Connect with us

Technology

HOW TO PREVENT CREDENTIAL STUFFING ATTACK

Published

on

Credential stuffing is a type of brute force attack where the attacker uses an already available credential (i.e. stolen) on another website/system as a login attempt.

For example, a hacker may gain a password-username pair of a Facebook account and then attempts to use the same credential to log in on Gmail or Instagram. The basic premise behind credential stuffing attacks is fairly simple: most people have the tendency of using the same pair of password and username on all of their accounts, and the attacker simply exploits this fact.

Many lists of stolen credentials are now sold and even shared publicly on the internet, and as a result of this phenomenon, credential stuffing attacks have risen in popularity for the past few years.

In this guide, we will discuss how we can effectively prevent credential stuffing attacks and how to protect our account, website, and system from this scary version of brute force attacks.

 

1. Strong and Unique Passwords

The best and most effective approach in preventing credential stuffing attacks is to require the practice of using strong passwords to be mandatory, and advising your users to use unique passwords (i.e. one password for one account only).

As a general rule of thumb, a strong password is 10-characters long and should feature a combination of uppercase letters, lowercase letters, symbols, and numbers. You can also use various password randomizer and password manager solutions to create really strong, randomized passwords (which will also help in using unique passwords for different accounts.)

 

Mike

2. Multi-Factor Authentication

The idea of multi-factor authentication (MFA) or 2-factor authentication (2FA) is to ask for additional (or more) information besides the username-password combination before someone can access the account. So, in the event of a credential stuffing attack, an attacker won’t gain access even if they possess the right credential.

This secondary information can be:

  • Something you have: a USB dongle, etc.
  • Something you know: a secondary password, PIN, OTA code, etc.
  • Something you are: fingerprint, iris, face ID, etc.

MFA is very effective in stopping credential stuffing and brute force attacks in general. However, requiring too many MFA requests can significantly ruin your site’s user experience (UX) and might increase the bounce rate.

Finding the right balance between security and usability is also very important, so you can strategically require MFA only on certain suspicious conditions, for example:

  • Different browser/device/IP address or other signature
  • Login attempt from unusual location or countries that are considered suspicious
  • Blacklisted IP address, IP address that has tried to log in to multiple accounts
  • Obvious bot/scripted activities

 

3. CAPTCHA

Since many credential stuffing and brute force attacks are performed by automated scripts (bots), implementing CAPTCHA can help in blocking these bots in performing their task. However, CAPTCHA is one a one-size-fits-all answer for credential stuffing attack for two reasons:

  1. There are now CAPTCHA farm services where a human worker will solve the CAPTCHA before passing it to the bot, rendering CAPTCHA useless.
  2. Similar to MFA, CAPTCHA can ruin user experience, so it’s very important to use them sparingly.

In general, use CAPTCHA only in specific, strategic scenarios, and you can combine it with other techniques.

 

4. Notify Users About Unusual Activities

Many people don’t realize when their credentials have been stolen, so it may be appropriate to notify or warn the user when suspicious activities are detected.

However, don’t overwhelm users with too many notifications and only send appropriate/important ones. Or else, the user might just ignore or delete the notification, making this approach counterproductive.

For example, if there had been a successful login but it failed the MFA check, then the user should be notified so they can change the password immediately.

It’s also important for your users to be able to view details related to recent logins (date, time, and location). Also, if the application allows simultaneous sessions, the user should be able to view a list of all active sessions and to terminate any other sessions they deem suspicious.

 

5. Fingerprinting

The basic approach in preventing credential stuffing attack is to blacklist IP addresses and/or a range of IPs after a certain number of failed login attempts. However, sophisticated bots can now rotate between thousands of IP addresses, so IP-based detection might not be very effective.

So, we can also fingerprint other factors to determine whether the traffic is a legitimate user, like browser, device signature, operating system, the language used, and more. There are various fingerprinting-based solutions you can use for this method.

