“Catch Me If You Can”
The title of the feature film starring Leonardo DiCaprio and Tom Hanks echoes in my memory of this year’s Cloud Identity Summit in New Orleans. It’s a teasing phrase that cyber security professionals hear as we continuously try to catch or prevent the cyber thieves. One of the highlights of the conference was the life story given by the reformed culprit himself, Frank Abagnale, Jr. What an incredible speech and a dedicated family man and now cyber security veteran. Did you know he was offered full pardons by three sitting presidents but turned them all down? He said no piece of paper would erase his crimes or lessen the regret he felt about his worldwide tour of bad check writing.
Despite the popularity of the movie about his life, he downplayed the notoriety achieved from his early days as a fraudulent check writer. Instead, he talked about the loss of his father while he was sitting in a dark, stinky prison cell in France. Frank loved his father but never saw him again after he ran away from a divorce court hearing. He was asked to choose which parent he wanted to live with after the divorce. Shocked and dismayed, he simply decided to run away, and regrettably never again saw his father he so dearly loved.
Despite the nearly 40 years he worked with the FBI to help detect and prevent fraudulent check writing and other evolved identity theft threats, he maintains a humbled and thankful nature. He surprised the thousands of conference attendees with his wrap up segment of his speech with a very heartfelt moral of his story: be true to your marriage, respect your wife, be a man and do whatever it takes to maintain your integrity and keep the family together because it is the most important thing a man can do in his life.
It wasn’t what I expected. I thought he would wrap it up with some thoughts about the future of cloud identity security or a life lesson about how crime doesn’t pay unless you are lucky enough to not get caught for a long time and then cut a deal with the FBI to work for them and be gainfully employed for four decades, giving speeches at conferences and signing autographs. No, this was a man humbled and thankful for his loving wife and kids. And happy to be serving his country and making an honest living.
Besides the impressive and emotional speech by Frank, the Cloud Identity Summit 2016 was very enlightening and alarming at the same time. There were some great new technologies available to PREVENT identity fraud including Trusona’s Insured Authentication platform, the world’s first identity authentication solution that guarantees the identity of a person.
There was a great presentation by Janet Hughes, Programme Director, GOV.UK Verify, who shared her experiences, challenges and successes with the design and deployment of a government identity assurance and authentication model for its citizens to use for the first 10 online government services. Their model is one to keep an eye on as it continues to expand with over 1.5 million citizens on-board now. As a certified FIDO platform company, I was especially pleased to find out that FIDO authentication is one of the accepted forms of strong authentication the UK citizens can use to login to government web and mobile services. That’s a strong vote of support for the FIDO standard, now in its fourth year of existence and second year of a released standard.
I also noticed the resurgence of OpenID and learned about Google’s FIDO deployment to all of its employees. Google’s take-away? FIDO authentication is twice as fast and more convenient than using a keyfob with a 6-digit one-time passcode or their own Google Authenticator mobile app.
Identity Fraud Still Rising
Here’s the alarming part: despite some great advances in security technology, the rate of cyber fraud and breach occurrences is still on the rise. Vulnerabilities abound in every vertical. Ironically, the introduction of the EMV chip card into the US proves that we can dramatically reduce fraud given the right tools, technology, incentives (positive and negative) and awareness efforts. But it also proves that as soon as we plug one hole in the dike, the fraud moves somewhere else. In this case, it is moving to the online and mobile channels where EMV has no effect. Even with better payment security technology, we are experiencing a spike in account take-over fraud. The black market price of stolen login identity credentials is 5-6 times higher than stolen credit card information. Follow the easy money, find the fraud. This is where the fraudsters are moving. Catch them if you can.
We need to move beyond perimeter security and the model of “detect and respond” to strong identity authentication and a model of “prevent and deny”. Stop trying to catch fraud. Prevent fraud before it happens. This is what we do – identity authentication and fraud prevention. Make the move to a prevention model. Equip your company and customers with an identity authentication solution that is low cost, easy to deploy and very convenient. (wink, wink)