The contractor you just onboarded to work inside your environment could be a fraudster operating under a stolen identity, even though the vendor they claim to represent is a legitimate, registered company. Registration simply proves that a business entity filed paperwork with a state. It says nothing about who…
When a rewards balance disappears, the loss becomes visible at redemption. Miles may be transferred to a partner program, points converted into gift cards, or award travel booked without the account owner’s knowledge. By the time that happens, however, the loyalty program fraud has already succeeded. The real…
Most vishing defenses assume the attacker is after a password. The campaigns causing the most damage in 2026 rarely ask for one. Instead, they persuade a help desk representative to enroll a new phone number or convince a user to approve a connected application. The login that follows appears…
When an agentic AI agent acts on a user’s behalf, most current deployments run it with that user’s privileges and record its activity under the user’s identity. The agentic AI agent itself disappears into the session. That design choice creates the core challenge of governing agentic AI. Two…
The Federal Bureau’s (FBI’s) 2025 Internet Crime Complaint Center (IC3) Report logged $20.9 billion in cybercrime losses across more than one million complaints. For the first time in the report’s 25-year history, the FBI identified AI as a distinct crime category: 22,364 complaints and $893…
The Office of the National Coordinator for Health Information Technology (ONC) reports that in 2025, 65% of individuals accessed their health records online, 57% used app-based access, and 51% used proxy or caregiver access. Those numbers mean patient identity infrastructure now serves a population that…
Identity weaknesses played a material role in almost 90% of the 750-plus incidents Palo Alto Networks’ Unit 42 investigated in 2025, with 65% of initial access driven by identity-based attacks. This was not solely because those organizations lacked multi-factor authentication (MFA) or security training. Rather,…
Every enterprise call center fraud prevention program faces the same design tradeoff: how much of the identity verification burden should rest on agents, and how much should shift to automated controls? Most organizations still lean heavily toward the agent side. They invest in training, create verification scripts, and…
In July 2025, the National Institute of Standards and Technology (NIST) released the final version of Special Publication (SP) 800-63, Revision 4. This update reflects nearly four years of research, two public draft cycles, and close to 6,000 public comments. The revision defines updated Digital Identity Guidelines designed…
Most enterprises collect more authoritative identity data and risk signals than they act on. They also lack clearly defined relationships between specific risk signals and specific identity fraud types. A device fingerprint that is effective against credential stuffing may be irrelevant for synthetic identity fraud. A phone number check…