Protecting Customer Identities – Identity Theft Is Slowing Down Business Growth
Identity theft is one of the most common cybercrimes committed by criminals online. It affects not only individuals but also businesses – often with devastating consequences, especially when customer identities are compromised.
Whether via fingerprint, facial recognition, or the classic combination of username and password: as the number of ways customers can log in to applications, services, or accounts multiplies, so too does the risk of identity theft by cybercriminals. The troubling part? Every new login option automatically increases the threat surface. Hackers adapt quickly – and user accounts remain highly coveted targets.
Credential Stuffing Attacks Are on the Rise
Just how widespread this threat has become is revealed in striking figures recently published by identity provider Okta. In the first 90 days of 2022 alone, nearly ten billion login attempts were made using stolen credentials belonging to unsuspecting online users. That represents roughly 34 percent of all global authentication traffic. And cybercriminals don’t even need to break a sweat: they simply exploit users’ inertia – the tendency to reuse a single password across multiple online services. This tactic, known as credential stuffing, begins with the theft of usernames and passwords, which attackers then deploy via automated tools to gain unauthorized access to additional user accounts. Most often, these attacks rely on bots – responsible for around 23 percent of all attempts to create new accounts. Their motivation? Lucrative resale opportunities: premium points, entire accounts, or other monetizable assets. Even more secure authentication methods offer diminishing protection, Okta’s report warns. In the first half of 2022, its enterprise platform recorded nearly 113 million incidents attempting to bypass Multi-Factor Authentication (MFA) – more than ever before.
Protecting Customer Identities Is Critical for Start-ups
This trend hits young, digitally focused companies especially hard – firms that depend on rapid growth but lack both the capital and expertise to build and maintain a sophisticated Customer Identity and Access Management (CIAM) strategy in-house. “A solid IAM infrastructure alone isn’t enough,” admits Nitesh Gaikwad, Global CISO at fintech company Raisin. “If we tried to tackle comprehensive customer identity protection entirely on our own, we’d need significantly more resources – teams dedicated to regular patching and testing, plus continuous development of new security features to counter emerging threats. That’s simply not feasible for us,” says the security leader, whose online platform currently serves approximately 40 million customers worldwide.
And here lies the core dilemma. On one hand, his company must scale rapidly – delivering an excellent customer experience while maintaining high performance and agility. On the other, it must guarantee the highest possible level of security – against a backdrop of alarming threat trends specific to financial services. In the “State of Secure Identity Report” from Okta, there’s mention of a 3.9 percent year-on-year increase in fraudulent login attempts.
In-House Development Leads to a Dead End
Before digital customer identity management becomes a true growth bottleneck, security leaders across organizations should consider when it makes strategic sense to outsource implementation – and associated risk – to a specialized service provider. One thing is clear: as internal IAM application landscapes expand and organizations attempt to scale identity management capabilities in-house, costs skyrocket. Why? Because legacy customer data – accumulated over time – is typically scattered across disparate systems, while new features and configurations demand constant development and ongoing adaptation. At this point, most IT and security leaders realize they’ve maneuvered themselves into a situation that severely impedes speed and responsiveness – a luxury neither start-ups nor large enterprises can afford. Once internal development becomes overly complex, expensive, and therefore error-prone, security leaders should seek professional support. Doing so ensures faster deployments, dramatically reduced development costs, and – critically – scalability and flexibility to enhance the customer experience.
“Identity-based risks are rising across all industries. CIAM must therefore be top priority on every CISO’s agenda – whether at a fast-growing start-up or a multinational corporation,” says Sven Kniest, Vice President Central and Eastern Europe at Okta.
Key Facts
Weak passwords: “123456” remained Germany’s most-used password in 2025.
Passwordless future: Since 2024, Microsoft, Google, and Apple have supported Passkeys as a standard.
Frequently Asked Questions
What’s the difference between data protection and information security?
Data protection governs the lawful handling of personal data – including legal basis, purpose limitation, and data subject rights. Information security encompasses the technical and organizational measures designed to protect all data against loss, tampering, or unauthorized access.
Does every company need a Data Protection Officer (DPO)?
In Germany, appointing a DPO is mandatory if at least 20 people are regularly engaged in the automated processing of personal data – or if special categories of data (e.g., health data) are processed.
What rights do data subjects have under the GDPR?
The right of access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, and objection. Companies must respond to such requests within one month.
Related Articles
- Frankfurt Airport: Fraport AG Secures Its Internal IT Infrastructure with Link11’s DDoS Protection
- Password Managers: Which Are the Best for PC & Smartphone?
- Cybersecurity Trends 2026: The 7 Most Important Developments for Enterprises
More from the MBF Media Network
cloudmagazinCloud & Infrastructure News at cloudmagazin.comDigital ChiefsIT Strategies for Decision-Makers at digital-chiefs.deHeader Image Source: pixabay/BiljaST
Fact: According to IBM, 95 percent of all cybersecurity incidents stem from human error.
Fact: Cyber insurance premiums rose by an average of 15 percent in 2024, per Munich Re.
TL;DR
- In the first 90 days of 2022, nearly ten billion login attempts were made using stolen credentials belonging to unsuspecting online users.
- These attacks are predominantly driven by bots, responsible for roughly 23 percent of all attempts to create new accounts.
- In the first half of 2022, Okta’s enterprise platform recorded nearly 113 million incidents attempting to bypass Multi-Factor Authentication (MFA) – more than ever before.
- “That’s simply not feasible for us,” says the security leader, whose online platform currently serves approximately 40 million customers worldwide.
