Lessons Learned

ID-theft scam shows the weak link in systems that depend on password protection




PHILLIP CUMMINGS PHOTO

Cummings allegedly stole passwords of clients of his employer's customers.
A smart card might have saved the day for more than 30,000 consumers, the victims of the largest identity-theft scam to date. Philip Cummings allegedly exploited his position with a computer help-desk company to steal passwords used by clients of his employer's customers, which included Ford Motor Credit, federal investigators said last week. With as many as 20 co-conspirators, Cummings is responsible for millions of dollars in fraud losses, authorities say.

Cummings allegedly accessed data even after leaving Teledata Communications Inc. "This highlights the vulnerability of password-only security," says Randy Vanderhoof, executive director for the Smart Card Alliance.

The lesson: Encrypt passwords into a smart card or use a smart card, token, or biometric authentication alongside passwords, so a user needs to steal more than a password to break in.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2019 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service