The idea is, if the new traffic doesn’t match the user’s previous signatures,  you can ask this client for additional authentication (MFA, CAPTCHA, or others). Keep in mind, however, that a user might share the account with their friends or family members, so implement this method strategically.

In combination with fingerprinting, we can also configure alerts on the login success ratio of suspicious users. For example, a login success rate below 10% is very suspicious, and credential stuffers can reach a close to 0% success rate. Tracking login success ratios can be very effective in detecting credential stuffing attacks.

 

6. Investing In a Bot Detection Solution

One of the most effective approaches in preventing credential stuffing attacks is to use an advanced account takeover protection solution that can effectively detect and block malicious bot traffic attempting the attack in real-time.

Since both bots and humans now use the same browsers and IP addresses, real-time and automated credential stuffing protection is now necessary. Humans can no longer act fast enough to match the bot activities, and this is where AI-powered, machine learning bot detection solutions can be very effective in preventing credential stuffing attacks.

 

End Words

While there is no perfect method that can 100% prevent credential stuffing attacks, the 6 methods we have discussed above are among the most effective in identifying, preventing, and mitigating the effects of potential credential stuffing.

The most effective approach, however, is to have an effective bot detection and mitigation solution that can detect the credential stuffing attempt in real-time. Solutions like DataDome offer a comprehensive bot detection solution that deploys in minutes on any infrastructure, fully automated.

Business

SMART WEARABLES IN HEALTH TECHNOLOGY

Published

on

Gavin Bashar, UK managing director at Tunstall Healthcare, discusses smart wearables in health and social care, the benefits, and what the future holds.

For many years, technology has been integrated into every sector in the economy, from banking to shopping, to enhance the experience of customers.

However, health and social care services have fallen behind in terms of technology adoption and innovation, for reasons including fragmented structures, limited resources, and reluctance to change.

Yet person-centred technology has the power to transform lives, not only enabling the ongoing delivery of support services to vulnerable people, but reshaping the health and social care sector as a whole.

Technology-enabled health and care is the service of the future and the ongoing and unprecedented rapid acceleration in the adoption of care and health technology has demonstrated the numerous benefits in practice.

 

Why wearable technology?

Wearable technology enriches the lives of a range of cohorts, including people living with long term conditions such as dementia, and connects vulnerable individuals to key stakeholders such as clinicians and family members.

The better application of technology and wearable devices can deliver significant benefits including improved patient outcomes and service-user experiences, a reduction in the strain on staff and carers, and potential cost savings or avoidance.

Wearable devices and the systems they’re linked to use wireless and digital technology to enable support services to be efficient, flexible, responsive, and tailored to the individual. The unobtrusive devices also ensure that care delivery is discreet and won’t interrupt the daily life of service users.

Proactive healthcare is also easier thanks to wearable technology. Service users become much more engaged with their own health and have greater opportunity to develop a proactive approach to their health monitoring, rather than reacting. Technology can be used to enable intervention at an early stage by identifying irregularities before they become more significant health or care issues which require expensive care and treatment.

There is significant evidence that wearable technology offers users greater choice in terms of the care they receive and prevents incidents in the first place, by recognising an emergency as soon as it occurs. Community alarms and telecare services in particular are effective methods of signposting to clinicians and additional services when a user requires care, and this has been particularly important during the pandemic.

 

Wearables in a home and residential care setting

When providers are presented with unique opportunities to drive the adoption of digital health solutions such as wearables, there must be a focus on designing holistic services which fit seamlessly into the user’s life, work with clinical practices, and ensure any data that is collected is stored securely.

There is a huge range of wearable technology and devices available which perform a number of functions and can therefore be tailored to suit the needs of an individual and their stakeholders, such as carers and clinicians.

Small, discreet pendants available on the market can raise alarm calls in emergencies, and protect users living independently at home or in group living environments. Features can include integrated alarm buttons, LEDs for visual reassurance that a button has been pressed, easy to wear options, and auto low battery monitoring and alerts.

