The iovation Site
HOME  |  ABOUT  |  CONTACT  |  RSS  |  VISIT IOVATION

Identity-Based Fraud Tools Make Phishing Harder to Combat

March 17th, 2009 by Scott Olson

I came across a good article this morning on detecting and avoiding phoney fraud alerts.  The problem is that I found myself thinking yet again that as online sites employ even more identity-based fraud management solutions to combat online fraud, the likelihood of these phishing attacks to succeed goes up.  More and more often we are being asked for increasing amounts of personal information to validate our identity.

There are two problems with this.  First, we are training online users that providing personal information in addition to credit credentials, i.e. color of your first car, your pet’s name, etc. is required to complete a transaction.  As this has become the norm it  is harder to spot phishing attacks.  Second, we are feeding the online databases created by botnets with increasingly personal information that the scammers can use to bypass these same checks.

I truly believe that the long term viability of solutions that require input of substantial personal information is in question.  To fight fraud, account takeover and identity theft, we should move more to systems that do not require this information like a variety of multi-factor authentication tokens, device fingerprinting, and smart cards.

Tags: , , ,

This entry was posted on Tuesday, March 17th, 2009 at 8:11 am and is filed under Financial Services, Online Communities, Online Gambling, Online Gaming, Online Retail, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Identity-Based Fraud Tools Make Phishing Harder to Combat”

  1. vikram Says:
    March 18th, 2009 at 6:39 am

    Hi Scott,

    I completely agreely with you. The Identity protection is getting complicated for consumer and also leading them to give their personal details.

    In addition, the social networking sites are also opening up people’s life completely. All a phisher or hacker has to do is – POKE them, Add as friend….

    Identity verification needs to be more robust but without relying on the consumer’s knowledge. it has to deliver identification attributes or out of band authentication that are not possible for phishers to ask or get.

    vikram

  2. » Pwn2Own Highlights Ease of Compromise : iovation Blog Says:
    March 19th, 2009 at 7:41 am

    [...] HOME  |  ABOUT  |  CONTACT  |  RSS « Identity-Based Fraud Tools Make Phishing Harder to Combat [...]

  3. » Device Fingerprinting Protects Privacy in Fighting Online Fraud : iovation Blog Says:
    May 4th, 2009 at 10:42 am

    [...] The argument against this type of technology is that the device information could be collected and sold, constituting a violation of privacy of the online user. What is missed here is how significant an improvement this is over existing identity based fraud prevention techniques. Device fingerprinting solutions, such as the device reputation system offered by iovation, ideally work much more to dually reduce fraud while simultaneously protecting the privacy of the individual. iovation’s ReputationManager service, as an example, collects and requires no personal information from our customers. Our online service is completely incapable of assigning any online activity to an individual and we market it that way. This is in direct contrast to many of the systems in place today that fight fraud through an increasingly invasive collection of personal information in the form of questions and responses to personal questions. I have blogged about this topic twice in the past, first on the topic that identity based fraud management systems are part of the problem. Second, I blogged that relying on identity based fraud management systems makes phishing harder to combat. [...]

Leave a Reply