Main

January 29, 2010

VeriSign has "got your back" on fraudulent ATM activity

Han Dong, Senior Product Marketing Manager, User Authentication

One great thing about blogging for a company like VeriSign, which happens to have so many cool tools in its bag, is that it's so easy to find several blogs on the net that mention you. And in this case I'm referring to a Wall Street Journal blog: "Under Surveillance: Big Brother Stocks", by James Altucher. atm.jpg In this blog, Altucher talks about all of the various measures (and money spent - to the tune of $200 billion in the U.S.) taken to automate the monitoring and protection of your banking transactions, checking in at the airport, and even your simple ATM cash withdrawal.

Here Altucher mentions VeriSign and our VIP Fraud Detection Service for risk-based authentication and detection of unscrupulous user activity. Fraud detection is the key to enabling risk-based authentication, where an enterprise can deploy authentication based on the commensurate risk of a given transaction. The VIP Fraud Detection Service provides an "invisible means" of delivering proactive protection to consumers. Using advanced anomaly detection technology, the service detects fraudulent logins and transactions in real-time without affecting legitimate user's web experience. The solution also takes a self-learning approach to fraud detection, adapting to customer usage habits unique to that individual. Using policies and pattern recognition technology, the service can flag potentially fraudulent activities based on known types of fraud and behaviors not associated with the user. Because the service is self-learning, it can adapt to changing criminal behavior without manual intervention. This non-intrusive approach does not require any change to a Web site and remains invisible to the consumer until a fraud is detected.

And this whole scenario is completely customizable by VIP Fraud Detection Service customers. By using the provided rules or rules you set up, and by comparing current user transaction behavior to historical and live data, the system rates fraudulent transactions and alerts you to possible risks. Once alerted, you can investigate these fraudulent transactions as cases within the Fraud Detection Service Investigation Console. As the system logs a number of transactions for each user, it can learn user behaviors to better assess subsequent transactions for fraud, and it can use feedback from rules to build lists of fraudulent and legitimate transaction information.

Going back to Altucher's article, to clarify, there is one specific optional module known as the ATM Module. This is the additional component to the VIP Fraud Detection Service that evaluates and analyzes thousands of transactions per second to detect compromised cards and ATM locations used for fraudulent activity. When the risk score generated at the time of the transaction exceeds your threshold, an instant alert notifies your fraud team. Then fraud investigation and management tools provide sophisticated analysis to efficiently resolve scams. And banks can even choose to block an activity in real time.


Rest assured, VeriSign is watching your assets...


Posted by Han Dong at 4:09 PM | | Comments (0)

December 15, 2009

Layered Security Strategy, the Key to Trust

Han Dong, Senior Product Marketing Manager, User Authentication

Some thoughts on a couple of recent articles, one from Gartner Research: Where Strong Authentication Fails and What You Can Do About It, by Avivah Litan and a similar article by Jaikumar Vijayan in Computerworld, which also references Ms. Litan's article.

The basic idea presented in these two articles is that "one-time passwords...are no longer enough to protect online banking transactions against fraud." These one-time password (OTP) token-based two-factor authentication methods may be compromised by man-in-the-browser malware that overwrites the user transactions to steal their assets. So the general recommendation from Avivah Litan is "A layered fraud prevention approach that includes server-based fraud detection and out-of-band transaction verification that precludes call forwarding to illegitimate user phone numbers can and has mitigated these threats."

We agree that OTP is not the end-all, be-all of security for the internet. In fact, VeriSign was recently recognized as a "best in class authentication technology solution" by Javelin Strategy & Research, primarily because VeriSign espouses a layered security approach to our customers for protecting online transactions. This approach includes Extended Validation SSL to authenticate the website to a user, with an easily identifiable green address bar. Plus the VeriSign Identity Protection Fraud Detection Service, which delivers risk-based authentication to monitor particular user behavior and trigger authentication when abnormal patterns or behavior are noted. And additionally, the VeriSign Identity Protection Service, one-time password (OTP) authentication to mitigate account takeover and require an additional factor the user must present, in addition to username and password for accessing critical accounts. OTP in and of itself is not a panacea, but it is part of a multi-layered security approach that anyone conducting business online should consider to protect its customers and business.

