Article

How the Equifax Breach Exposed Key Flaws in ID Authentication

News of the 2017 Equifax breach sent a shudder through hundreds of millions of Americans suddenly left vulnerable to hackers. Cited by the Wall Street Journal as the largest social security breach in history, it resulted in the hacking of names, birthdates, addresses, confidential data, and social security numbers of approximately 143 million U.S. consumers. The Wall Street Journal further reported that upwards of 200,000 credit card numbers and 180,000 sensitive consumer documents were accessed in the breach.

While the breach resulted in catastrophic levels of financial fraud for consumers, it also raised important questions about why this happened and how we can prevent another mass breach from happening again.

The Equifax Breach: 3 KEY TAKEAWAYS

1. The List Goes On…

Just read the news, and you’ll likely hear about yet another data breach. From Verizon’s breach affecting 14 million customers, to the RNC contractor’s breach exposing voting data of 200 million Americans. Data breaches are almost becoming commonplace and growing across all industries in the digital marketplace. In fact, according to a report from Identity Theft Resource Center and CyberScout, the number of data breaches in the first half of 2017 skyrocketed 29 percent.

2. Rethinking Identity Authentication

The size and depth of the Equifax breach was startling. The depth of data that was accessed by criminal hackers, including social security numbers, credit card numbers, and sensitive documents allows countless opportunities for bad behavior. With just one of those pieces of information, a consumer’s entire identity is left vulnerable to savvy criminals and fraud rings.

It has many organizations taking a closer look at how we use social security numbers and the holes it leaves open during the identification authorization and verification process.

“This appears to be the single largest breach of Social Security Numbers in history… it also has a profound implication for how we use SSNs throughout the country, as it is possible that as a result of this breach, the majority of adults’ SSNs are now compromised,” noted Shuman Ghosemajumder, Chief Technology Officer of Shape Security.

The fact is, a social security number was not intended to be an identifier in this nature––it was originally created for the sole purpose of tracking an individual’s earnings for social security benefits. However, overtime it evolved to become a key identifier for Americans and a major way in which businesses and organizations fight fraud. Yet, the social security number is not actually tied to any modern key identifiers, like an email or mobile phone number that today follows consumers wherever we go. It has many saying: the social security number is stuck in the past.

3. A Layered Approach  

To industry experts, there’s no question. “We are now at a point where our hands are tied: We can no longer conscientiously use [the social security number] as an authentication and be taken seriously by consumers.” said Seth Ruden, Senior Fraud Consultant at ACI Worldwide, quoted by MarketWatch.

As security continues to become front and center to successful transacting in the digital marketplace, it’s clear that leaders in all industries must adapt and bolster their identity authentication and verification processes. In fact, a report by Gartner recommended that businesses operating in the modern digital landscape adopt a layered, cross-channel approach.

The report advises that “while many organizations are applying fraud detection methods to individual channels (e.g., website, call center) as though they are isolated silos, fraudsters are seamlessly moving between channels to exploit gaps. Organizations need to find a balance between tightening fraud prevention practices without adding unnecessary friction into the customer experience journey of legitimate customers.”

At the end of the day, there is not one magic solution to preventing data breaches. But the Equifax breach is a startling reminder that the status quo is not enough. We must now rise to the cybersecurity challenge and be more vigilant in maximizing data verification processes to protect our businesses but more importantly our customers.

Learn more about identity verification for online lenders here.

Thanks for reading! You might be interested in these posts, too: