How to render stolen online data useless to hackers

Passive or behavioural biometrics may be a way for your client or company to render useless the information lost in a data breach.

This technology monitors the user’s inherent behaviour, “making it impossible for hackers to replicate or steal,” says Lisa Baergen, marketing director of NuData Security, a Mastercard Company based in Vancouver.

Leveraging a fully integrated, multi-layered security approach that includes passive biometrics is an effective way to make stolen information valueless to the hacker and help stop fraud, she said.

How does passive biometrics help stop fraud?

Passive biometrics accurately identifies whether a new user is behaving suspiciously or is a legitimate user, without relying on personally identifiable information (PII). Users are unique in how they interact with their devices and online across web sessions, Baergen explained. Through passive behavioural biometrics and machine learning, that uniqueness is built into a “digital identity profile” that verifies the user beyond reliance on PII.

Baergen said that the technology evaluates subtle patterns, such as how the user types, holds the device or presses the screen, among hundreds of other data points. “This enables the organization to immediately detect whether a human or a non-human is trying to log in or interact during an authenticated session, and whether a human is the legitimate account owner or a would-be fraudster presenting stolen credentials.”

Baergen spoke to Canadian Underwriter Wednesday after Baltimore-based Under Armour Inc. said on March 29 that an unauthorized party acquired data associated with user accounts in late February. The accounts were associated with MyFitnessPal, the company’s food and nutrition application and website.

“For now, anyone who thinks they may have reused their MyFitnessPal password on other sites needs to change each account password and track all account activity carefully,” Baergen said.