Challenges of Identity Fraud Chris Voice, VP Technology.

Slides:



Advertisements
Similar presentations
FFIEC Agency Supplement to Authentication in an Internet Banking Environment
Advertisements

Technology Supervision Branch New FFIEC Guidance on Strong Authentication ABA Webcast January 11, 2006.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
IAPP CONFIDENTIAL Insider Leakage Threatens Privacy.
1 Passwords are Dead! Entrust IdentityGuard™ Chris Voice VP Identity Management.
SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
Hosted by: June 23-26, 2003 New York City The Cost Justification for Choosing Biometrics Roy Lopez System Engineering Director.
Building Trust in Digital Online World Dr. Shekhar Kirani Vice President VeriSign India 5th June 2009 IBA Conference.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
Why Comply with PCI Security Standards?
Online and Mobile Banking. Online banking Online Banking  Online banking is a fairly established practice in our internet-saturated world.  Many people.
1 ZIXCORP The Criticality of Security Dena Bauckman Director Product Management April 2015.
Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.
INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.
The Impact of Physical Security on Network Security
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Private, Secure, Guaranteed ACH Credits – The Next Generation of Online Payments Samantha Carrier, Director, eCommerce, NACHA.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Cloud Computing! Aber sicher ?!? Ralf Schnell Customer Solutions Architect Principal Cloud Strategist
9.4M online U.S. adults were victimized by identity theft in year ending April 2004 –Losses amounted to $11.7 billion Online theft is escalating The solution.
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.
CertAnon The feasibility of an anonymous WAN authentication service Red Group CS410 March 1, 2007.
Identity Theft By: Chelsea Thompson. What is identity theft? The crime of obtaining the personal or financial information of another person for the purpose.
BUSINESS B1 Information Security.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Copyright 2006 IDC Reproduction is forbidden unless authorized. All rights reserved. Information Security Trends.
BRING YOUR OWN DEVICE. BYOD AND THE IMPACT ON IT SECURITY BYOD and pressure employees put on IT organization to supply or allow consumer mobility devices.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
“Stronger” Web Authentication: A Security Review Cory Scott.
Mobile Banking By: Chenyu Gong, Jalal Hafidi, Harika Malineni.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
Identity Assurance Emory University Security Conference March 26, 2008.
IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.
Cybercrime What is it, what does it cost, & how is it regulated?
Building a Fully Trusted Authentication Environment
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Safe’n’Sec IT security solutions for enterprises of any size.
Policies and Security for Internet Access
HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005.
1 #UPAugusta Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.
NADAV PELEG HEAD OF MOBILE SECURITY The Mobile Threat: Consumer Devices Business Risks David Parkinson MOBILE SECURITY SPECIALIST, NER.
Computer Security Set of slides 8 Dr Alexei Vernitski.
Electronic Banking & Security Electronic Banking & Security.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
A l a d d I n. c o m Strong Authentication and Beyond Budai László, IT Biztonságtechnikai tanácsadó.
Securing Information Systems
Trend Micro Consumer 2010 Easy. Fast. Smart.
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
BY GAWARE S.R. DEPT.OF COMP.SCI
Securing Information Systems
Use of Biometric Technology in Payments to avoid Frauds
Check Point Connectra NGX R60
Microsoft Data Insights Summit
Presentation transcript:

Challenges of Identity Fraud Chris Voice, VP Technology

© Copyright Entrust, Inc We are Security Specialists… Top 12 security software company with ~ $100M in annual revenues Industry pioneer and leader, with 500 employees and 100+ patents Best in class service and support, and integration for leading technology vendors Strong balance sheet, with significant cash balance and no debt –Publicly-listed (NASDAQ: ENTU)

© Copyright Entrust, Inc Definitions Identity TheftIdentity Fraud

© Copyright Entrust, Inc Identity Theft Incidents

© Copyright Entrust, Inc Major Identity Theft Incidents

© Copyright Entrust, Inc ?

7 ?

8  Source:

© Copyright Entrust, Inc Phishing Reports Received Nov ’04 – Nov ‘05 88% Year over Year Increase

© Copyright Entrust, Inc More Complex Attacks

© Copyright Entrust, Inc Password Stealing Malicious Code URLs Over 300% in Seven Months

© Copyright Entrust, Inc Online Identity Fraud Influencing Consumer Behavior IDC Financial Insights: “…6% admitted to switching banks to reduce their risk of becoming a victim of identity theft.” Forrester: “…14% of online consumers have stopped using online banking and bill pay due to fraud concerns.”

