Deepfakes are coming for the identity fraud crown

To no one’s surprise, cybercrime ballooned last year. Ransomware alone saw an 11x increase from July 2020 to June 2021. Adding to the excitement — for fraudsters, at least — is the burgeoning threat of deepfakes: synthetic media that uses AI to mimic a person’s face, voice, or movement with stunning accuracy.

With more companies incorporating biometrics, fingerprinting, and video/voice verification into their authentication processes, a growing interest in deepfake technology across the dark web doesn’t bode well for preventing identity fraud. Educating employees of deepfake warning signs helps, but ultimately companies will need to stave off the threat with AI technology of their own (and then some).

Truly, madly, deeply fake

Most of the general public still considers deepfakes a novelty item. People have used the technology to alter political videos and insert Nicholas Cage’s face into Indiana Jones and James Bond movies. Last year, Roadrunner, a documentary about the late chef Anthony Bourdain, stirred up controversy for using synthetic audio snippets of Bourdain’s voice.

But more nefarious examples of deepfakes illustrate the threat of identity fraud and companies potentially losing millions of dollars. In 2019, a man impersonated the French Defense Minister over Skype and scammed his way to $93 million. The same year, an AI-generated voice cheated a Hong Kong bank manager out of $35 million.

Manipulating audio is a layup for fraudsters — they can turn a short speech from a corporate executive or government official into a cloned voice sample using one of many readily available machine learning apps. Voice deepfakes are harder to spot than video due to the lack of visual evidence. Voice deepfakes delivered over the phone are even more difficult because of the reduced audio quality.

Image- and video-based deepfakes employ tactics reminiscent of Face/Off, fraudsters wearing silicone masks to fool facial biometrics (“face spoofing”), or using social pictures to bypass face verification. Fraudsters often circumvent authentication protocols using pre-recorded deepfake videos, or, again, by wearing hyper-realistic silicone masks. Liveness tools can help detect videos with silicone masks, but only tools that account for facial actions and traits: blood circulation, skin texture, blinking, etc.

Adopting AI-based software that detects deepfakes isn’t enough; fraudsters have AI tools of their own. Synthetic identity fraud is rising fast, as is the sophistication of the technology available on the dark web. Is it possible for businesses to beef up their biometrics authentication and stay a step ahead of bad actors?

Biometrics’ best friend: real-time insights

In the ’80s, no one defended the universe like Voltron. But the Voltron robot without its head? Not as formidable.

Not to say biometrics verification tools — specifically those designed to stop deepfakes — lack intelligence, but without another layer of AI-powered smarts, more identity thieves will slip through the cracks. This will open the door to synthetic identity fraud, account creation fraud, account takeover, and churn.

Why not buttress biometrics and other authentication techniques with an additional layer of real-time insights to thwart identity fraudsters? For example, a facial recognition solution coupled with trust signals such as time of day, IP address, or device ID could boost the certainty that a voice, image, or video is the real McCoy — and be the difference between stopping a deepfake and falling victim to a multimillion-dollar heist. Static, or historic, data can’t compete with real-time data. Relying upon names, dates of birth, addresses, and maiden names as another factor of authentication is futile because much of this information is available on the dark web.

At Deduce, we’ve built a product that pairs nicely with existing AI solutions like aged cheddar to a cabernet sauvignon, harnessing real-time, dynamic data to bolster account verification and help prevent identity fraud. Our real-time insights assist in preempting attacks by adapting to the latest fraudster schemes and behaviors — precisely the malleability needed to strengthen image, video, and voice authentication against deepfakes.

Our not-so-secret sauce? A real-time Identity Network that boasts more than 450 million anonymized US profiles (multiple devices and accounts per user) and 1.4 billion daily activities (logins, checkouts, registrations, etc.) captured from in-page collection methods on 150,000 websites and apps.

Want to see how Deduce’s real-time insights can fortify the castle walls of your identity authentication? Contact us today.

Only a real-time solution can stop shapeshifting fraudsters

Ah, Christmas. The most fraudulent time of the year.

Unlike bad actors, the uptick in online shopping and transactions (and fraud) — compounded by supply chain shortages — doesn’t imbue cybersecurity teams with much holiday cheer. But one simple, yet monumental change can make all the difference: joining the real-time data revolution.

Data is ubiquitous. Fraudsters are smarter and faster than ever. Real-time data analysis is the only plausible way for businesses to protect their finances and reputations. Out with static, or historic, data (email, phone number, SSN); in with dynamic, up-to-the-minute data (user activity, IP address, device). This is the way.

