George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.

Slides:

Advertisements

Similar presentations

Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.

Advertisements

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.

A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” s to counterfeit sites Users “give up” personal financial.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Mr C Johnston ICT Teacher

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Security Issues and Challenges in Cloud Computing

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.

SiteLock Internet Security: Big Threats for Small Business.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Securing Information Systems

A First Course in Information Security

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Computer Security Fundamentals Chuck Easttom Chapter 1 Introduction to to Computer Security.

Cloud Security Julian Lovelock VP, Product Marketing, HID Global.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

PCI: As complicated as it sounds? Gerry Lawrence CTO

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Dell Connected Security Solutions Simplify & unify.

Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

Security Trifecta – Overview of Vulnerabilities in the Racing Industry Gus Fritschie December 11, 2013.

Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.

10/14/2015 Introducing Worry-Free SecureSite. Copyright Trend Micro Inc. Agenda Problem –SQL injection –XSS Solution Market opportunity Target.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

Presidio Bank Business Online Banking Security Overview.

Topic 5: Basic Security.

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Identity Assurance Emory University Security Conference March 26, 2008.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.

Policies and Security for Internet Access

Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

ASP.NET 2.0 Security Alex Mackman CM Group Ltd

Blue Coat Confidential Web and Mobile Application Controls Timothy Chiu Director of Product Marketing, Security July 2012.

1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.

CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)

Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.

Hotspot Shield Protect Your Online Identity

Do you know who your employees are sharing their credentials with

Business Risks of Insecure Networks

Protect Your Computer Against Harmful Attacks!

Jon Peppler, Menlo Security Channels

Chapter 27: System Security

Chapter 9 E-Commerce Security and Fraud Protection

HOW DO I KEEP MY COMPUTER SAFE?

Securing Windows 7 Lesson 10.

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

In the attack index…what number is your Company?

Presentation transcript:

George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved. Online Authentication and Security …and now, You Have To Do Something!

Section Break First: The Good News

© 2005 The Tower Group, Inc. CAGR = 8.7% Projected Online Banking Growth (Among All US Households) Online Banking Continues to Grow Source: TowerGroup

© 2005 The Tower Group, Inc. e-Commerce Continues to Grow US Dollars (millions) Source: US Department of Commerce

Section Break And Now: The Bad News

© 2005 The Tower Group, Inc – The Year of Phishing

© 2005 The Tower Group, Inc. Malware Growth Over Time (Number of Unique Samples) Malware Attacks Are On The Rise Source: McAfee

© 2005 The Tower Group, Inc. Threats Continue to Emerge Cross-Site Scripting (XSS) Trojan Horses Keyboard Loggers Remote Administration Tools (RATs) Man-in-the-middle (MIM) Drive-by Download Pop-up Download Hacking File Sharing Networks Browser Hijackers DNS Cache Poisoning Attachments Root Kits Phishing

© 2005 The Tower Group, Inc. Consumers Cannot Defend Themselves  Proliferating threats  Low anti-virus, anti- spyware usage  Criminals are always one step ahead  Bank is viewed as protector The Bottom Line Usernames and passwords will be stolen!

© 2005 The Tower Group, Inc. My Favorite Solution (so far…)

© 2005 The Tower Group, Inc. Keys to a Good Internet Solution  Convenience  Minimum user action = Minimum mistakes  No opt-in = No adoption issues, full coverage  No change in customer behavior = No confusion  No downloads or cookies = No compatibility issues  Low False-Positives/False-Negatives  Link analysis of compromised accounts to the same fraudster  Low cost  Capital  Resources

© 2005 The Tower Group, Inc. Risk-Based Authentication  PC Identification  PC stored certificate  Browser plug-in  Software token generator  PC fingerprinting  IP Data Analytics  Geolocation  Range restriction  Anonymous proxy  Travel algorithms PC Data Internet-Network Connectivity (IP) Bank.com Website

© 2005 The Tower Group, Inc. Internet Anonymity?

© 2005 The Tower Group, Inc. Risk-Based Authentication Exhibit #: -E1 Source: TowerGroup WEB SERVER AUTHENTICATION ENGINE CUSTOMER CREDENTIALS DATABASE AUTHORIZATION RULES CUSTOMER PROFILE DATABASE IP GEOLOCATION DATABASE LOGIN REQUEST Authorization Decision  Access Granted  Access Denied  Additional Credentials Required ADMINISTRATIVE, CASE MANAGEMENT & REPORTING TOOLS

© 2005 The Tower Group, Inc. The Bigger Picture

© 2005 The Tower Group, Inc. A Comprehensive Strategy to Prevent Fraud Source: TowerGroup Exhibit #: 41:08CPI-E8  Internet Policies  Education  Strong & Secure Authentication  Behavioral/ Transactional Systems  Detection  Intervention  Prevention  Forensics  Policy Based Framework  Vulnerability Management/ Compliance Monitoring  Vigorous Access Management Consumer ProtectionBrand ProtectionData Protection Corporate Policy

© 2005 The Tower Group, Inc. Ingredients for Effective and Efficient Enterprise Fraud Management Exhibit #: 43:16B-E5 Source: TowerGroup People  Fraud culture  Fraud mgmt. incentives  Whistleblower  New employee screening Business Process  Rapid escalation of suspicious activity  Managing fraud across customer lifecycle  Link analysis across fraud types and lines of business Technology & Facilities  Unified view of fraud data  From systems to platforms  Reduced information exposure Customers  Education on fraud prevention  Security awareness campaigns  Heedful disclosure of personal information

© 2005 The Tower Group, Inc. Characteristics of Siloed vs. Enterprise Approach to Fraud Management Exhibit #: 43:16B-E4 Source: TowerGroup Note:R/A/A = Reporting/Alerts/Audit; CM = Case Management; M/D = Monitoring/Detection. Siloed Approach to Fraud ManagementEnterprise Fraud Management R/A/A CM M/D Point 1 Point 2 Point 3... R/A/A CM M/D Point Solution Module Fraud System  Reactive response to fraud permutations  No cross-channel, cross-line of business fraud picture  FSIs “run in place” in fraud fighting  Enables a proactive response to fraud as it morphs  Enterprise view of fraud risk and fraud as it occurs  Links to enterprise efforts for risk management and compliance

George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved. TowerGroup is a wholly owned subsidiary of MasterCard International and operates as a separate business entity with complete editorial independence. Online Authentication and Security …and now, You Have To Do Something!