Criminals have demonstrated their ability to by-pass authentication methods such as those that use a series of questions or one-time passcodes, she told the Gartner IAM Summit 2011 in London.
Cybercriminals are using advanced techniques to steal information and cover up their actions, making authentication an increasing challenge, she said, especially in the face of computing paradigms such as virtualization and cloud computing.
The trend is toward stealthy malware, a greater number of identity-related fraud and the increasing use insiders as a source of sensitive information.
Gartner recommends organizations relying on authenticating users of IT systems build a comprehensive, multi-layer fraud detection and authentication system.
"Organizations need to be able to see activity across all products and channels so that they can identify anomalous or potentially fraudulent behavior," said Litan.
She says a data warehouse for all identity-related information and data mining tools, with which to look at the relationship between entities, can help organizations identify if, for example, a single phone number is used to set up multiple new accounts.
According to Litan, the ability to cross-reference identity-related data is achieving returns on investment for some companies of up to ten fold.
Gartner also recommends identifying devices accessing products and services to check whether those devices are linked to any criminal activities.
Added to this, geo-location information; web access behavior analysis to detect automated sessions; and botnet identification systems can get rid of a lot of bad traffic through device identification, before they are even allowed access.
Organizations should plan to link to external services, such as credit rating companies and public record aggregators, to support authentication processes and augment identity verification.
This could be done by checking, for example, that identification data matches with address information, that financial details match with demographic information, and that account applicants have a well-established social footprint.
Gartner recommends organizations assess their fraud detection and authentication systems and processes to identify potential gaps and draw up a blueprint of the desired future state.
The next step is to work toward implementing access and behavior monitoring systems that reference external sources, eventually working toward a layered approach that includes entity-linking analysis.
"It will become increasingly important for organizations to use external data wherever they can to verify identity," says Litan.
This story was first published by Computer Weekly