Symposium speakers highlight hackers’ ability to easily create synthetic identities
The vast amount of personally identifiable information available on the Internet is making it straightforward for cyber criminals to create millions of synthetic identities and perpetuate fraud, according to a report by the Secure Technology Alliance about the Securing Digital Identity Symposium 2018 it held in Crystal City, Virginia. Criminals can easily create synthetic identities that can pass KYC (know your customer) and even have valid FICO credit scores, according to keynote speaker Richard Parry of Parry Advisory. The whole onboarding process needs to be fixed, he added.
“The identity fraud problem is reaching its tipping point,” said Randy Vanderhoof, executive director of the Secure Technology Alliance. “The tools are out there to combat fraud, but nothing will gain broad adoption if it adds too much user friction to the process.”
Speakers at the symposium debated which authentication methods and factors could deliver security without adding user friction. There was a consensus that authentication factors that are tightly bound to users and their devices, such as hardware tokens, physical biometrics and behavioural biometrics, are likely to be more secure than knowledge-based authentication, where factors are based on a user’s biographical data, as this data is now easily accessible to hackers. Several presenters called for the industry to coalesce around a standard authentication approach, citing examples, such as NIST’s levels of assurance (LOA) framework and FIDO standards.
For more details, see the press release from the Secure Technology Alliance.