 |
Security incidents are providing renewed impetus for the identity management technology market. The number of breaches in 2014 hit an all-time high, with 27.5 percent more than 2013 in the U.S. alone, according to the Identity Theft Resource Center (ITRC). Since 2005, more than 5,000 breaches have been reported with 675 million records exposed. In particular, a number of extremely large breaches were seen, which led 2014 to be known by some as the year of the mega-breach. However, the ITRC does caution that many breaches go unreported, so the real figures are likely to be much higher. As the number of breaches continues to rise, an increasing number of consumers are seeing their identities exposed, and fraud is rising rapidly. According to LexisNexis, retailers paid more per dollar of fraud in 2014 at $3.08, compared to $2.79 in 2013. Much of this increase is being driven by the growth in the adoption of self-service and mobile transactions, with the latter associated with higher levels of fraud than other channels such as email and phone. Synthetic identity theft—when identities are created based on limited amounts of stolen data—is another growing trend, with social security numbers combined with the associated name and birth date being the most common information stolen. Synthetic identity theft generally has more impact on organizations lending to consumers, rather than the consumers themselves. According to American Banker, the massive data breaches seen in 2014 have fueled the use of synthetic identity fraud. Hackers have used data obtained in the attacks and cross-referenced it with social security numbers. The article also states that synthetic identity theft accounts for almost 85 percent of the 16 million identities stolen in the U.S. each year, according to the Federal Trade Commission. These trends are leading to high levels of growth for identity management technologies. According to a new report from MarketsandMarkets, technologies will be worth $18.3 billion by 2019, which translates to compound annual growth of 14.9 percent from 2014 to 2019. In order to reduce incidences of fraud in particular, organizations should look for identity management technologies that include adaptive authentication capabilities. Such technologies take into account a variety of factors, such as the type of device and user location, to score the risk of each event. When integrated with websites, applications, and authentication suites used by organizations, identity management technologies can build profiles of users. Further, they look at historical behavior to determine if the person trying to authenticate is the same person from previous transactions. They can be used to separate regular users from behavior associated with hackers. Where behavior is deemed to be risky, users can be asked to use a form of step-up authentication, such as a security token or challenge question. Any intelligence-driven identity management suite chosen should provide a range of authentication methods to choose from. As security threats continue to escalate, the need for intelligence-based technologies will continue to rise. Organizations that do not embrace such technologies will still be plagued by high, and rising, levels of fraud that cut into their revenue. This may even lead to brand damage and customer churn. [cf]skyword_tracking_tag[/cf] The post Renewed Impetus for Identity Management appeared first on Speaking of Security - The RSA Blog and Podcast. |
