Securing Consumers’ Identity – FinTech Webinar

WEBINAR – FINTECH

Mind the Gap: The Future is Passwordless, But What About Securing Consumer Identity Today?

Webinar - SpyCloud for FinTech - Securing Consumer Identity

The dream: a passwordless future. The reality: the world operates on passwords now and for the foreseeable future. By and large, your customer base is using weak, reused or recycled passwords that put their personal data and financial information at risk.

With fintech services housing so much consumer data and being prime targets for cybercriminals, you are the protector of your customers’ identities in many ways. Yet despite your best efforts to implement strong IAM controls, even unsophisticated criminals armed with credentials pairs from third-party breaches can masquerade as legitimate users.

This webinar explores:

  • How criminal behavior and technology are evolving to outpace your security measures
  • What companies like yours are doing to secure customer accounts in the here and now
  • How one innovative fintech platform is using breach data in four unique ways

This session was hosted in conjunction with KNOW Identity.

Solution: Consumer Account Takeover Prevention

Protect your users from account takeover fraud and unauthorized purchases.

Learn More

Watch the Webinar:

Securing Consumer Identity Today

Presenters

Chip Witt, Vice President of Product Management

Chip Witt has nearly twenty years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. He is currently the VP of Product Management and oversees the Customer Success Program at SpyCloud. Chip works closely with field intelligence teams specializing in OSINT and HUMINT tradecraft, actor attribution and underground monitoring.

Pattie Dillon, Anti-Fraud Relationship Manager

Pattie Dillon’s passion for fraud prevention and risk mitigation begin in 2002 at her firm Etalinc, LLC, where she pioneered the development and creation of a privacy-oriented online IDresponse age verification and identity verification SaaS platform. Her previous roles as President of Veratad Technologies and Director at Wolfe had her focused on reducing fraud and compliance risk and combating gift card fraud. These roles led her to work with Merchants and Law Enforcement to track criminal activity. Now at SpyCloud, Pattie’s focus is developing creative and innovative ways to fight fraud with SpyCloud’s leading-edge products and networking with others in an effort to build a safer internet through collaboration and knowledge sharing.

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

SpyCloud human intelligence researchers have recovered billions of data breach assets, including stolen passwords and emails that can put enterprises at risk of account takeover

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Dataset: COVID-19 Themed Domains

DATASET

COVID-19 Themed Domain Dataset

Graph of new domains related to COVID-19 registered from December 1, 2019 through March 27, 2020

To assist the information security community, SpyCloud researchers have compiled, enriched, and analyzed a list of over 136,000 hostnames and fully qualified domain names with COVID-19 or coronavirus themes from a variety of open-source feeds.

We have made the dataset available to demonstrate how to complete a low-cost analysis using open-source threat intelligence data.

Disclaimer: This data is provided as-is, with no guarantees that the data will be accurate or maintained in any way. For more information about the sources, please refer to the original open-source feeds.

SourceDescription
Certificate Transparency logsOpen dataset for exploring SSL Certificates to identify potential abusive hostnames.
Risk IQ’s COVID-19 feedPublic feed of COVID-19 themed domains sponsored by Risk IQ.
Domain Tools’ COVID-19 threat listPublic feed of COVID-19 themed domains sponsored by DomainTools.
Rapid7 Project SonarOpen data of internet-wide surveys conducted by Rapid7 Labs.

 

Please note that we only used the hostnames from these sources; additional metadata was collected by SpyCloud researchers.

Download the Dataset

Domains with COVID-19 and Coronavirus Themes

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

SpyCloud human intelligence researchers have recovered billions of data breach assets, including stolen passwords and emails that can put enterprises at risk of account takeover

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

2020 Report: Breach Exposure of the Fortune 1000

REPORT

2020 Report: Breach Exposure of the Fortune 1000

Preview of SpyCloud's 2020 Report: Breach Exposure of the Fortune 1000, which reveals the corporate credential exposure and ATO risks of major enterprises

Employees frequently reuse corporate credentials as personal logins, regardless of security guidelines that prohibit such behavior. When those third-party sites are subject to data breaches, reused employee logins provide easy entry points to corporate systems and networks. In addition to corporate credentials, data breaches expose a wealth of personal information that can enable cybercriminals to bypass security measures, take over accounts, and compromise enterprise networks.

To provide a snapshot of the breach exposure affecting major enterprises, we examined SpyCloud’s entire database to see what breach data we could tie to companies in the Fortune 1000. Across our data set, we were able to identify over 412 million breach assets tied to employees within the Fortune 1000.

