![]() ![]() This assumption allowed these products to identify a relatively high percentage of transactions as risky and perform elevated authentication for all of them. When statistical risk-based authentication models were introduced, they were based on the assumption that fraud could be prevented using simple authentication. Worst of all - and the root cause for the previous two issues - they provide inaccurate risk scores.They negatively impact the customer experience.They increase investigation time and have an operational impact.The three main issues with statistical-based risk engines are as follows: The following is a look into how these risk engines are designed and the root cause for their failure in detecting today’s cybercriminals: Why Statistical Models Are Failing Today’s fraudsters have used a wide variety of tools and techniques to build all kinds of new fraud methods specifically intended to evade these adaptive solutions. Leading vendors offer what they call adaptive authentication platforms that offer multiple deployment models, integration options, application programming interfaces and management platforms that all have one very basic weakness: The solution was designed for the 2005 fraud threat landscape. Today, there is a wide variety of risk engine flavors to choose from. Roughly 10 years ago, security vendors started working on solutions to the authentication issue and, thus, authentication risk engines were born. While different forms of authentication measures will continue to be used, we know today that advanced malware overcomes these by spoofing the victim’s behavior, proxying through the victim’s device or just downright asking the victim for his or her passwords using social-enginnering techniques. In my last article, I discussed how cybercriminals defeat multifactor authentication. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |