Coalition of State Attorney Generals Urge FTC to Update Identity Theft Rules
A coalition of 31 state attorneys general responded to an FTC request for public comment on its Identity Theft Rules review with an appeal to update them to allow banks and creditors to keep up with new tech designed to block identity theft attempts.
The attorneys general say that “Identity theft is widespread and causes serious harm to individuals, businesses and the economy, and that the task of detecting and stopping the harm resulting from identity theft requires both the private and the public sectors to do their part. For example, one report found that, in 2017 alone, 16.7 million U.S. consumers were victims of identity fraud and fraudsters stole $16.8 billion from U.S. consumers.”
According to Robert Capps, VP and Authentication Strategist for NuData Security, a Mastercard company, “With identity theft affecting 16.7 million consumers with losses of $16.8 billion according to Javelin Research, this plague of theft has to be fought from all sides to start to cut down on those numbers. Legislation as well as new procedures and technologies are required to battle identity theft. Some best practices should include multi-factor verification, a more secure method than knowledge-based authentication questions given that answers may be available elsewhere online or already compromised from a previous data breach.
“Examples of “red flags” for unauthorized account use should include access by new and previously unknown devices, several unsuccessful attempts to input a correct password, and devices using international IP addresses to access multiple accounts.
“Many banks are adopting new technologies that identify customers by their online behavior instead of credentials to positively identify the person behind the device. Even if cybercriminals steal the credentials, they can’t imitate inherent human behaviors like how hard a person types, how they hold their devices, how fast they read and swipe and a hundred other identifiers. If authentication frameworks are combined with behavioral biometrics, banks will be in a stronger position to make judgments around their user’s legitimacy.”