Digital Banking 2019: Account Takeover a Hot Topic
SourceMedia’s Digital Banking conference recently wrapped up after three days of showcasing everything digital. With senior-level executives from global financial institutions and FinTech providers in attendance, all eyes were on digital innovation. From customer expectations around mobile, AI, privacy and security, financial services are on the brink of massive transformation.
From a consumer protection standpoint, cyber security and account takeover prevention took center stage. Financial institutions hold more than just cash; they store incredible amounts of highly-sensitive personal data that bad actors are all too anxious to get their hands on – bank account and credit card numbers, social security numbers, driver’s license numbers, addresses and the like. Because so many people reuse passwords across multiple accounts, including bank accounts, once one password is compromised in a breach, cyber criminals can quickly discover the other accounts using the same password – at scale. The 2018 SpyCloud Credential Exposure Report found of the 3.5 billion exposed credentials it recovered in 2018, 24 percent were directly attributed to reused passwords, making password reuse the number one culprit in account takeover (ATO).
Even though password reuse is so prevalent, another issue is at play: weak passwords. Cyber criminals use bots that can crack most passwords in seconds, then rapidly scan those passwords against thousands of common online companies to find matches. For every matched credential and account, these criminals have all they need to take over those accounts for financial gain. They can use the personal information they obtain to pose as the real customer, changing account and profile details, withdrawing funds and even applying for loans.
Most financial institutions struggle to detect account takeover, let alone prevent it. Because cyber criminals have the technology to work quickly, they can take over an account within hours, accessing private data and draining financial accounts in minutes. Even worse, they often sell the stolen credentials and personal information on underground markets for continual, long-term attacks. As long as the person keeps using the exposed password on any account, they’re at risk. It’s a serious problem that’s only getting worse because most traditional fraud prevention and bot detection solutions are too slow to match the speed of the ATO timeline.
SpyCloud: Best in Show
SpyCloud was intrigued by the presentations, demos and conversations at the conference. Even though we are focused on security, it’s always fascinating to learn more about the innovations that will shape the next generation of financial services and beyond (many of the solution demo’d, like ours, are relevant to many industries). It’s a new world and as everything goes digital, there are limitless opportunities to bring to market products and services that will compliment, tame and expand the new frontier.
With so many digital pioneers in attendance, we were honored and humbled to be awarded the highest score and first prize in the innovation contest at the Digital Banking 2019 conference. Earning this recognition from multiple judges demonstrates the industry’s hunger for an account takeover solution that does more than detect problems after they’ve already happened, but also prevents them from occurring in the first place.
We know from data and research that once accounts have been compromised, the clock starts ticking at double time. The earlier the exposure can be detected, the sooner the account can be locked down and protected before a criminal has a chance to take over the account. SpyCloud proprietary technology and methods help financial institutions mitigate account takeover by proactively remediating account exposures automatically. No other solution has been proven more effective to detect and mitigate account takeover attempts.