Falls are the main reason that older people are taken to hospital and unaddressed fall hazards in the home are estimated to cost the NHS over £430 million1. Smart wearables use advanced technology to allow users to raise an alarm from anywhere in their home or care setting if they are in difficulty. Some devices can also automatically raise an alert if a fall is detected.

This technology offers confidence to individuals who are at risk of falling, such as people with limited mobility, the elderly, and people with long-term conditions such as epilepsy, diabetes and Parkinson’s disease.

Wearable technology not only benefits vulnerable individuals living at home, but also those in residential care settings and their carers. Nurse call systems which are integrated with smart wearables can be personalised to ensure individual safety with minimal disruption to other care home residents. It also respects dignity while improving management insights, workflow efficiencies, staff morale, and care quality.

Devices can also be worn which protect users when away from home, automatically detecting falls, offering an SOS function and providing the user’s location.

 

The benefits of managed technology and smart wearables

Technology can require equipment from a range of manufacturers. Identifying, purchasing and managing devices from multiple sources can prove challenging and resource intensive for local authority community alarm centres.

Nottinghamshire County Council (NCC) has a managed healthcare service which includes home units, telecare sensors and wearable devices which are all tailored to the needs of individual service users.

All connections are monitored and referrals are made to the NCC Responder team, nominated contacts or the emergency services, as appropriate. NCC also has Reablement Assessment flats with telecare in place to support people leaving hospital, helping them to increase wellbeing and regain skills to enable them to return home.

Between October 2019 and December 2020, significant benefits and improved outcomes have been observed. Over 280 cases where a high and immediate risk of admission to residential care were avoided, and over 650 cases which required additional community care costs were avoided.

In total, savings of over £2.2 million have been achieved after additional service costs, costs of homecare for people diverted from residential care, and loss of client contributions have been deducted.

 

The next generation of wearable technology

The deployment of smart technology, including wearable devices, enables vulnerable people to live safely and independently for as long as possible. However as demands change, the care journey is now evolving rapidly and healthcare services must adapt accordingly.

We’re beginning to see the next generation of predictive care technology and smart wearable devices, and over the next few years this will encompass integration that enables diverse and scalable models of health and social care. Using AI and taking data-driven insight from multiple sources, providers will use this next generation of solutions to optimise Population Health Management programmes by providing personalised and anticipatory care.

Smart wearables in health and social care are designed to improve quality of life and empower individuals to take control of their health, while supporting the NHS and additional stakeholders by reducing the number of required GP visits, ambulance callouts, hospital admissions, and demand for local authority funded residential care

For more information on how wearable technology can support the ongoing delivery of proactive and effective support, please visit www.tunstall.co.uk

Continue Reading

Finance

TRENDS IN FINTECH IN 2022: FROM ARTIFICIAL INTELLIGENCE TO FINANCIAL WELLNESS

Published

on

By

By Jayne Zhang, Lead Digital Transformation and Commercialisation consultant, FPT Software

 

The financial services industry has been pivoting towards digital transformation for the last decade or so.  The onset of COVID-19 pandemic has only heightened the importance of this transformation as the demand for digital solutions has rapidly grown.  The rise of fintechs and brands has also fostered the maturing digital landscape and changed customer expectations.

As competition increases, it’s no longer enough to only offer financial products through digital channels. Surveys show that the main drivers for customer attrition are poor banking apps and a lack of digital services, so the financial services industry needs to embrace new strategies and technologies with a renewed focus on the customer context (experience and engagement) and provide enhanced digital experiences to retain and acquire new customers.  Here are seven trend predictions for 2022 and beyond:

Increased investments in digital platforms, composable banking options and innovation

According to Forrester Research, in 2022, it’s predicted that a quarter of banks will increase their tech spending by 10% or more. Banks must invest in and build an infrastructure that facilitates their digital transformation and helps them provide an exceptional customer experience with digital intelligence and automated decisioning. This includes increased investment into the adoption of the micro-service and API layers that allow for seamless integration into digital platforms and ecosystems.

