Security Research: without study of fraud it is like analyzing football but excluding the scoring

Identity fraud crimes necessarily involve a pair of separate acts, yet because they are so rarely understood in tandem the criminals have an ongoing advantage. It's almost as if we were studying game film of moving the ball downfield, without ever looking for a correlation with what is more likely to put the ball in the goal! A substantial amount of quality information about the pattern of data exposure (crime number one) comes from security-sector firms, yet because this information is generally analyzed in isolation from the follow-on transactional fraud (crime number two) the practical value of such information is several limited. Security vendor after vendor perennially publish valuable bodies of research detailing the global cyber-criminal, which is almost exclusively focused on the always-troubling evolution in methods of unauthorized access or trafficking of personal identity information. The issue is that identity crimes are almost always a two-step process (theft of data followed by transactional fraud), and this method of study can only apply to the first half of a two-part problem. Posted in: Account Takeover Identity Theft