This is a fantastic read about the pitfalls of low cost identity management and the use of static personal data. It also provides a unique view into the relatively small world of core banking systems. Kudos to Mr. Krebs.
I applaud Apple for continuing to refine the process for verifying identity with their devices and managed accounts. Identity and Access Management is an ever evolving discipline and should be taken seriously by everyone. Social engineering techniques continue to grow and evolve as well making this a constantly changing and difficult battle, but one certainly worth fighting.
IAM (Identity and Access Management) often gets overlooked when laying out a security strategy for an organization. It is often assumed that LDAP controls and password policies will meet the needs of access management. But as organizations grow, so do their user bases, both in complexity and diversity. Often identities begin to fall into multiple silos including employee, customer and vendor. Managing and monitoring identities across all of these silos is quickly becoming a fundamental need as organizations work to stem the tide of criminal threats against PII.