Password reuse is the single biggest reason for account takeover (ATO) fraud and financial institutions lost over $23Bn in 2018 to ATO fraud. Changing consumer behavior is difficult and organizations have to solve this problem with better authentication mechanisms.
The Good News: 9 out of 10 financial organizations we speak with cite streamlining their customer authentication experience as a top priority in 2019.
The Bad News: Implementing new and advanced authenticators don’t solve the issue if they are not implemented correctly and approximately 50% of financial organizations prioritizing streamlining authentication also acknowledge that they cannot ensure customer transactions are adequately secured at all times.
Finding ATO in Development: ShiftLeft Ocular is the first product to identify business logic vulnerabilities, like ATO, in development. Ocular combines a new semantic graphing approach to analyzing source code with an interactive REPL. This enables code reviewers to apply their knowledge to interrogate source code for unique vulnerabilities to their codebases such as missing context checks, lack of multi-factor authentication and other similar design flaws that could result in ATO. Once created, custom queries can be saved for automated regression testing of every build or release.
Here is a video recording of our webinar on how ShiftLeft Ocular finds account takeover vulnerabilities during development.
To request a free trial and demo of Ocular, please signup at https://www.shiftleft.io/ocular/
What is causing financial institutions to lose $23 billion a year? was originally published in ShiftLeft Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.
*** This is a Security Bloggers Network syndicated blog from ShiftLeft Blog – Medium authored by Arun Balakrishnan. Read the original post at: https://blog.shiftleft.io/what-is-causing-financial-institutions-to-lose-23-billion-a-year-94d2206c070d?source=rss—-86a4f941c7da—4