August 24, 2024 / VOLUME NO. 328

Beefing Up Identity Verification


News broke recently that yet another data breach leaked possibly billions of records. Starting in April, a hacker known as USDoD leaked data containing Social Security numbers, emails, mailing addresses and phone numbers stolen from a Florida data broker, National Public Data. But the information contains discrepancies, and some records are tied to deceased individuals, according to security expert Troy Hunt, who runs the website HaveIBeenPwned.com, which allows users to check if their emails have appeared in breaches. 


Unfortunately, Social Security numbers haven’t been secure for a long time. Almost a decade ago, a Verizon Communications analyst told National Public Radio that 60% to 80% of Social Security numbers had been stolen by hackers. That number will have climbed. They’re also easy to figure out using basic public data, according to a 2009 study by Carnegie Mellon University researchers. 


Luckily, Alloy CEO Tommy Nicholas says banks don’t tend to rely on the Social Security number as a sole form of identification, but rather one of many records used to confirm identity. “We have established and been telling our clients for a long time, verifying the SSN is the starting point upon which you can provide identity validation and verification, but it is, in and of itself, to no extent identity verification,” he says. 


There are gaps, he adds. If a criminal accesses a customer’s email, for instance, they could intercept a so-called magic link that is part of a multi-factor authentication process — think of any link you have received when you forgot a password. 


The SSN is just one form of knowledge-based authentication, along with questions such as your mother’s maiden name or the street you grew up on. Criminals have those answers at their fingertips through social media, public information and stolen records. Despite this, financial institutions have increased their reliance on knowledge-based authentication, according to Alloy’s 2024 State of Fraud Benchmark Report.


Behavioral biometric tools that monitor keystrokes “can detect whether you're typing [knowledge-based information] like somebody who knows it or somebody who doesn't know it,” Nicholas says. That can help banks combat fraud attempts that use information like the SSN — but it’s just one tool in the increasingly complex toolkit institutions will need to battle fraudsters.  


• Emily McCormick, vice president of editorial & research for Bank Director

Brokered Deposits Rule Threatens to Upend Bank Balance Sheets

A proposed rule from the FDIC could categorize billions of dollars as brokered deposits, forcing tough conversations about liquidity, risk and capital management.


“What brokered deposits are today is a huge range of things. We have this overarching term, but it now includes different things that present totally different types of risks.”

— Travis Hill, Federal Deposit Insurance Corp. 


Kiah Lau Haslett, banking & fintech editor for Bank Director

Insights Report: Closing the Deal

On average, bank M&A deals are taking longer to close these days. With time a critical factor in M&A, understanding the more common obstacles can help would-be merger partners close deals faster.

What To Do When Fraud Strikes

With fraud on the rise, banks should evaluate their mitigation tools and understand the proper procedures.

More Banks Are Reporting Slowing Loan Growth, Raising Risk Concerns for Directors

Boards need to understand that pressure to keep pipelines flowing could lead to credit-related headaches in the future.

Cybersecurity, CRE and Regulatory Risk: What Boards Face When Reviewing the Risk Appetite

Most bank boards review the risk appetite annually. Here’s a snapshot of issues to consider the next time it comes up.

About Bank Director

Bank Director provides research, peer-insight and executive and board services to the financial industry. CEOs, CFOs, Chairs and leadership teams at financial institutions, fintechs and financial services firms turn to Bank Director to keep pace with their ever-evolving business landscape.