Companies employing a static, traditional fraud prevention approach are prime targets for account takeover (ATO) and new account creation fraud, among other cyber attacks expected to cost $10 trillion globally by 2025. Not switching to a real-time solution will inevitably lead to a breach sooner than later — and it only gets worse from there.

There’s no time like real time

The irrelevance of historic data in preventing fraud is easy to explain: much of that information is already available on the dark web.

In the seediest corners of the internet, large-scale cybercrime syndicates operate like a fraudulent bodega, peddling users’ personal info for discounted prices. Static data such as names, dates of birth, addresses, mother’s maiden names, and the like is low-hanging fruit for the modern fraudster: plug and play, ammunition for credential stuffing or creating a synthetic identity. Some of these groups are sophisticated enough to enlist AI and machine learning experts to orchestrate breaches, and cunning enough to cook up new schemes, like loyalty point fraud.

Hackers are also benefiting from gargantuan data sets. The data is coming in droves, from all directions, and companies unable to analyze, much less access, dynamic data won’t detect fraudulent activity until it’s too late. Time is of the essence, especially with fraudsters closing the gap between account creation and fraudulent purchases. Delayed fraud detection means delayed remediation, and more dollars down the drain. But dollar signs aren’t the only consideration for pivoting to a real-time fraud prevention platform.

Leave historic data in the past

If a company doesn’t leverage real-time identity data, and is consequently infiltrated by bad actors, most higher-ups will naturally obsess over the immediate financial consequences. However, dealing with chargebacks is peanuts compared to what awaits further downstream.

Think about customer churn, and the army of angry ex-customers who will air their grievances across social media. The combined lifetime value of those lost customers plus the negative hit to brand reputation is not an endearing combination — and even the most seasoned crisis comms team may not fully right the ship.

Then, of course, are the fine-happy regulators who won’t be too thrilled to see another Equifax or Robinhood fiasco. Neither will investors, who are increasingly prioritizing businesses with air-tight threat intelligence. If a company, and its customers, are at risk, so is its valuation.

Adopting a solution that can harness real-time, dynamic data is the key to effectively preventing ATO and new account creation fraud. It provides the necessary adaptability to keep up with shapeshifting fraudsters and stop attacks before they happen — the only acceptable speed in today’s world.

Deduce’s real-time Identity Network, comprising more than 450 million anonymized user profiles collected from 150,000 websites and apps, preemptively alerts companies of fraud well in advance. Want to see how Deduce’s real-time solution can shore up your fraud protection? Contact us today.

ATO hits companies hard. It only gets worse downstream.

It’s been an eventful year for embattled trading platform Robinhood. Following its infamous biff with “meme stock” investors in January, leading to lawsuits and congressional hearings (and an upcoming Netflix movie), the company went public in July but failed to inspire much excitement around the IPO.

Before Robinhood could lick its wounds and hope for a better 2022, they suffered another setback in early November: a data breach that impacted more than 7 million customers. The breach snatched names, emails, dates of birth, and — to the delight of robocallers — thousands of phone numbers.

You might think, “No credit card or social security numbers leaked? What’s the big deal?” but bad actors don’t need much to harm consumers.

Here is how stolen account information, even seemingly innocuous details like names and dates of birth, can lead to account takeover fraud (ATO) and cause further damage downstream.

A dark reality

Stolen account information is trafficked in the nefarious underworld known as The Dark Web. In what’s essentially a farmer’s market for fraudsters, tens of thousands of account credentials are up for grabs at any given time, some going for as much as $15,000.

Personal information acquired from data breaches is another valuable commodity among Dark Web shoppers. These days, name, date of birth — a zip code in some cases — can be used to verify a customer’s identity. Hackers also leverage data mined from The Dark Web to plan and execute phishing attacks or aid other ATO schemes, such as credential stuffing.

The biggest danger of ATO, however — particularly at the scale of the Robinhood breach — is its ability to metastasize, potentially costing millions in chargebacks, not to mention time spent on remediation and navigating a PR firestorm.

A storm with no calm

The worst part of an ATO breach is the aftermath. Per Javelin Research, customers pay an average of $290 for every successful ATO attack and spend 15–16 hours disentangling the wreckage. Not a fun time for customers — or customer support teams.

Many of the users affected by ATO are likely to flee and seek out other platforms. 85 percent of respondents from a recent CMO Council report indicated they dislike companies with identity verification issues; ostensibly, a breach resulting in ATO fraud bumps this number into the 90th percentile. And what will they do after jumping ship? Air their grievances, which — in aggregate — deals a hefty blow to a company’s brand image. It’s the polar opposite of a Trusted User Experience that encourages loyalty, and, depending on the degree of damage, can be difficult to come back from.

