Global security group Securitas has revealed that its chief executive was declared bankrupt this week after his identity was hacked. In a statement to investors, the company said that a fraudster had made a fake loan application in the name of Alf Göransson, its 59-year-old president and chief executive. To add to the embarrassment, Securitas said the unfortunate Mr Göransson had then found himself being declared bankrupt following a false court application. IT security experts commented below.
Lisa Baergen, Director at NuData Security:
“Cybercriminals are building fictitious identities to open fraudulent accounts with an eye towards fleecing banks, mortgage lending institutions, and insurance companies. Stealing genuine account credentials or faking them or creating synthetic identities from breached data, has been used to take out loans, overdrafts or mortgages, open bank accounts and even apply for valid documents such as a passport or driver’s license. There have even been many recorded instances of identity fraud taking place with credentials belonging to deceased individuals or even babies.
Organisations are evolving to look towards more effective means of protecting accounts. Passive biometric and behavioural analytics enable these organisations to identify, verify and authenticate legitimate customers online through their behaviour and multiple other signals without impacting the customer experience or demand for convenience.
A new approach to authentication has to be employed, whereby identity isn’t tested online solely using a single factor such as a password, 2FA, physical biometric or any other single data point. Instead, the verification should use multiple factors that are combined and analysed to give a complete risk assessment of the user – even if the hacker presents legitimate credentials. The test should also focus on dynamically generated information that isn’t stored and therefore isn’t subject to theft, mimicry or spoofing. There are tools, such as passive biometrics, on the market now that base identity verification tests on dynamic data, not solely single-factor data such as a password or 2FA. These multi-factor methods are the only way to move beyond much of this identity fraud in the future.”
Andrew Clarke, an EMEA Director at One Identity:
“As citizens, we are encouraged to engage with the state in a digital manner – and so the steps needed to authenticate and authorise the interaction must use the latest state of the art technology in Identity and Access Management (IAM) to increase public confidence.
“In the case of Goransson in Sweden; the identity theft was unnoticed for months until it was too late. His reputation and livelihood were immediately impacted with damage to his personal and public profile. It is always very hard to recover from this event once its occurred – so the best advice is to be proactive. Look for companies that show that they are taking the necessary protection for your digital identities. And ensure that when you share personal data on social media you set up your profile with sufficient privacy settings to minimise the potential of an unwanted intrusion into your life.”