Towards the end of last year, news broke about yet another data breach at Uber, world famous ride-hailing app whose former Chief Security Officer was on trial for allegedly trying to cover up a 2016 cyber attack in which the personal information of around 57 million customers and drivers was stolen.
This time around, Uber employees were greeted with Slack messages from the hacker announcing that the company had suffered a data breach after they had reportedly managed to gain access to internal company systems. And how has the hacker gained access in the first place?
Social engineering — a term we, unfortunately, read about way too often in recent years.
The hacker sent an SMS to an Uber employee claiming to be a company tech worker and convinced the employee to give them a password and with that, access to the internal network.
Now, while employee education on best cybersecurity practices is always a great idea, it’s important to note that “human error” isn’t something we’ll ever be able to completely eliminate. We’re just humans, mistakes and lapses in judgment are bound to happen.
But this is precisely where technology comes in: passwordless is one of the best ways to minimize the risks that social engineering methods such as phishing pose.
Authentication solutions such as passwords, SMS OTPs or other one-time codes may actually end up increasing the attack surface. Hackers can either serve phishing pages to their targets or spam them with authentication requests until they finally gain access to sensitive data.
On the other hand, solutions such as biometrics and mobile IP address-based authentication are resistant to phishing and similar tactics, thereby minimizing the risks of data breaches.
Of course, going for a multi-factor authentication system made up of complementary passwordless solutions would be ideal. In such a system, you not only get to minimize the social engineering hacking risks, but the different authentication solutions cover for each other’s weaknesses.
We’ve designed IPification both as passwordless and capable of being implemented as part of a larger multi-factor authentication system. IPification authentication, user/transaction verification, and fraud prevention solutions are based on the trifecta of bank-grade security, frictionless user experience, and maximum data privacy.
How it works is IPification relies on mobile network operator infrastructure to verify users via their unique Mobile ID key. This Mobile ID key is made up of user data that the mobile network operator already possesses such as phone number and device data and the mobile IP address.
The only thing the user has to do to send an authentication request is click once, after which they’re verified within milliseconds.
But we’d love to hear more about your needs, discuss both solutions with you and make revenue and security projections. Schedule a call today!
