Large sports teams and large sporting events are attractive to cyber criminals on several levels. Not only are they highly visible and present large targets of opportunity for criminals who may be looking to earn a name for themselves, teams also amass large repositories of valuable performance and health stats and analytics on players and games.
Thieves and hackers are attracted to the huge publicity a large hack could potentially get, and also to the large repository of valuable data large teams collect and maintain. This data can be sold to legitimate industries including the media and fantasy sports gamers, but also bookies and organised crime involved in illegal betting and gambling. Opponents and rival events could also be interested in getting a leg-up on their rival with insider information.
Also, these organisations conduct a high volume of e-commerce transactions. Teams and events are increasingly transacting online for bookings and sales, and of course, are fully embracing mobile payment options making them at risk for malware and phishing attacks, akin to the risk profile that large e-comm and m-comm vendors have.
First of all, the team or organisation could be targeted for a breach that exposes personally identifiable information of their customers, fans, and even their players and staff. Several large attacks in recent years have borne this out, for example the 2015 “Team Sky” attack that went after performance data in order to discredit Tour De France leader Froome. Sometimes these attacks can also be politically motivated, as in the FC Barcelona attack that sought to embarrass the team on their twitter account.
If the breach has been successful in gathering identity data, this info can often lie dormant while the hacker attempts to amass more data points in order to add value. The data is compiled into sets called “fullz”. Once complete, these identity packages sell for more, and can be used by fraudsters to take over accounts in all kinds of places, or on the team and event sites to purchase tickets or collectables for resale.
Sports teams, just like high profile retailers, can protect against these identity thieves by ensuring they fully understand who is turning up at the account login page. The advantage they have is that fans typically return again and again and a behavioural biometric tool could be a very useful in building a solid profile of the good user in order to provide real-time verification.
By not waiting until transaction, but building a more complete identity profile of the user over time, behavioural biometrics (BB) tools empower online vendors to investigate at any point when high-risk activity is detected but present no friction to users until the vendor chooses to introduce it. This can greatly enhance the customer’s experience at login or checkout. With the knowledge that false declines can account for 32% of lost customers, basically handing the customer to a competitor, removing friction for customers you are a certain are good customers will improve their experience with that brand.