Fraud may be on the rise, so whom do you turn to for trust in the online world?
Easy, look for the check.

Posted by Han Dong at 12:53 PM | | Comments (0)

August 6, 2008

Just assume your identity has already been stolen

by Perry Tancredi, Senior Product Manager, VeriSign Fraud Detection Service


I'm Perry Tancredi, and I manage the VeriSign VIP Fraud Detection Service product. A lot of times when I explain what I do to my friends and family, especially when I talk about some of the latest attacks we see, the conversation turns to whether or not it's too risky to do anything online at all. People want to know if I think banking and shopping online is safe, what virus program I use at home and what they should be doing to protect themselves.


I had already been writing this post when the news about the largest case of identity theft in America (BBC, Washington Post), it seems more relevant now. There's been a lot of coverage last night and this morning, but I happened to be available when the story BBC story was being written,and got the chance to talk to and be quoted by the BBC. I'm a long time NPR and BBC listener, so I do have to say that it was quite a kick to hear Maggie Shiels say my name on the radio last night.


I told the BBC what I typically tell anyone else who asks, that while for the most part, the Internet is secure, but the most important thing anyone can do is just assume that their accounts are going to be compromised. Credit card and personal data are stolen every day using all kinds of methods, and it's not all Internet related. Most people are most concerned about the security at the point of sale, but don't think about what happens with the information later. When you assume that your accounts will be compromised one way or another, you have to start doing what you should have been doing anyway: reading your credit card statements and monitoring your credit reports. It's not fun, but it's easy to spot suspicious transactions when you look at statements every month. If you see something suspicious, call your bank or credit card company. Likewise, if you see something strange on your credit report, follow up on it.


The VeriSIgn Fraud Detection Service (FDS) works on the same pricipal. Protect the front door, but stay on the alert after you've let someone in. Out of the box, the FDS allows our customers to look for suspicious logins, but it was built to be modular and allow the analysis of any kind of transaction, and really reaches its full potential when it looks at post-logon transactions. We already have customers who have written their own modules using it to protect wire transfers online. Soon we'll release our first module to look at a specific kind of post-logon fraud, and that will be just the first module of many.


With more and more organizations looking beyond login, consumers will be safer, and the combination of users and organizations being more vigilant will move the bar that much higher for the fraudsters.

Posted by VeriSign Identity Protection Blogger at 4:18 PM | | Comments (0)

VeriSign Identity Protection

Search

Categories

Authentication | Cloud-based Security | Device Security | Fraud Detection | Fraud Detection Service | Identity | Mobile devices and credentials | OpenID | VIP Blog | WiMAX | fraud protection | iPhone | layered security | two-factor authentication | second-factor authentication | verisign |

Archives

April 2011
February 2011
January 2011
December 2010
November 2010
October 2010
July 2010
May 2010
April 2010
March 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008

Recent Posts

Facebook to offer more security for the social world
Kickoff to RSA Conference 2011: VIP News
Intel selects Symantec to create a new class of strong authentication credential
Millions of reasons for strong authentication
Hacked passwords creates nightmarish online experiences for some
Forrester report reveals that cloud computing, collaboration tools and mobile devices are creating challenging new authentication issues for the enterprise
Password should not be your "password"
Making mobile banking safer
And the SC Magazine Award finalists are...
VIP Mobile Software Developer Kit (SDK) Available for Windows Phone 7

Comments

We encourage comments and look forward to hearing from you. Please note that VeriSign may, in our sole discretion, remove comments if they are off topic or inappropriate.
Powered by
Movable Type 4.21-en
Disclaimer: Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of VeriSign.

VeriSign Legal Notices

Read our Privacy Policy