To protect against ATO and its residual impacts, companies need to adopt the data-driven, pre- and post-authentication security approach of a Deduce. Our real-time Identity Network comprises more than 450 million anonymized user profiles collected from 150,000 websites and apps, offering preemptive protection that tips off companies long before ATO can manifest.

Want to give Deduce a go? Try a free trial here.

Cloud breaches aren’t going away any time soon.

For today’s enterprise organizations, operating within the cloud is table stakes. It’s faster, more scalable and cost-effective than your grandma’s service oriented architecture (SOA).

However, companies new to the cloud, or those that’ve been there for a while, may not realize the floodgate of security risks that comes with the cloud’s increased flexibility. Like a tourist unknowingly venturing into a city’s most dangerous neighborhood, they don’t see the cybercriminals around the corner waiting to pounce on valuable company assets.

A new Report from IBM details how hackers are feasting on vulnerable cloud environments, and offers a troubling look at how these stolen resources are trafficked on the dark web. (Picture a farmer’s market, but replace the locally grown carrots and beets with login credentials and other sensitive information.) Here are some eye-opening insights gleaned from the data in the report, gathered from Q2 2020 to Q2 2021.

Unforced errors

More than two-thirds of cloud breaches were simply a case of companies leaving the door open. Specifically, attackers took advantage of misconfigured APIs and default security settings that rendered virtual machines and other cloud tools defenseless. Passwords proved troublesome as well: 100 percent of cloud environments studied had violated password and security policies.

Thank you for shopping at Dark Web Depot

According to IBM’s report, upwards of 30,000 account credentials were up for grabs on the dark web. Some were going for a few dollars, others for as much as $15,000. Many of the sellers operated like your average big-box retailer, offering 1–2 week refunds if buyers couldn’t access the cloud environment with the credentials they purchased.

Keeping up with the times

Cryptominers and ransomware were the most common types of malware used to attack cloud environments, comprising more than half of the breaches in the report. Penetration testing revealed that threat actors updated old malware to key in on Docker containers and developed new malware written in cross-platform programming languages.

It also doesn’t appear that cloud breaches are slowing down any time soon: publicly disclosed attacks of cloud applications have increased by more than 150 percent over the last five years.

Clearly, the latest wave of malware is all-in on cloud vulnerability. Is your company all-in on cloud security?

Deduce safeguards your customers from account takeover fraud. Activate your free trial here, and see how Deduce can bring cloud conspirators back down to earth.

Deduce Insights lets businesses join forces to defeat cybercriminals

For businesses, cybersecurity is a big problem. Data breaches, identity fraud, account takeovers, and other kinds of cyberattacks cost companies billions of dollars a year — and with fraudsters and hackers targeting organizations of all sizes, nobody can afford to get complacent.

That’s why I’m proud to announce the launch of Deduce Insights — a first-of-its-kind cybersecurity radar that provides early warning of fraudulent behavior before it becomes a full-blown data breach. What makes Deduce Insights distinctive is the data that underpins it; the tool delivers early and accurate fraud detection by using over a billion authenticated user interactions per day.

Let me explain why that’s such a big deal. Here at Deduce, we believe the biggest threat to organizations’ digital security isn’t unpatched software, careless users, sophisticated malware, or even the rise of well-funded international cybercrime rings. All these things are dangerous, of course, but they can be anticipated and planned for.

⚠️ No, the biggest threat to today’s businesses is data poverty.

To defeat cybercriminals, we need to analyze user data in order to tease out the behavioral analytics that betray ‘bots and bad actors, allowing us to detect malicious activity in time to prevent fraud.

That’s fine in theory. But unless you’re a global giant with millions of users like Microsoft, Amazon, Google, or Facebook, you simply don’t have the volume of up-to-the-minute data needed to power an effective security strategy.

The truth is that no matter how much organizations spend on fancy cybersecurity software, those tools are only as good as the data they use. All too often, businesses wind up stuck in neutral, with expensive cybersecurity systems that simply aren’t smart enough to keep them safe.

It’s time to level the playing field

Deduce Insights is designed to change that. Using a global network of shared identity data gleaned from over 150,000 websites and more than 450 million user profiles, we’re giving organizations of all kinds access to global security intelligence at a scale previously reserved for tech giants.

