In a recent discussion, Reuben Stewart, the digital identity lead at PNC Bank, highlighted the challenges faced by banks and financial services organizations in the realm of digital identity proofing. Stewart emphasized the risks associated with relying on static data, such as Social Security numbers, which can be easily compromised by fraudsters.
According to Stewart, using static data as the primary identifier leaves organizations vulnerable to cyberattacks. “If anything is static, it is a sitting duck; consider it compromised,” Stewart warned. He stressed the importance of moving away from using Social Security numbers as the main identifier and adopting more dynamic and secure authentication methods.
Apart from the risks posed by static data, Stewart also shed light on the challenges in authorization processes within banks. He pointed out that there is often a disconnect between identity providers handling authentication and application owners managing fine-grained authorization. This gap can lead to security vulnerabilities and expose organizations to risks associated with unauthorized access.
During a video interview with Information Security Media Group, Stewart delved into the following key points:
1. The vulnerabilities associated with relying on static data and how fraudsters exploit them.
2. The gaps in authorization processes and their implications for banking security.
3. Innovative identity-proofing techniques that can bolster fraud prevention efforts.
Stewart’s expertise lies in developing strategies to protect customer identities throughout the lifecycle. With over 25 years of experience in the financial services sector, he specializes in customer identity management, fraud prevention, and cybersecurity.
In conclusion, Stewart’s insights underscore the urgency for banks and financial institutions to enhance their digital identity proofing processes and address the vulnerabilities arising from static data usage. By embracing innovative authentication methods and bridging the gap between authentication and authorization, organizations can strengthen their security posture and mitigate the risks posed by cyber threats.