Creating a unified customer experience and journey

The digital experience is now the primary driver of customer attrition and it’s a major factor for consumers when it comes to choosing a bank. To stay competitive, banks need to deliver an attractive and comprehensive digital experience that works in parallel with their physical branch and call centre services. Business must look at the entire customer journey from end to end – from fast and seamless onboarding to real-time notifications with personal and relevant messaging, offering products relevant to the customer life cycle, well integrated self-service tools, enhanced security and fraud protection, and also offer insights for customers.

Increased focus on creating an AI structure which enables contextual and connected decision making

In order to leverage the digital decision platforms and logic that helps with decision making, there must be an increased focus on data-driven decision intelligence technologies, such as machine learning and AI. Many institutions are moving to a hybrid human and AI decision-making model to compose a full view of the customer, which enables customer life cycle management with intelligent, relevant and timely decisions. According to the International Data Corporation, global spending on AI systems is forecast to jump from $85.3 billion in 2021 to more than $204 billion in 2025. The compound annual growth rate (CAGR) for the 2021-2025 period will be 24.5%.

The power of data

To leverage the vast amount of data available, companies must be able to define, map, analyse, and use this data to create customised digital experiences with personal and relevant messaging and offers that customers want. Data responsibility will become increasingly important with the rise of data aggregation.  Banks must balance the power of data with responsible AI, keeping in mind the importance of ethics, transparency, and security. Consumers are also more data aware with a maturing understanding of how their data could be exposed and used.  This causes them to be more risk averse when it comes to giving out their data without a clear return.  Banks will need to provide data value such as data insights for enhanced risk assessment or fraud protection, to empower customers with their own data, which in turn could give them better engagement and personalisation.

Financial wellness and education – humanising the digital experience and rethinking what it means to be customer-centric

A bank’s bottom line relies on the financial wellness of its customers, thus a focus on the financial health of customer should be a primary strategic goal. Having access to financial services does not necessarily mean they’re financially healthy. The younger generations may be more digitally savvy, but they aren’t financially savvy. What this means for banks is that there’s a renewed need to understand their customers’ life cycles, and their journey, be able to empathise with them, anticipate their needs, and deliver products/services to help them improve their financial wellbeing at the point of need – allowing their customers to feel financially secure. Studies show that putting their customers’ financial wellness at the centre will help banks grow profitable portfolios and increase long-term shareholder value.

Expand their line-up of sustainable finance products

Environmental, social and governance (ESG) considerations are gaining importance. Some regulators are proposing that climate reporting by banks be made mandatory. The ESG transition will need banks to balance business while embracing and implementing ESG-related policies and standards. Financial services firms will be keen to accelerate their speed to market for ESG products and services, such as green loans and mortgages, and checking accounts with sustainability and carbon-tracking features.

Open banking and embedded finance

With regulators in the EU and UK proposing measures to extend data sharing principles across financial and nonfinancial products, 2022 will see a growing number of banks experimenting and pivoting their business models toward a more open, collaborative platform approach. Leveraging this open-banking connectivity and focusing their efforts on delivering select capabilities as a service, powering the growth of embedded finance. This all goes back to the focus on the customer, and being able to provide financial products, features, services and education at the point of the customer need, and not through a separate journey.

 

Continue Reading

Magazine

Trending

Banking15 hours ago

Bringing Automation to Banking

Ron Benegbi, Founder & CEO, Uplinq Financial Technologies   Automation is everywhere you look these days; from supermarkets to warehouses...

Finance15 hours ago

Why financial services is stepping into a new era

by James Mingard, Head of Retail & Finance at Maintel   When comparing industries, financial services has arguably fallen behind when...

Business1 day ago

FINANCIAL MARKETS IN 2022: INFLATION, ENERGY PRICES, AND THE CONTRASTING PERFORMANCE OF STOCKS

Bob Jenkins, Head of Research, Refinitiv Lipper   Anyone hoping for a reprieve from the chaos and uncertainty of the...

