Blog

The First Cybersecurity Mistake

Placing “secure” portals in a public environment. Everything went downhill from there. Logically secure activity is not public, it is performed by KNOWN entities.

Last century there was no method to provide secure services to only known users. So, an alleged “secure portal” was placed on a public website & Indirect Assertion of Identity was introduced for authentication.

The problem with Indirect Assertion of Identity became clear almost immediately. Standards were proposed, published and set forth in formal guidance: “Two or more factor” authentication. Factors were defined as “Something you…”: “know”, “have” or “are”.

Deploying these Unique Factors at the endpoint is half a solution applied in the wrong location. These Factors at the endpoint, are Data at the point-of-authentication. Data is One Factor, a failure to meet basic guidance.

Direct Assertion of Identity eliminates the First Cybersecurity Mistake by creating a virtual serialized environment as a FACTOR for secure activity. When only known users can access a secure portal, cybersecurity evolves!

Einstein provided the solution in his “Spooky Theory” and he described today’s cybersecurity environment with his theory of “Insanity”.

$1,521 and Cybersecurity

What does $1,521 have to do with cybersecurity? More specifically what does $1,521 have to do with a financial institution’s cybersecurity?

The Answer: On average online payment fraud is $1,521 per second, $5.5 million per hour or $131.4 million per day. $48 billion annually is a number that is difficult to conceptualize. BUT $1,521 every second makes it easier. Every online transaction is approved based on the data presented.

If there was a $5.5 million bank robbery every hour 24/7 in the real world, would the banking industry react? It is happening online and indirect assertion (guessing identity) continues.

Physical Presence Technology has had one obstacle to overcome, the inconvenience factor of valid security protocols. Financial institutions have a growing obstacle to overcome, the rapid increase in online fraud and educated victims demanding action. Education has begun!

The basis for any security is responsible participation from all parties. Cybersecurity will continue to fail until security concerns overrule the drive for convenience. It is a choice.

Since indirect assertion of identity for online authentication was introduced, there has been guidance rejecting it. The result today is $1,521 in bank fraud every second and growing.