Drawing on the proven technologies behind our Customer Alerts solution, we’re making it possible for businesses to stay ahead of cybercriminals. Armed with rich, large-scale datasets, Deduce Insights enables organizations to instantly establish that a person really is who they claim, and to rapidly detect threats including:

• Identity Fraud, by using identity intelligence to augment existing security solutions and prevent fraudsters from using compromised identities to open new accounts
• Account Takeovers, by detecting irregular or anomalous user account activity to bolster defenses and stop account hijackers in their tracks
• Account Anomalies, by spotting interactions or transactions that deviate from expected user behavior to block threats and prevent financial losses

What makes Deduce Insights so powerful? It’s more than just the volume of security data we’re making available — it’s also the richness of the identity intelligence embedded in that data. We don’t merely try to spot ‘bots masquerading as humans. We validate legitimate users and flag bad actors of all kinds using powerful identity telemetry including:

• Activity Data, to determine whether specific interactions and behavior are typical for a particular user
• Device Metrics, to identify suspicious changes in the hardware and software being used to access an account
• Network Intelligence, to detect anomalous network types such as proxy servers, TOR browsers, or data centers
• Geolocation, to monitor a user’s point of origination for signs that they’re accessing your network from an unexpected country, state, city, or time zones
• Threat Signals, to quantify the precise degree of risk in any given user behavior and enable decisive but proportional security responses

Effectively, Deduce Insights gives your organization an always-on, 360-degree cybersecurity radar, constantly on the lookout for problematic behavior by new or existing users at any stage in the customer journey.

When problematic user behavior triggers a blip on your security radar, Deduce Insights gives you the specifics you need to respond effectively without needlessly disrupting legitimate user activity.

Some activity might automatically trigger an account freeze to prevent bogus transactions; other behavior might trigger a customer alert or a security challenge. Whatever the threat, you’ll have the intelligence you need in order to flag questionable activity, seamlessly re-authenticate users, and effectively prevent fraud.

Join our mission

The bottom line is that Deduce Insights makes your cybersecurity operations smarter. That’s something we urgently need, because cybercriminals are getting smarter too. While businesses struggle along using internal data to power security systems, fraudsters are actively collaborating and sharing information, compromised logins, exploits, and new technologies on the dark web.

As things stand, cybersecurity isn’t a fair fight. Isolated businesses with limited data simply don’t have the means to fend off sophisticated attacks from globally interconnected criminal networks. We need to change the rules of engagement — but that’s something no individual business can do on their own.

That’s where Deduce comes in. Our data network gives businesses the tools to safely share anonymized security intelligence without giving away sensitive or commercially valuable data — and every company that joins our cause makes the entire network stronger. Together, we’re leveling the playing field, and beating fraudsters by democratizing access to security intelligence.

The launch of Deduce Insights marks the next step in that journey. So don’t let data poverty sink your cybersecurity strategy. Get in touch today, and join our mission to make best-of-breed fraud prevention available to everyone.

Read the VentureBeat coverage.

Read the press release via WebWire.

Originally published at https://www.linkedin.com via CEO Ari Jacoby

Competing security companies can unite to fight fraudsters and still remain competitive

More data = more accuracy. This is generally a well-understood truth in any data-applicable field, from economics to medicine to machine learning. Fortunately, we live in an era awash in data; the abundance of data underpins the success of businesses across various industries — except in cybersecurity, where there is actually a dearth of actionable data.

Data poverty in cybersecurity is a profound problem for businesses and consumers. It means cybersecurity systems lack access to the grade-A data needed to effectively prevent the next enormous data breach. It means security systems lack the data insights to effectively identify insidious hacker patterns.

What’s the solution to the data poverty in cybersecurity? Data coopetition.

Data Coopetition: a Proven Model in Many Industries

Data coopetition is data sharing between businesses, even rival ones, to achieve a common goal. It’s an existing practice in several industries, for example:

• Casinos exchange intelligence on card counters.
• Rival software companies exchange data to make more money and improve the customer experience.
• Adtech businesses collaborate to deliver more effective brand campaigns.
• Healthcare providers exchange patient data, enabling doctors to accurately diagnose diseases and save lives.
• The FS-ISAC (Financial Services — Information Sharing and Analysis Center) is a consortium of 15,000 businesses in the financial sector collaborating to safeguard their respective institutions and customers from cybercrime.

Yet data coopetition is woefully absent in cybersecurity, the very mitigators of cybercrime. Why? The simple answer is competitive advantage: cybersecurity companies are reluctant to share data for fear of giving their competitors an advantage. However, as exemplified by other industries, data sharing isn’t a zero-sum game; actionable data can be exchanged in a secure and privacy-compliant way with the right solution.

