Skip to content
Article

Rapid Implementation of Two-Factor Authentication to Reduce Fraud

Companies are collecting, using, and storing data like never before to provide consumers with custom, personalized experiences. Needless to say, the criminal appeal (and value!) of all this personal data provided to the myriad of services we all use everyday has made phishing scams, account hacks, and identity theft all too common. The pervasiveness of these activities highlights the importance of data security and the need for stronger security measures. Xebia helps clients secure data and infrastructure using proven tools, methodologies, and broad DevSecOps services.

2022-03-16-cyber-security-statistic

According to Forbes, a recent cyber security statistics report shows that “2021 saw 50% more cyber attacks per week on corporate networks compared to 2020.” Additionally, although cybercrime is growing overall, Forbes reports that attacks on small to medium sized businesses “are becoming more frequent, targeted, and complex.”

The COVID-19 global pandemic disrupted “business as usual” for most companies, necessitating shifts to remote working environments and heavy adoption of cloud infrastructure. But as Accenture’s latest Cyber Threat Intelligence Report points out, this shift created “new attack surfaces . . . increasing the value of cloud infrastructure attacks for malicious actors.”

Although antiquated infrastructure and other elements present plenty of data security vulnerabilities, the majority of system/account breaches by criminals are the result of compromised credentials. A 2021 data breach report reveals that a shocking 85% of these incidents involved a human element (e.g., phishing, stolen credentials, and human error).

This information highlights the importance of going beyond simple passwords to secure user accounts, data, and network resources. Fortunately, this can be achieved relatively quickly with two-factor authentication (2FA).

Adding security with Two-Factor Authentication

2022-03-16-2faTraditionally, to log in to an online account, you would enter your username, password, and voilà! You were granted access. 2FA adds an extra layer of security to this traditional process. For example, after submitting a username and password, the user is required to enter a multi digit code sent to the user’s mobile device or generated by an authenticator app before gaining account access.

There are currently several different types of 2FA, including hardware and software tokens, biometrics, and push notifications. And while some types provide better security than others, they all offer greater security over traditional passwords.

Is 2FA Really Necessary?

Although overly complicated and impossible-to-remember passwords used to be good enough to protect accounts, that’s just not the case anymore. Cybercriminals continually demonstrate just how easy it is to acquire passwords. And users continue making it easy for them.

A recent network security study found that cybercriminals can breach 93% of company networks to gain access to local network resources. And a recent online security poll revealed that a shocking 78% of GenZ uses the same password across multiple accounts! So it shouldn’t come as a surprise that 81% of security breaches are the result of weak or stolen passwords.

Old systems and security protocols aren’t good enough for modern threats. The extra layer of protection provided by 2FA is more important now than ever. The simple addition of 2FA provides better piece of mind for customers, and gives company systems more confidence that an account is truly being accessed by the account owner.

2FA Use Case

2022-03-16-phone-credit-card

A popular online reseller marketplace noticed an increase in hacked user accounts. In many cases, criminals were hacking into legitimate accounts of users who had cultivated positive reviews, then using those accounts/identities to scam unsuspecting shoppers by selling fictitious/non-existent products.

These severe security issues were disrupting business, harming customers, and creating a PR disaster. This company had an urgent need to fix the obvious security vulnerability plaguing its platform and destroying its brand. So it partnered with Xebia's functional programming division (formerly 47 Degrees) to rapidly implement 2FA, adding a much-needed extra layer of security to its user accounts.

This critical project was obviously a high-visibility project from the C-level down. Our team jumped into action, collaborating with other teams, and building a new service that integrated with existing business and applications. Once the solution was built and tested, it was scaled out to the company’s approximately 14 million monthly active users. Of the company’s daily active users, 15% have enabled 2FA, and this number is growing 3% Month-over-Month.

Conclusion

Cybercriminals grow more sophisticated each year and, therefore, combating these security threats becomes more important all the time. Two-factor authentication adds an additional layer of protection between criminals and user accounts.

The implementation of 2FA is a simple step that can not only help avoid disruption to normal business and damage to IT infrastructure, but also reduce a company’s likelihood of facing public relations nightmares, damage to brand, and loss of customer trust stemming from fraudulent account activity.

If you’d like to learn more about implementing 2FA, DevSecOps, or other security solutions, contact us to better understand the options available to you and how Xebia can help provide you, your customers, and your brand with essential cybersecurity solutions.

Explore more articles