Gone are the days when news of a data breach was shocking. Todaythey have become all too common an occurrence – but theirimpact is as serious as ever. In the recent Target breach alone –nearly one half of all American adults – 110 million – had theirdata stolen, opening the door to malicious use by fraudsters.

It's just the latest battle in an ongoing war against asophisticated and interconnected army of digital ghosts. And thebattle is far from over. In a matter of days, the ghost army wasable to erode consumer trust and peace of mind. It was an audaciousattack and the greatest impact to be felt in the upcomingmonths.

One of the most concerning issues around breaches is that manyconsumers' digital identities are based on a single email addressor username/password. With stolen identity data in hand, criminalscan submit fraudulent mortgages, credit card applications, evencreate fake credit cards, in the names of thousands of unsuspectingvictims. Regardless of how the data is used, one thing is certain:breaches pose serious dangers to consumers, retailers and financialinstitutions.

Organizations within the financial services industry findthemselves in the crosshairs of the digital army of fraudsters.Banks, credit unions and credit card companies are among therichest targets for determined digital criminals. Unfortunately,despite the risk, many of these organizations are still scramblingto deploy proper defenses. So how do you protect against anunregulated, networked enemy intent on inciting chaos and fillingtheir bank accounts?

When a breach has been reported, banks and credit unions must beespecially vigilant. How can they be certain who is logging into acustomer's account? With the personal data compromised in therecent data breaches breach, criminals can launch sophisticatedphishing attacks that lure people into giving up bank and creditcard information in the name of security.

What controls are in place to ensure that a fraudster inMalaysia isn't using a legitimate identity and an anonymous proxyto submit credit card applications that are a perfect match tocredit bureau data? Or to alert when a long-standing offlinebanking relationship suddenly enrolls online? Once access isestablished, address and other data can be updated and sold to thehighest bidder in underground forums.

Below are several important recommendations to help banks andcredit unions ensure customer accounts are not put at risk by theflood of compromised data from recent data breaches:

• Protect the front door. Assume customeraccounts have already been compromised and implement amulti-layered, device-based security protocol at login. This willensure access for legitimate customers while providing insightsinto any unauthorized login attempts. You may not be able tocontrol how consumers manage their digital identities, but youcan help protect them from potential financial damage.
• Stress account alerts. A growing number offraudulent transactions are identified by consumers who are usingemail or text alerts. Encouraging customers to use this optionengages them in the account monitoring process and can reduce thetime to detect any fraud.
• Adopt an omni-channel fraud strategy. Earlyadopters of mobile technology used native applications andmobile-optimized websites to offer banking on the go. Too oftenthey did so without the same protections as provided for onlinebanking. It is important to have a consistent security policyacross channels to ensure new offerings don't introduce newrisks.
• Don't rely solely on traditional data sources foraccount openings. While traditional identity verificationsources such as credit bureaus and shared databases are important,they do not provide a silver bullet. Sophisticated attackers areusing legitimate data elements to create synthetic identities – andeven 100% legitimate identities – to acquire credit lines and bankaccounts that can be sold underground.
• Act on intelligence. Once an account has beendirectly targeted or compromised, lock down associated accounts,contact customers and proactively reissue cards. Many institutionsdo not have device-level visibility to online logins, but this iswhere fraud staging activities are most likely to beperpetrated.
• Lighten the regulatory load. Partner withinformation security organizations to ensure compliance with dataprotection and security standards so fraud prevention teams canfocus on identifying and prevent attack rather than appeasingregulators. By developing strong partnerships with relevantoversight authorities helps ensure that you are involved inplanning upcoming compliance requirements.

The days and weeks following a breach are a time of heightenedrisk. Even after a breach has occurred, the risk can be managed.Arming your organization with a layered security strategy thatincludes device intelligence will prepare them for the onslaught offraudulent account creation activity, attempted account takeoversor unauthorized transactions that follow in the wake of anyhigh-profile breach.

Mike Gross is seniormanager, risk strategy and professional services, for 41st Parameter in Scottsdale,Ariz.