A proactive and dynamic response to digital identity security is now critical . Latest figures from fraud prevention organisation Cifas show there has been a sharp rise in identity fraudsters applying for loans, online retail, telecoms and insurance products. Simon Dukes, chief executive of Cifas, says: We have seen identity fraud attempts increase year-on-year, now reaching epidemic levels, with identities being stolen at a rate of almost 500 a day. Proving your identity has always been essential, but none more so than across the digital landscape . It s not surprising that artificial intelligence (AI) and machine-learning are being rapidly developed as an aid to identity authentication.
The risk of chargebacks, botnet attacks or identity theft is leading enterprises to deploy intelligent systems that are not simply looking at publicly available data to identify a person . Earlier this year, for instance, Sift Science announced its Account Takeover Prevention that can detect and block illegitimate login attempts. We have seen identity fraud attempts increase year-on-year, now reaching epidemic levels
The Cyber Security Breaches Survey 2017 revealed that just under half (46 per cent) of all UK businesses identified at least one cybersecurity breach or attack in the last 12 months . This rises to two thirds among medium-sized firms (66 per cent) and large firms (68 per cent) . Protecting the personal data of their customers is now a commercial imperative.
Using traditional data, such as name, address, email, date of birth, IP address and biometrics such as voice, fingerprint and iris scan, are being joined by behavioural characteristics that are unique to the individual . This is necessary as much of the traditional personal data is available via public record or can be purchased on the dark web . However, behaviour isn t a tangible piece of data that can be purchased, which makes this form of security highly attractive for enterprises and organisations.
The issue has been analysing the masses of data a consumer s digital footprint could contain . This is the province of AI and machine-learning that can see patterns in the data collected and accurately assign this to an individual as their digital ID . Just checking information on credit agencies, for instance, is no longer robust enough in the face of cybercriminals who can create synthetic personas.
To combat spoofing attacks, AI and machine-learning are being used widely in a variety of security applications . One of the most recent comes from
Onfido that has developed its Facial Check with Video that prompts users to film themselves performing randomised movements . Using machine-learning, the short video is then checked for similarity against the image of a face extracted from the user s identity document.
For all enterprises and organisations, the authorisation of payments is vital . Johan Gerber, executive vice president of security and decision products at Mastercard, explains their approach: Artificial intelligence and machine-learning are crucial security capabilities to interpret the complexity and scale of data available in today s digitally connected world. How you behave online will become a critical component of your identity . However, AI and machine-learning systems will need to be sophisticated enough to understand when someone changes their behaviour, without it being malicious . For instance, when you are on holiday, your digital footprint changes .
AIs would need access to your travel arrangements to ensure your credit card isn t declined because of anomalous behaviour . These systems are coming from a new breed of security startups, including Checkr, Onfido and Trooly, that understand cyberthreat. It is also becoming clear that those businesses that use more sophisticated security and identity verification systems lessen their instances of cyberattack . The Fraud and Risk Report 2017 from Callcredit illustrates this as only 5 per cent of businesses that have been victims of fraud this year have used any sort of behavioural data for fraud insights . Essentially, businesses that aren t getting hit by fraudsters are using more sophisticated techniques.
Last year 63 per cent of cyberattacks involved stolen credentials, according to Verizon s Data Breach Investigations Report . By monitoring to ensure that all systems and data are behaving normally instead, enterprises can allow people to get on with their work and only intervene when someone is trying to access areas they shouldn t, says Piers Wilson, head of product management at Huntsman Security.
The current level of development with AI and machine-learning has already delivered new security systems that are in use today . Mastercard s Decision Intelligence is a good example . However, AI and machine-learning are far from autonomous and still require high levels of supervision . They can clearly search vast quantities of data to respond to a specific question or task, such as authenticating the identity of a shopper . AIs can identify a change in behaviour and highlight an anomaly, but is this behaviour a threat? Greg Day, vice president and chief security officer at Palo Alto Networks, concludes: There is a bigger impact that machine-learning will have on the cybersecurity industry and that has to do with the collection and aggregation of threat intelligence .
When cybercriminals ply their trade, they leave behind digital breadcrumbs known as indicators of compromise .
