Security Re-think Needed After ID Fraud
Security Re-think Needed After ID Fraud
July 18th, 2006: Research and advisory Firm Gartner has pointed to a recent wave of Identity theft in NSW, saying it demonstrates the need for a focus on security policy in Australia.
Using her Company’s IT Security Summit in Sydney, Avivah Litan, Vice President at Gartner, said that banks and other consumer-facing organisations must move beyond simple passwords for online consumer authentication. She says “These are no longer sufficient for online financial applications. Organisations must evaluate a variety of methods to determine which provides adequate authentication and best suits customer and service offerings”.
Ms Litan referred to the current investigation of a NSW-based identity theft syndicate who allegedly gained customer information through corrupt officers of financial institutions. Ms Litan suggested implementing multi-channel detection systems to fight crime situations such as the NSW case. She suggested looking across industries, institutions, accounts and channels to establish and detect fraudulent behaviour patterns. “Looking only at transaction activity in one account accessed through one channel at one institution typically does not provide enough information to detect many kinds of fraudulent transactions”, says Litan.
According to Gartner, there are several data protection options for consideration. Encrypting stored data can provide the most robust data protection, but if that is unfeasible due to cost and complexity, organisations should deploy comprehensive host-based intrusion prevention systems (HIPS). Another option is strong security audits to validate the organisation’s deployment of satisfactory mitigating controls, reducing the need for data encryption or HIPS. “None of these options are mutually exclusive, but implementing all three will still be less expensive than having to respond to a large-scale data breach”, Ms Litan says.