Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
Lessons LearnedLessons Learned
ID-theft scam shows the weak link in systems that depend on password protection
1 Min Read
Cummings allegedly stole passwords of clients of his employer's customers. |
A smart card might have saved the day for more than 30,000 consumers, the victims of the largest identity-theft scam to date. Philip Cummings allegedly exploited his position with a computer help-desk company to steal passwords used by clients of his employer's customers, which included Ford Motor Credit, federal investigators said last week. With as many as 20 co-conspirators, Cummings is responsible for millions of dollars in fraud losses, authorities say.
Cummings allegedly accessed data even after leaving Teledata Communications Inc. "This highlights the vulnerability of password-only security," says Randy Vanderhoof, executive director for the Smart Card Alliance.
The lesson: Encrypt passwords into a smart card or use a smart card, token, or biometric authentication alongside passwords, so a user needs to steal more than a password to break in.
About the Author
You May Also Like
More Insights