Business3 days ago

FINTECH TRENDS TO LOOK OUT FOR IN 2022 WHICH WILL CHANGE THE WAY WE DEAL WITH FINANCE!

Embedded Finance is estimated to be a $3.6 trillion market opportunity (Matt Harris, Bain Capital Ventures) Embedded Finance means it’s...

Business3 days ago

THE GREEN REVOLUTION IN INVESTING

It can’t be denied how quickly environmental sustainability has become a focus among everyday consumers, whether they’ve become noticeable through...

Business3 days ago

INVESTMENT IN INNOVATION: 2022 TRENDS AND OPPORTUNITIES

Author: Michael Kodari, Founder and CEO of Kodari Securities (KOSEC)   Moving into 2022, while COVID is still front of...

Business3 days ago

HOW TO CONSOLIDATE INVESTMENT REPORTING OPERATIONS AFTER A MERGER OR ACQUISITION

By Andrew Sehulster and Abbey Shasore   The reason why senior management make an acquisition is to compete better or...

Business4 days ago

FUNDING R&D IS STILL A PRIORITY FOR COMPANIES DESPITE THE PANDEMIC

By Emma Lewis, Myriad Associates   HMRC regularly releases statistics that look at the numbers of R&D Tax Credit claims...

Business4 days ago

Mitigating the insurance risks of climate change through geospatial data visualisation

Richard Toomey, Senior Manager, Commercial Insurance at LexisNexis Risk Solutions UK and Ireland   In the lead up to the...

Top 104 days ago

From compliance to the metaverse: Investment trends to look out for during the year ahead

By Rami Cassis, Founder and CEO of Parabellum Investments   In the investment world, the old saying, knowledge is power,...

News4 days ago

NutreeLife triples production with finance from Siemens Financial Services

Plant-based snack manufacturer NutreeLife has massively increased its production capacity with the help of a hire purchase solution from Siemens...

News5 days ago

HYDR DEVELOPS INVOICE FINANCE PLATFORM TO INTEGRATE WITH MAJOR CLOUD ACCOUNTING SOFTWARE PROVIDERS

MANCHESTER – UK – 17th January 2022 – Fintech start-up, Hydr has developed its proprietary invoice finance platform to integrate...

Business5 days ago

What should you be know about PAN data in PCI DSS?

Narendra Sahoo (PCI QSA, PCI QPA, CISSP, CISA, CRISC) is the Founder and Director of VISTA InfoSec   Introduction PAN...

Finance5 days ago

GET READY FOR A LARGER-THAN-EXPECTED INTEREST RATE SPIKE IN 2022

By Nicholas Sargen As investors assess what is in store for 2022, they should not lose sight of what has transpired...

Banking5 days ago

MYTH BUSTING THE ROLE OF OPEN SOURCE IN FINANCIAL SERVICES

Nigel Abbott, Regional Director North EMEA, GitHub   There is no denying the financial services (FS) industry is under pressure to...

Business6 days ago

How Crypto Traders Can Avoid Unexpected Expenses

Have you been dabbling in cryptocurrency in 2021? Are you still relatively new to the world of crypto and feeling...

Finance6 days ago

Looking Ahead: 2022 Fintech Predictions and Reflections

Will Marwick, CEO of IFX Payments   2021 was the year of recovery and opportunity for many, following months of...

Business6 days ago

A systematic approach to stock selection finnCap’s Slide Rule

Raymond Greaves, Head of Research at finnCap   As an engineer by background, I love data and using it to...

News6 days ago

The UK’s Crypto and Digital Assets Group will be welcomed, but it needs to reach out to the industry

by Jennifer Clarke of regtech CUBE   The advent of the Crypto and Digital Assets Group will be welcomed with...

Finance6 days ago

EMBEDDED FINANCE EXPERIENCES, THE BIG MOVE IN 2022

By Louisa Murray, Chief Operating Officer UK & Europe at Railsbank Over the past year, we have seen some fundamental...

Trending