Data Democratization on a Privacy-Compliant Basis

No cybersecurity vendor is data-rich. Sharing timely and functional behavioral data on cyberthreats benefits all vendors working to neutralize bad actors. For example, companies can exchange data on attack reports, which provide the code used to defend against an attack. Another example is sharing datasets of typical user behavior, such as how often they mistype their passwords, in order to identify anomalies in user patterns that indicate unauthorized access.

How can cybersecurity companies share data in a secure way that doesn’t compromise competitive advantage? Deduce was founded to address this data democratization opportunity. We created a data collective through which companies can share information about users’ security-related behavior and logins. In exchange for sharing data with the platform, companies get access to Deduce’s repository of identity data from over 150,000 websites, which is used to better detect suspicious activity and alert their users.

It’s Time to Shift the Cybersecurity Mindset

To protect businesses and their customers from fast-evolving fraudsters, the industry must shift its mindset — we have no other choice. Companies gain no competitive advantage by hoarding cybersecurity data. Even worse, it leaves everyone vulnerable. We need to think more along the lines of other industries that already realize the value of shared data. By adopting a collective intelligence model, cybersecurity companies have a fighting chance against hackers.

See Deduce in action! Click here to request a demo.

What you need to know about protecting your business and your customers from account compromises

Chances are, you’ve been a victim of account takeover fraud (ATO) in which one or more of your online accounts have been compromised.

It’s a sobering reality that online fraudsters are profiting hugely through hacking campaigns that target businesses and consumers alike. According to a recent report, the average cost of cloud account compromises has gone up to $6.2 million in the last 12 months. Javelin Research estimates that consumers pay an average of $290 for every successful ATO attack, and spend 15 to 16 hours working to resolve problems stemming from each attack.

The bottom line: account takeovers are now a critical threat to everyone. It’s time to fight back. Read on to learn the essential facts about ATO, and what you can do to protect yourself, your business, and your customers.

What is Account Takeover Fraud?

ATO, also known as account compromise, is a form of identity theft in which hackers take control of someone’s online account for financial gain.

There are many different kinds of ATO fraud, but the end goal is always the same: to hijack an account and use it for financial gain. Once fraudsters have gained control of an account, they can steal information, withdraw funds, make purchases, or use the account for other criminal purposes.

Types of Account Takeover Fraud

Online fraudsters employ various methods of ATO fraud, and they’re always innovating and testing new approaches. These are the most common types of ATO fraud:

• Credential cracking: hackers force entry by simply guessing users’ login details.
• Credential stuffing: using stolen credentials from one site to gain access to other accounts.
• Account creation attacks: new accounts are set up and used later for fraudulent purposes.
• Malware: malicious code such as keystroke loggers are used to silently capture a user’s login details.
• Mobile banking trojans: a fake screen is layered over a legitimate app to trick users into providing their login information.
• Phishing: bogus emails or texts lure users into either installing malware or providing their login details directly.
• Sim card swapping: phone number is ported to a new device to gain access to mobile accounts, especially mobile banking apps or other fintech services.

💡For more detailed insights on ATO methods, check out our comprehensive overview on account takeover fraud.

The Challenges of Detecting ATO Fraud

To detect ATO fraud, it’s important to detect both attempted ATO fraud (before an account is taken over) and ongoing ATO fraud (after an account is hijacked). This is no easy task, as it requires the ability to detect subtle nuances in human behavior, as well as the minute variances that creep in when an automated system or human bad actor attempts to pass themselves off as a legitimate user.

Individual businesses don’t have visibility into those processes at the scale that’s needed, as they rarely see enough traffic to successfully identify an attack or warn users.

ATO Prevention Strategies

The chief way to prevent account takeovers is to deploy both pre- and post-authentication security measures. This requires requires a deep understanding of the varied and rapidly evolving ways in which fraudsters try to gain access to online accounts, and an equally deep understanding of how such efforts differ from the ordinary behaviors of regular human account users.

What does it take to acquire such insights? Data sharing.

At Deduce, we’ve built a data coalition of over 150,000 member websites to help businesses stop ATO fraud before an account is compromised. Using AI tools trained on billions of historical interactions, we rapidly detect anomalous behavior — such as a login from an unusual geographic location — and automatically deploy appropriate security measures to prevent attacks before they begin.

Learn how Deduce can protect your business from the next massive data breach. Book a demo today.