Online Identity and Trust

Han Dong, Senior Product Marketing Manager, User Authentication

One great thing about blogging for a company like VeriSign, which happens to have so many cool tools in its bag, is that it's so easy to find several blogs on the net that mention you. And in this case I'm referring to a Wall Street Journal blog: "Under Surveillance: Big Brother Stocks", by James Altucher. In this blog, Altucher talks about all of the various measures (and money spent - to the tune of $200 billion in the U.S.) taken to automate the monitoring and protection of your banking transactions, checking in at the airport, and even your simple ATM cash withdrawal.

Here Altucher mentions VeriSign and our VIP Fraud Detection Service for risk-based authentication and detection of unscrupulous user activity. Fraud detection is the key to enabling risk-based authentication, where an enterprise can deploy authentication based on the commensurate risk of a given transaction. The VIP Fraud Detection Service provides an "invisible means" of delivering proactive protection to consumers. Using advanced anomaly detection technology, the service detects fraudulent logins and transactions in real-time without affecting legitimate user's web experience. The solution also takes a self-learning approach to fraud detection, adapting to customer usage habits unique to that individual. Using policies and pattern recognition technology, the service can flag potentially fraudulent activities based on known types of fraud and behaviors not associated with the user. Because the service is self-learning, it can adapt to changing criminal behavior without manual intervention. This non-intrusive approach does not require any change to a Web site and remains invisible to the consumer until a fraud is detected.

And this whole scenario is completely customizable by VIP Fraud Detection Service customers. By using the provided rules or rules you set up, and by comparing current user transaction behavior to historical and live data, the system rates fraudulent transactions and alerts you to possible risks. Once alerted, you can investigate these fraudulent transactions as cases within the Fraud Detection Service Investigation Console. As the system logs a number of transactions for each user, it can learn user behaviors to better assess subsequent transactions for fraud, and it can use feedback from rules to build lists of fraudulent and legitimate transaction information.

Going back to Altucher's article, to clarify, there is one specific optional module known as the ATM Module. This is the additional component to the VIP Fraud Detection Service that evaluates and analyzes thousands of transactions per second to detect compromised cards and ATM locations used for fraudulent activity. When the risk score generated at the time of the transaction exceeds your threshold, an instant alert notifies your fraud team. Then fraud investigation and management tools provide sophisticated analysis to efficiently resolve scams. And banks can even choose to block an activity in real time.


Rest assured, VeriSign is watching your assets...

Posted by Han Dong at 4:09 PM | Permalink | Comments (0)

Han Dong, Senior Product Marketing Manager, User Authentication

It's a good thing that people much smarter than me are thinking about the future of the internet, cloud computing, and ensuring I'm properly indoctrinated on the right social networking sites du jour. More importantly, these same smart people are constantly thinking about really critical things, like 'standards', 'interoperability', and 'security'. Guys like Tim Berners-Lee, the inventor of the Web and HTML, Paul Mockapetris, the inventor of DNS, and Vinton Cerf, the father of the internet and co-designer of TCP/IP, are constantly analyzing what's happening today and thinking about what's coming in the future. These people are part of the founding fathers of the web, the internet, and how all the intricate pieces work together seamlessly - just so you can download your tunes, update your tweet/blog, and get the latest NFL scores.

Whew, I'm glad these guys are on top of things.

Of course, anytime a paradigm shift occurs in the world of computing, there's bound to be an outgrowth of new issues and problems. And some of these new issues related to cloud computing, are exactly what Vinton Cerf has been thinking about. Mamoon Yunus' article "Vint Cerf and Multi-Cloud Mayhem of cloud Computing" and Paul Krill's InfoWorld article "Cerf urges standards for cloud computing", both cover a number of issues Cerf sees that are created by the "cloud" and how the situation is very similar to the way things were in the wild west days of early computer networks.

One issue in particular is in the area of cloud security and authentication. "Strong authentication will be a critical element in the securing of clouds," said Cerf. Multi-tenant cloud environments and ensuring that the properly authorized user is permitted to access the right services, creates a critical need for strong authentication in the cloud. Now I bring this issue to your attention because this is precisely an area that VeriSign has given a great deal of thought and attention to in delivering our goal of providing trust on the internet and in the cloud.

From Extended Validation SSL, to VeriSign Identity Protection for Two-factor authentication and Fraud Detection Services, to PKI Digital Certificates for authentication, every weapon in VeriSign's arsenal is designed to deliver a secure, trusted experience in the cloud and on the net. And just as I discussed in my last post, VeriSign knows just how to deliver a multi-layered security strategy for anyone who's moving to the cloud.

Whew, I'm glad Vinton Cerf (and VeriSign) has got your back.

Posted by Han Dong at 3:13 PM | Permalink | Comments (0)