Download the report to see:

  • How many Fortune 1000 employees and C-level executives have passwords available to cybercriminals
  • Top passwords of Fortune 1000 employees
  • Infographics showing credential exposure, password reuse rates, and more for all 21 Fortune 1000 sectors
  • Which sector is the worst offender (by far)

Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Download the Report

2020 Report: Breach Exposure of the Fortune 1000

A few of our happy customers:

Related Resources

Case Study

Top 10 Travel Booking Site

Preventing account takeover begins with monitoring the dark web, but without the ability to match user accounts with a database of exposed credentials, a top 10 travel booking site was vulnerable to attack.

Read More

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

SpyCloud human intelligence researchers have recovered billions of data breach assets, including stolen passwords and emails that can put enterprises at risk of account takeover

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Targeted vs. Automated Account Takeover Attacks

WHITEPAPER

Targeted vs. Automated
Account Takeover Attacks

Account takeover (ATO) occurs when criminals use stolen logins to access user accounts without permission–typically credentials that have been exposed in a third-party breach. Using victims’ accounts, criminals can make fraudulent purchases, drain accounts, steal sensitive data, or move laterally within a target organization.

The vast majority of account takeover attempts are automated credential-stuffing attacks. However, SpyCloud customers report that 80 percent of losses come from just 10 percent of ATO attempts, which are highly targeted and challenging to detect.

Read this whitepaper to learn:

  • The differences between targeted and automated account takeover attacks and why targeted attacks can cause so much damage
  • The five phases of an account takeover attack and the tactics, techniques, and procedures cybercriminals throughout the attack timeline
  • How early detection can help you prevent both targeted and automated account takeover

Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Download the Whitepaper

Targeted vs. Automated Account Takeover Attacks

A few of our happy customers:

Related Resources

Case Study

Top 10 Travel Booking Site

Preventing account takeover begins with monitoring the dark web, but without the ability to match user accounts with a database of exposed credentials, a top 10 travel booking site was vulnerable to attack.

Read More

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

SpyCloud human intelligence researchers have recovered billions of data breach assets, including stolen passwords and emails that can put enterprises at risk of account takeover

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

2020 Annual Credential Exposure Report

REPORT

2020 Annual Credential Exposure Report

Every year, the SpyCloud Credential Exposure Report examines the data cybercriminals have been sharing over the last year and what it means for enterprises and consumers. Our 2020 report shows that password reuse continues to be a serious problem, leaving enterprises and their customers vulnerable to account takeover (ATO). 

SpyCloud researchers infiltrate criminal networks to identify and recover stolen data months or years before it reaches a broader criminal audience or goes public. As a result, the 9 billion breach records analyzed for this report provide insight into breaches that have been freshly released to criminal marketplaces over the last year.

Download the report to see:

  • Trends our researchers have observed within cybercriminal communities over the last 12 months
  • Password reuse patterns, including the most common transformations people use to “refresh” a reused password
  • Most popular 100 passwords collected over the last 12 months
  • Common password hashing algorithms used by breached organizations

Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Download the Report

2020 Annual Credential Exposure Report

A few of our happy customers:

Related Resources

Case Study

Top 10 Travel Booking Site

Preventing account takeover begins with monitoring the dark web, but without the ability to match user accounts with a database of exposed credentials, a top 10 travel booking site was vulnerable to attack.

Read More

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

SpyCloud human intelligence researchers have recovered billions of data breach assets, including stolen passwords and emails that can put enterprises at risk of account takeover

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Considerations for Choosing an Account Takeover Security Solution

WHITEPAPER

Considerations for Choosing an Account Takeover Security Solution

Learn How to Evaluate Account Takeover Security Vendors

Account takeover (ATO) is a rising security problem. One that many organizations struggle to prevent. With millions of usernames and passwords being stolen every year, the enterprise is at high risk for attacks that can lead to financial and reputational damage. There are several ATO vendors offering differing solutions. How do you know which vendor to choose? This CSO whitepaper provides a guide to the best practices for evaluating how well each approach works, including a checklist of topics to discuss with each vendor being evaluated.

Download the whitepaper today to learn:

  • 11 key questions to ask ATO security solution vendors during product evaluation
  • Which solution features are most important
  • The key metrics every vendor should be able to provide

Solution: Account Takeover Prevention

Reset Stolen Passwords Before Criminals Can Use Them To Defraud Your Users Or Access Sensitive Corporate Data.

Learn More

Download the Whitepaper:

Considerations for Choosing an Account Takeover Security Solution

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.