You have a responsibility to help protect your clients
Having rigorous authentication processes helps detect identity abuse. But multi-factor authentication shouldn’t rely on SMS-based authentication – it gives a false sense of security and can aid criminals through illegal phone porting.
Give your customers the option to set a security PIN required for account changes, especially phone transactions.
SIM Cards should be locked and unavailable to port if the appropriate security approvals aren’t met.
We need to increase awareness of identity misuse and consider tighter legislation.
As long as the cost of committing identity fraud is significantly lower than the financial gains, criminals won’t be deterred.
Maintain a vigilant approach to possible threats to your systems.
Identify operating weaknesses, particularly in software.
This extends beyond an organisation's information system ecology to the devices used by customers.
Research shows that an organisation’s disclosure about the implementation of their identity theft counter-measures and management systems is viewed positively.
TIPS FOR BANKS,
and REAL ESTATE
Use hardware dongles that generate one-time passwords (OTPs). They’re considered more secure than codes sent by SMS.
Track attempts at high-value transactions.
Use metrics such as device fingerprint technology and geolocation to reject transactions and suspend accounts.
Respond quickly to account-freezing requests. Enforce a rigorous authentication process such as several pieces of ID, and an ‘only-person’ account unblock.
CAUGHT IN THE ACT
Telco suspected fraud but allowed a customer's phone number to be ported anyway - then he was hacked