Global security group Securitas has revealed that its chief executive was declared bankrupt last week after his identity was hacked.
In a statement to investors, the company said that a fraudster had made a fake loan application in the name of Alf Göransson, its 59-year-old president and chief executive. To add to the embarrassment, Securitas said the unfortunate Mr Göransson had then found himself being declared bankrupt following a false court application.
Lisa Baergen, director at NuData Security, said: “Cybercriminals are building fictitious identities to open fraudulent accounts with an eye towards fleecing banks, mortgage lending institutions, and insurance companies. Stealing genuine account credentials or faking them or creating synthetic identities from breached data, has been used to take out loans, overdrafts or mortgages, open bank accounts and even apply for valid documents such as a passport or driver’s license. There have even been many recorded instances of identity fraud taking place with credentials belonging to deceased individuals or even babies.
"Organisations are evolving to look towards more effective means of protecting accounts. Passive biometric and behavioural analytics enable these organisations to identify, verify and authenticate legitimate customers online through their behaviour and multiple other signals without impacting the customer experience or demand for convenience.
"A new approach to authentication has to be employed, whereby identity isn’t tested online solely using a single factor such as a password, 2FA, physical biometric or any other single data point. Instead, the verification should use multiple factors that are combined and analysed to give a complete risk assessment of the user – even if the hacker presents legitimate credentials.
"The test should also focus on dynamically generated information that isn’t stored and therefore isn’t subject to theft, mimicry or spoofing. There are tools, such as passive biometrics, on the market now that base identity verification tests on dynamic data, not solely single-factor data such as a password or 2FA. These multi-factor methods are the only way to move beyond much of this identity fraud in the future.”