© Copyright Entrust, Inc Online Identity Fraud Influencing Consumer Behavior Gartner: “…nearly 14 percent of them [on-line bankers] have stopped paying bills via online banking." Entrust: “…18% of consumers have decreased or outright stopped doing on-line banking in the last 12 months because of concerns of identity security..”

© Copyright Entrust, Inc Driving Legislative Impacts

© Copyright Entrust, Inc Legislation Have introduced Data Security Legislation Have Not Introduced Data Security Legislation

© Copyright Entrust, Inc Financial Service Mandates FFIEC considers single-factor authentication…to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. Financial institutions should implement multifactor authentication, layered security…by end of 2006.

© Copyright Entrust, Inc How Can Security Help People ProcessesTechnology Strong Authentication Encryption Content Control

© Copyright Entrust, Inc Encryption Two-thirds of fresh and critical data is on employee laptops and desktops – not the servers. Gartner, April 2004 Two-thirds of fresh and critical data is on employee laptops and desktops – not the servers. Gartner, April 2004 Companies typically lose 5-8% of their laptops per year. The FBI estimates that 50% of network penetration is due to information derived from a stolen laptop. Meta, January 2005 Companies typically lose 5-8% of their laptops per year. The FBI estimates that 50% of network penetration is due to information derived from a stolen laptop. Meta, January 2005 By year-end 2007, 80% of Fortune 1000 enterprises will encrypt critical “data at rest” (0.8 probability) Gartner, April 2004 By year-end 2007, 80% of Fortune 1000 enterprises will encrypt critical “data at rest” (0.8 probability) Gartner, April 2004

© Copyright Entrust, Inc Persistent Data Encryption

© Copyright Entrust, Inc Benefits of Persistent Data Encryption Any person or business that conducts business in California…shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. California SB1386

© Copyright Entrust, Inc Content Scanning Automated Policy Enforcement Detection and Blocking across broad set of outbound protocols Employees, Partners, Customers Employees ftp:// IM

© Copyright Entrust, Inc Stronger Mutual Authentication Understanding and Countering the Phishing Threat A Financial Services Industry Perspective Top 3 Recommendations: 1.Focus on Mutual Customer/Financial Institution Authentication 2.Improved Fraud Screening 3.Industry-wide Attack Method/Mitigation Information Sharing Report Defend Detect Prevent Solution Areas:

© Copyright Entrust, Inc The Authentication Challenge Usability & Cost Security Minimize customer experience impact – Only impact user experience with stronger authentication when necessary – The right authentication for the right risk level – at the right time Fraud Risk

© Copyright Entrust, Inc The Authentication Challenge – Risk-based Authentication Transaction Sequence Increasing Impact of Fraud Login Check Balance Register Bill Funds Transfer Risk based authentication requires a range of capabilities Increasing Authentication Strength

© Copyright Entrust, Inc New Authentication Technologies Authentication Strength Purchase & Deployment Cost Passwords One-Time-Password Tokens Smartcards Traditional Biometrics $

© Copyright Entrust, Inc Range of Risk-Based Strong Authentication Policy-based authentication allowing single authentication layer to meet multiple business requirements –Per transaction, per user, per application, per LOB… Machine Auth Authorized set of workstations Knowledge Auth Challenge / response questions Out-of-Band One-time-passcode to mobile device or phone Scratch Pad Auth One-time password list Grid Auth Grid location challenge and response Additional Technologies to Come

© Copyright Entrust, Inc Unique authentication card issued to each user Random characters in grid with row/column headers Separate plastic card or on existing card Example – Grid Authentication Stand-Alone CardCard Add-On

© Copyright Entrust, Inc Grid Authentication Process User enters ID & Password as is done today. Personal ID ********

© Copyright Entrust, Inc Grid Authentication Process cont’d

© Copyright Entrust, Inc Grid Authentication Process cont’d 1 2 3

© Copyright Entrust, Inc Authentication Needs to be Mutual Easy to use mechanisms for customers to recognize they are on the right site. Message Replay Auth User entered message Serial Replay Auth Grid card serial number Image Replay Auth User selected image

© Copyright Entrust, Inc Announced Wins in 2H05

© Copyright Entrust, Inc Summary Identity Fraud will change the way organizations protect your sensitive information –May require legislation to drive real action Identity Fraud will change the way you interact with your financial institutions –Focus on addressing your confidence to drive continued internet adoption

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.