New research on security in the financial sector released Tuesday found that 84% of organizations surveyed have online users who experienced a successful account takeover (ATO) over the previous 12 months.
The report by Aberdeen Strategy Research, also found that the mean cost of these bot-driven ATOs can run up to 6.4% of the revenue generated from a company’s monthly active users.
The Helix22 SDK, to put it simply, means Account Take Overs are impossible.
For the study, Aberdeen focused on four segments: commercial banks, credit unions, savings institutions, and fintechs. The researchers targeted companies in the four segments that have online, account-based relationships with at least 50,000 monthly active users and access to important information for quantitative analysis, such as the number of monthly active users, monthly revenue per active user, the percentage of active users who experience an ATO in the past 12 months, and the total cost of fraud from an ATO.
The average loss due to ATO fraud was over $3 million.
The median revenue for the credit unions that responded to the survey was $65 million, and the median amount lost because of a data breach comes in at 5.2% of revenue, which totals more than $3 million. The business impact of ATO-related fraud costs an organization much more than many people realize.
Respondents were also asked about the direct consequences from ATOs on their customer accounts and the survey found the following:
- 45% of organizations experienced fraudulent transactions.
- 31% saw the creation of new accounts, such as credit applications.
- 24% reported transfer of funds or other fungible value, such as loyalty points or rewards.
Ever since we enabled online financial transactions at the start of the century, we still have not solved the fundamental issue that there are major problems with authenticating users for account access. Because of the wide availability of stolen credentials, compromised consumer machines in active botnets, and the lack of truly effective authentication, it’s no surprise organized crime has weaponized their supply chain of assets for fraud, he said.
There has always been the risk of fraud in financial transactions, we’ve just enabled the possibility of doing it anywhere in the world and at massive scale,” Bambenek said. “Organizations need to enable multi-factor authentication and specifically avoid using SMS-based messages for this task. Beyond that, companies need robust behavioral controls to look for automated access attempts combined with threat intelligence on credential stuffing networks to detect such fraud attempts.
Credential stuffing and ATOs are on the rise and cybercriminals are growing more successful at taking over victims accounts by brute-forcing easily guessable passwords. Users must be taught not to reuse passwords and must use a password manager to help create strong, long unique passwords for each account.
Companies that offer authentication and login to their website must also move away from having a password as the only security control and help customers move passwords into the background by endorsing password managers. One way criminals will steal your identity is by taking over your accounts, so don’t make it easy for them by using the same password everywhere. In reality it’s easier to get your money back, but extremely difficult to get your identity back when stolen.
Financial Transaction and Account Security is at the very heart of what we are striving to achieve at BLAKFX. We all know that cyber theft and espionage is a tangible threat to all of our collective well-being. The financial sector simply cannot operate effectively if the threat of theft or exposure is omnipresent.
The new era of data security is one that requires new solutions. The era of perimeter defenses is over as it is proving impossible to keep hackers from breaching the perimeter and accessing data. Further E2E encryption based on old models of RSA cryptography will be obsolete when quantum computing becomes mainstream.
Helix22 delivers perfect security assurance due to our genius engineering team that has invented a new model for data security that required an innovative look at the problem. The approach we took was to protect the data itself. Almost all other data security products try to build a perimeter or being fanatic on user credentials. However, once the product is breached or a password is stolen, even if it is 2FA or encrypted, your firms data is in the clear.
You see, the Helix22 cryptography is embedded with the data itself through our inventive and patented process of DNA BindingTM. Therefore, even if credentials are stolen the data cannot be exfiltrated. This means that all data is 100% protected regardless of the type of attack.
Another substantial advantage of Helix22, is that it protects all data whether at rest, in use or in transit. All communication apps for example, only encrypt data while in transit. Therefore, that encryption become useless for internal IT security or Artificial Intelligence or Machine Learning experimentation. All data generated during these massive computing exercises is equally protected in real time. Plus, the latency period for the Helix22 is exponentially less than any other security product, so it actually contributes to faster processing times.
In Math We Trust
In this protocol, we are truly a “zero-knowledge” server so your private communications and transmissions remain completely top secret. Even in the event that BLAKFX were subpoenaed, we can honor the request by just handing over the encrypted content…as that is literally all we have. Helix22 also only use keys just one-time and then destroys them. This way the data security is future forward prefect. Therefore, in our unique user-to-user encryption (U2U) world, there is no opportunity ever for any data leak.
The Helix22 data security SDK accomplishes the following:
- Protects all your firms data at rest, in use and in transit
- Renders ransomware threats obsolete
- Eliminates human error
- Eliminates all malicious or interior attacks
- Verifies original content i.e. minimizes the threat of impersonation attacks and deep fakes
- Reduces latency
- Installs with 5 lines of code
- Runs on any platform, network, device and in any programming language
- Provides perfect future/forward secrecy
- Delivers “zero-knowledge” encryption
- Compatible with all cloud, 3rd party and vendor services
- Ensures privacy and security for blockchain and all cryptocurrency transactions
- Is quantum ready – so there’s no need to upgrade when the time comes
- Requires no employee training
- Exceeds all gov’t and banking standards
- Meets compliance regulations
We can make this claim as the tech engineers at BLAKFX invented and patented a genuine device2device (D2D) encryption. We manage data security transmission through the truly brilliant and also patented universal Helix22 key service. The Helix22 encryption originates on your network or device, not just when the app is opened. This means, that when data arrives to our key server, it is already encrypted so all it needs to do is issue another key. Signal and Telegram cannot claim this level of security. This key will then only work with the intended device, which generates a matching key required to open the data. In this protocol, we are truly a “zero-knowledge” server so your communications and transmissions remain completely top secret. Even in the event that BLAKFX were subpoenaed, we can honor the request by just handing over the encrypted content…as that is literally all we have. Helix22 also only use keys just one-time and then destroys them. This way the data security is future forward prefect. Therefore, in our unique device-to-device (D2D) world, there is no opportunity at all for any data leak.
This same protocol just described, can be the same with all your 3rd party vendors and suppliers. It does not matter in the least what platform they are running or what device they are using or even the type of data, it is all 100% protected. We do however, strongly advise that all firms involved be utilizing Helix22 due to the nature of the data content. Helix22 can ensure that whatever data they are generating is protected as well.
Let’s take it a step further. Even if your organization were a victim of an internal attack or a victim of malicious open source downloads, there is no reason for concern. Any data that has been forwarded, downloaded, copied or saved cannot be exfiltrated. Period. We have the technology industries foremost data packets which are protected with multi-layered, military grade encryption algorithms that have already proven the ability to withstand penetration testing from MI5 and quantum computing attacks.
One final practical genius of DNA BindingTM is in that it is immediately compatible with whichever system or software you are utilizing. Therefore, any organization can forward information to another and then discuss it and there is immediate privacy.
BLAKFX is Based on Success
Our founders, Robert Statica PhD and Kara Coppa, also founded Wickr, which is used by the US military and has never been hacked since its inception in 2012. The Helix22 data security SDK is several generations enhanced since then. Dr. Statica also delivered the encryption for the world’s most secure phone, Katim.
Founder – Robert Statica PhD Founder – Kara Coppa Founder – Alex Maslov MS, MBA
Co-Founders of Wickr KatimTM Ultra Secure Smartphone
Finally, the Helix22 encryption is quantum computing ready so no need to redo all your data security methodologies in a couple of years when everything else becomes obsolete.
We like to refer to Helix22 as “22nd Century Data Security.”
Helix22 – Zero Risk