When collected and studied by machines, these can provide tremendous insight into the tools, resources and motivations that these modern criminals have . As such, access to rich threat intelligence data and the ability to learn from that data will ultimately empower organisations to stay one step ahead of cybercrime. As we all tend to fall into habits, including how we access digital services, our purchasing decisions, what devices we typically use, for how long and from which locations, these behaviours can all be used by AIs to build a profile of an individual.
If this behaviour is deviated from, the AI can easily spot this change of pattern within the data that defines who we all are .
This contextual intelligence is the basis for rapidly developing security systems that could not function without advanced AI and machine-learning.
NEW YORK (AP) – A security expert says a website created by credit monitoring company Equifax to help its customers find out if their personal information was stolen after a massive data breach raises its own security questions. Georgia Weidman, the founder and chief technology officer for security firm Shevirah, says the website Equifax created looks like the kind of website set up by attackers to trick people into disclosing information. Weidman says it’s teaching people “entirely the wrong things about using the internet securely.”
Weidman says she’s troubled by Equifax’s approach to security generally, including reports that it didn’t respond to basic scripting bugs it was warned about last year. The website is, https://www.equifaxsecurity2017.com/1 . Equifax says consumers can also call 866-447-7559 for more information about the breach.
SYDNEY (Reuters) – Stricter screening of passengers and luggage at Australian airports will stay in place indefinitely after police foiled an alleged “Islamic-inspired” plot to bring down a plane, which local media said may have involved a bomb or poisonous gas.
The ramped up security procedures were put in place after four men were arrested at the weekend in raids conducted across several Sydney suburbs.
The men are being held without charge under special terror-related powers.
The Australian Federal Police would not confirm media reports the alleged plot may have involved a bomb disguised in a meat grinder or the planned release of poisonous gas inside a plane.
Australian Federal Police (AFP) Commissioner Andrew Colvin told reporters on Monday that the plot specifics were still being investigated.
“What you are seeing at the moment is making sure that there is extra vigilance, to make sure that we aren’t cutting any corners in our security, to make sure that we are absolutely focussed on our security,” Colvin said.
Police on Monday were still searching several Sydney properties for evidence . Pictures showed forensic-specialist officers wearing masks and plastic jumpsuits inside the properties and combing through rubbish bins outside.
Immigration and Border Protection Minister Peter Dutton told reporters in Melbourne on Monday that the alleged plot to down an aircraft could prompt longer-term airport security changes.
“The security measures at the airports will be in place for as long as we believe they need to be, so it may go on for some time yet,” said Dutton.
Australian police search items seized from a property during a raid in the Sydney suburb of Lakemba, Australia, July 31, 2017 . AAP/Paul Miller/via REUTERS
“It may be that we need to look at the security settings at our airports, in particular our domestic airports, for an ongoing enduring period,” he said.
Dutton advised passengers to arrive at airports three hours before international flights and two hours for domestic flights in order to clear the heightened security.
Inter-state travellers are subjected to far less scrutiny than those travelling abroad with no formal identification checks required for domestic trips.
Passengers at major Australian airports, including Sydney, experienced longer-than-usual queues during the busy Monday morning travel period .
A Reuters witness said the queues had disappeared at Sydney Airport by lunch-time.
A source at a major Australian carrier said airlines and airports had been instructed by the government to ramp up baggage checks as a result of the threat, with some luggage searches now being conducted as passengers queued to check in their bags.
Counter-terrorism police have conducted several recent raids, heightening tensions in a country that has had very few domestic attacks.
On Monday, three males pleaded guilty in the New South Wales state Supreme Court to “conspiracy to commit acts in preparation for a terrorist act or acts” in 2014, a court spokeswoman said, while another two pleaded guilty to lesser charges.
Police previously said the men planned an attack on targets which included the AFP headquarters in Sydney, along with civilian targets . The offences are not related to the alleged plane bomb plot.
The 2014 Lindt cafe siege in Sydney, in which the hostage-taker and two people were killed, was Australia’s most deadly violence inspired by Islamic State militants.
Reporting by Tom Westbrook in SYDNEY . Additional reporting by Byron Kaye and Jason Reed in SYDNEY and Jamie Freed in SINGAPORE .
Writing by Jonathan Barrett; Editing by Michael Perry