Goodbye mag stripe fraud, hello account takeover fraud
Based on the effects of previous EMV regional rollouts it is generally accepted that EMV chip card deployment in the U.S. will push credit-card fraud from POS to e-commerce and mobile systems. However, a new report suggests that account takeover can be an easier and more lucrative option for fraudsters than selling credit card data. This is not a new revelation. Experts have been telling us to expect fraud to increase in card-not-present (CNP) channels, such as web and mobile, as chip cards make their way into the hands of consumers and as more merchants accept them.
But what you may not know is that account takeover fraud has been increasing over the past 18 months. In a recent report by security firm Trend Micro, the value of stolen credit-card information available on “deep Web” sites was about 22 cents per record, while account information from Uber and Facebook averaged $3.78 and $3.02 respectively. Account information from a payment company was the most valuable as disclosed in the research report commissioned by CNBC. Trend Micro found that a PayPal account with a guaranteed balance of over $500 sold for an average of $6.43 per account.
Hence the point of this blog entry: financial companies should seriously consider offering their customers two-factor authentication by adopting the new FIDO Authentication standard. FIDO stands for Fast IDentity Online and is the result of the efforts of the FIDO Alliance (www.fidoalliance.org) to create a new strong authentication model that is fast and easy for mass consumer bases. FIDO is a universal authentication model that enables “bring your own security” so the financial institution does not have to be in the business of issuing tokens. As long as a business or financial institution supports the FIDO standard, their customers can simply register their FIDO Key with their online or mobile account and use the same key for any other FIDO-enabled site.
“Sounds great. But where do you get a FIDO Key?” Amazon already sells them. That’s the beauty of FIDO. The consumer “brings their own security”. All you have to do is FIDO-enable your website and mobile apps with our API’s and Auth Server.
The FIDO tokens are easily available and there are a variety of shapes and sizes. Some even come with a contactless chip (Near Field Communication or NFC) so you can tap your key or key card to your mobile phone to authenticate an account login or e-wallet transaction. The biometric version of FIDO eliminates the password altogether. Imagine that – no more passwords! Now that’s progress. And convenience. And stronger security. FIDO keys range in price from $6 for a simple USB key to $25 for a combo USB + NFC key to $150 for a biometric keyfob that requires your fingerprint to activate and send the secret key to your computer or mobile phone.
How do you get your site FIDO enabled? Just call us or send us an e-mail and we can get your company, website and/or mobile apps FIDO-enabled in less than a day. Once you do that your customers know that you care about their security and they can register their FIDO key with their account for greater peace of mind while helping you reduce your risk of account takeover fraud and breach liability exposure. Connect with us to get your free sandbox account to take FIDO for a test drive.