Loading...

Identity elements are not credentials

Published: July 10, 2011 by Keir Breitenfeld

Lately there has been a lot of press about breaches and hacking of user credentials.  I thought it might be a good time to pause and distinguish between authentication credentials and identity elements.

Identity elements are generally those bits of meta data related to an individual.  Things like: name, address, date of birth, Social Security Number, height, eye color, etc.  Identity elements are typically used as one part of the authentication process to verify an individual’s identity.  Credentials are typically the keys to a system that are granted after someone’s identity elements have been authenticated.  Credentials then stand in place of the identity elements and are used to access systems.

When credentials are compromised, there is risk of account takeover by fraudsters with mal intent.  That’s why it’s a good idea to layer-in risk based authentication techniques along with credential access for all businesses.  But for financial institutions, the case is clear: a multi-layered approach is a necessity.  You only need to review the FFIEC Guidance of Authentication in an Internet Banking Environment to confirm this fact.  Boiled down to its essence, the latest guidance issued by the FFIEC is rather simple. Essentially it’s asking U.S. financial institutions to mitigate risk using a variety of processes and technologies, employed in a layered approach. More specifically, it asks those businesses to move beyond simple device identification — such as IP address checks, static cookies and challenge questions derived from customer enrollment information — to more complex device intelligence and more complex out-of-wallet identity verification procedures.

In the world of online security, experience is critical.  Layered together, Experian’s authentication capabilities (including device intelligence from 41st Parameter, out-of-wallet questions and analytics) offers a more comprehensive approach to meeting and exceeding the FFIEC’s most recent guidance. More importantly, they offer the most effective and efficient means to mitigating risk in online environments, ensuring a positive customer experience and have been market-tested in the most challenging financial services applications.

Related Posts

Learn how you can proactively fight credential stuffing attacks and protect your organization and customers.

Published: December 18, 2024 by Laura Burrows

Bots have been a consistent thorn in fraud teams’ side for years. But since the advent of generative AI...

Published: December 17, 2024 by James Craddick

There’s a common saying in the fraud prevention industry: where there’s opportunity, fraudsters are quick to follow. Recent advances...

Published: December 9, 2024 by Jesse Hoggard