The Marriott Starwood Hotels hack is rattling cages left and right. Not only because of the enormity of the users affected by the hack but also because it may have started four years ago. Given that the company operates properties all over the world. The Marriott Starwood Hotels hack is broad enough to have an
Questions have been raised as to why it took so long to identify this attack. There are some saying the merger of Marriott Starwood Hotels in 2016 may have further weakened their security and corporate technology.
Most details of the breach are still unclear and pending investigation, the company said. The company said it was investigating all aspects of the attack, including how it occurred, whether unencrypted payment data was accessed or why a security tripwire wasn’t activated when the thefts began in 2014, among other details.
Pat Cox, CEO of TRUSTID, reached out to Techaeris with this commentary about the Marriott Starwood Hotels hack:
It’s unfortunate that data breaches have become a part of our modern lives. But most of the damage isn’t done in the initial breach. In fact, most account takeovers where fraudsters can wreak financial havoc occur via social engineering call center agents long after the breach. They use hacked customer information, the exact information from the breach of Marriott, to impersonate legitimate customers. Here’s the reality – hackers aren’t going away. If we want to stop fraudsters in their tracks, we need de-weaponize personal information. Stop relying on it for authentication.
Identity interrogation and knowledge-based authentication, where customers verify their identity by demonstrating knowledge of personal information, as basic as address or date of birth – information which could have been gleaned from this specific hack – isn’t stopping identity theft. Authentication should be performed using multiple factors without overreliance on the asking of questions.
Factors such as ownership and possession of a unique device such as a trusted phone or debit card combined with a biometric factor such as a voiceprint or fingerprint. New technologies– including ones that use customers’ smartphones as physical ownership-based authentication tokens – can achieve significantly more accurate authentication and improve the effectiveness of fraud-fighting efforts. Criminals are constantly changing their tactics, and financial institutions need to stay one step ahead.