2023 Fraud Predictions - ITRC
I've been collecting various fraud-related predictions for 2023. And of course, shooting my mouth off about each.
This article covers The Identity Theft Resource Center’s 2023 Predictions, available at https://lnkd.in/g6u5d6UM.
??. ???????????????? ?????????????????? ???????? ???????????????????????? ???????? ???? ?????????????????????????? ?????????? ???????????????????? ???????????????????????? ?????????????????????? (??????) ???????????????? ?????????????? ??????????????????????, ???????????????? ?????? ???????????? ?????????????????????? ???? ???????? ?????? ????????????????, ???????? ???????? ??????-?????????????????? ???????????????? ???????? ???? ???????????? ??????????, ?????? ?????????????????????? ???????????????????? ??????????????????????????????.
I was a writer before I was a fraud professional, and this sentence doesn't even qualify as a sentence. If you find yourself putting so many commas in one sentence, you probably need another sentence. But this isn't a grammar lesson, so on to the fraud topic.
I...guess? I feel like this prediction is like saying "Fire will increasingly create a physical change in combustible materials using a combination of heat, oxygen, and fuel."
??. ?????????????? ?????????? ???????? ???????????????? ???? ?????????? ???????? ???????????????????????? ??????????.
Aren't these the same thing? Or is this some evolution of romance scams where the romance fails amicably and then your kind ex dupes you into sending them a bunch of Bitcoin? I'm really confused about what this means.
Maybe I shouldn't have started this list, but I'm sticking with it. I'm also not going back and editing my thoughts, so you're getting live commentary.
??. ?????????? ?????????????????? ???????????????? ???????????? ???????????? ???? ???????????????????? ???????? ?????????????? ?????????????? ?????????????????????? ???????? ????????????????.
Back to the fire comment...
Maybe I need to listen to the podcast to understand these predictions. I'm not aware of any specific influence that would cause an increase in exploitation of one of the main groups already being exploited for fraud.
??. ???????????????? ?????????????????? ???????? ???????? ???? ?????????????? ?????? ???????????????????? ?????? ?????????????? ???????????? ?????? ?????????? ??????????????, ?????? ?????????? ???????????????????????? ????????, ?????? ?????????? ?????? ??????’?? ???? ??????’?? ???????? ?????? ??????????.
OK, finally something I think I understand. I'm going to make a leap here though and assume that "identity criminals" means those committing account takeover and not identity theft. Passkeys reduce the risk of account takeover related to breaches and some kinds of social engineering. The adoption rate of passkeys is relatively low right now though, and even as adoption increases most businesses will still offer a password-based alternative. There may be pockets of security-minded individuals who have a reduced risk of ATO, but they probably would have lowered that risk through other means anyway.
领英推荐
For those reasons, I don't see passkeys meaningfully changing the account takeover landscape next year, but I would look for this 2-3 years down the road if passkeys really become common. Even once they become widespread they're still potentially vulnerable to social engineering, and the Zelle issues have shown us that enough people are gullible enough of the time that you don't need a fancy technical solution to commit fraud.
??. ???????????????? ???????????? ?????? ?????????? ???????? ???????????????? ???? ???????????? ?????????????????????? ??????????????????????. ?????????????? ?????? ?????????????? ?????????????? ???????? ?????????????????? ???? ?????? ?????? ?????? ???????? ???????????????????? ?????????????????? ???????? ?????? ?????????????? ??????????.
OK. Sure. Although I feel like this is more becoming a list of things that already happen than predictions of what might change in the future. I know, I know..."nothing will change" is a totally valid prediction. Just not a risky or fun one.
??. ?????? ?????????????????? ???????????????????? ???? ?????????????? ???????? ?????????? ???????????????? ???????? ???????????? ???????????? ???? ???????????????? ???? ?????? ???????????????? ?????????????????? ???????????????????? ???????????? (????????) ???? ?????????? ???????? ???? ?????? ???????????? ???? ?????????? ????????.
Wait...this already happened. Like, what has the last year been about if it wasn't this?
??. ?????????????? ?????????????????? ???????????????? ???????? ???????? ???????????????? ?????? ???????????? ???????????????? ?????? ?????????????????????? ???????? ???????? ???? ?????????? ???????? ?????????????????? ???????????????? ?????????????? ?????? ?????????????? ???????????????? ??????????, ???????????????? ???????? ???????? ???? ???????? ?? ?????????????????????????? ?????????????? ?????? ???????? ???????????????? ?????? ???? ????????.
Fire will burn AND water is wet. I do agree with the sentiment of this though, which is that until there is meaningful regulation and corresponding penalty for breaches we'll continue to see them be as common as ever.
??. ?????? ???????????? ???? ???????? ???????????? ?????????????? ???????? ???????????? ???????? ?????????????????????? ?????????? ?? ???????????????????? ???????? ???????????????? ???? ????????, ?????????????? ???????? ???????????? ?????? ???????????????????? ???? ????????.
More wording that kind of hurts my head. It says "data breach notices" rather than "data breaches", but that doesn't make sense to me. The breach notice doesn't contain anything meaningful anyway.
I'll make my own prediction to counter this one:
"As breach-related regulation looms, business reignite earlier efforts to collect, use, and store less personal information. By reducing the amount of information available, the value of breached information decreases and attack methods shift to exploration of vulnerable APIs and systems directly within the transaction flow. Although this reduces the risk to breach victims, it directly increases the risk for businesses with large amounts of technical debt that had previously escaped the attention of attackers because breaches were so lucrative."