 90% of people are honest whereas maybe 10% aren’t. And it’s the 10% that do 90% of the stealing.  Device reputation knows who is good and who isn’t. Identity thieves are stopped cold and can’t use the hacked data to commit fraud.


TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Robert

What Was Scary About Blackhat 2017?

02 August 2017  |  6044 views  |  0 comments | recomends Recommends 0 TagsSecurity

Black Hat 2017 was an Amazing Event

29 July 2017  |  6685 views  |  0 comments | recomends Recommends 0 TagsSecurity

Blackhat Hackers Love Office Printers

28 July 2017  |  5286 views  |  0 comments | recomends Recommends 0 TagsSecurity

Getting Owned or Pwned SUCKS!

13 June 2017  |  5706 views  |  0 comments | recomends Recommends 0 TagsSecurity

Parents Beware of Finstagram

27 April 2017  |  5179 views  |  0 comments | recomends Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Member since 2009
732 posts62 comments

Who's commenting on Robert's posts

Ketharaman Swaminathan
Adedeji Olowe