Sift Logo Several blue dots forming a sphere to the left of the word Sift in italic font.
  • Products

    Digital Trust & Safety Suite

    Fight fraud without sacrificing growth

    Learn more →

    Passwordless
    Authentication

    Account
    Defense

    Content
    Integrity

    Payment
    Protection

    Dispute
    Management

    Sift
    Connect

    PSD2
    Solution

    New Releases & Enhancements

  • Partners

    Sift Partner
    Program

    Join the leader in Digital Trust & Safety

    Learn more →

    Commerce platform partners


  • Industries

    One solution, many applications

    Learn how Sift can work for your industry

    Learn more →

    Featured industries


    Fintech

    Retail

    Food & Beverage

  • Customers

    See case studies by industry

    Sift works across every use case and region

    Learn more →

    Featured customers


  • Resources

    Explore our resources

    Access trends, guides, and insights from Sift

    Learn more →

    Blog

    Ebooks

    One Pagers

    Demos

    Videos

    Webinars

    Infographics

    Podcasts

    Trust & Safety University

  • Fraud Center
  • Company

    Why leaders choose Sift

    Technology, community, and partnership

    Learn more →

    Our mission: Help everyone trust the internet


    About

    Careers

    News & Press

Request a demo
Products
  • Digital Trust & Safety Suite
  • Passwordless Authentication
  • Account Defense
  • Content Integrity
  • Payment Protection
  • Dispute Management
  • Sift Connect
  • PSD2 Solution
  • New Releases & Enchancements
Why Sift
  • Salesforce
  • Magento
  • Shopify
Industries
  • Fintech
  • Retail
  • Food & Beverage
Customers
Resources
  • Blog
  • Ebooks
  • One Pagers
  • Demos
  • Videos
  • Webinars
  • Infographics
  • Podcasts
  • Trust and Safety University
Fraud Center
About
  • Search Careers
  • Our Company
  • Contact Us
  • Engineering Blog
Request a DemoSign In
  • Blog Home
  • Fraud
< prev / next >
Share this article on LinkedIn
Tweet this article
Share this article on Facebook
SOCIALICON
Share this article via email

The Problem with Static PII Identification

By Roxanna "Evan" Ramzipoor  / 

7 Dec 2017

We’ve all been there. You’ve logged into this site a thousand times, but today there seems to be some doubt that you are who you say you are. None shall pass before answering some security questions. What’s your mother’s maiden name? What street do you live on? Companies must put these barriers in place because they’re effective security measures. But are they?

For some insight, let’s look at Equifax. Equifax had two security roadblocks that employees had to pass in verifying their identity. To access their information, they first had to enter a 4-digit PIN, and then provide some personally identifiable information (PII) – that is, answer security questions in the vein of “What is your mother’s maiden name?” or “What street did you live on as a child?” Two layers of security sounds good, right? So, what’s the problem?

As Avivah Litan commented to Brian Krebs: “That’s so 1990s.” Litan, a VP and Distinguished Analyst at Gartner Research who specializes in cybersecurity and fraud, says that relying on PII to secure users’ data makes it easy for hackers to penetrate a system. To hack Equifax employees’ data, fraudsters needed only to reset a 4-digit PIN and then answer those security questions.

If you think finding a user’s PII is something only Sherlock Holmes could do, then think again. People are cavalier with their personal information, sharing freely even when their accounts are public. A Google search for a user’s social media account is often enough to find any PII. As long as websites and other online services continue to rely on these antiquated security measures, Litan believes the next big data breach is more than imminent: it’s happening as we speak.

According to Litan, the chance that any given piece of personally identifiable information is already in criminal hands is over 50%. That’s a 1 in 2 chance that a fraudster knows your mother’s maiden name! In fact, more U.S. identities have been compromised than not, especially in recent years. And this isn’t even taking into account identities that have been compromised outside the U.S., where businesses aren’t always legally obligated to report data breaches.

As a result of this alarming trend, we haven’t just seen a sharp increase in data breaches; we’ve also seen a dramatic rise in account takeover (ATO). Even though PII is so easy to find, most businesses and organizations rely on it to identify new and existing users and to execute high-risk, real-time transactions. Now that fraudsters have such easy access to PII, they can systematically test stolen credentials on sites and apps until they’re able to log into someone’s account. A shocking 1 in 2 businesses saw a rise in ATO last year.

We can no longer rely on static personally identifiable information to stem the tide of data breaches and combat account takeover. Instead, Litan and other fraud experts advocate that businesses turn to dynamic identity data to verify a user’s identity. Dynamic identification relies on behavioral data. In contrast to static solutions, dynamic fraud solutions might check to see whether the user is browsing on an unfamiliar device, whether they’re logging in from an unfamiliar location, or whether they’re clicking through a page faster or slower than usual. Rather than relying on a single data point to draw inferences, dynamic solutions examine these signals as a whole to make intelligent decisions about a user’s trustworthiness. Trustworthy users can enjoy a frictionless experience on the site, while suspicious users might have to go over a few speed bumps before they can proceed. The result is a safer online experience for everyone.

That’s where Sift Science comes in. The Sift Science Digital Trust Platform is a holistic and dynamic way for businesses to protect their customers from fraud and abuse, while providing trustworthy users a tailor-made online experience. It’s never been harder or more important for businesses to trust their users, and vice versa. While trust will always be important, it doesn’t have to be hard. Download our Complete Guide to Preventing Account Takeover to get started today.

Related

ATOdata breachesdynamic identificationPII

Roxanna "Evan" Ramzipoor

Roxanna "Evan" Ramzipoor was a Content Marketing Manager at Sift.

  • < prev
  • Blog Home
  • next >
Company
  • About Us
  • Careers
  • Contact Us
  • News & Press
  • Partner with us
  • Blog
Support
  • Help Center
  • Contact Support
  • System Status
  • Trust & Safety University
  • Fraud Management
Developers
  • Overview
  • APIs
  • Client Libraries
  • Integration Guides
  • Tutorials
  • Engineering Blog
Social

Don't miss a thing

Our newsletter delivers industry trends, insights, and more.

You're on the list.

You can unsubscribe at any time. Please see our Website Privacy Notice.

If you are using a screen reader and are having problems using this website, please email support@sift.com for assistance.

© 2022 Sift All Rights Reserved Privacy & Terms

Your information will be used to contact you about our service and subscribe you to our direct marketing communications. You can, of course, unsubscribe at any time. Please see our Website Privacy Notice.