Presentation is loading. Please wait.

Presentation is loading. Please wait.

0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.

Published byPatrick Black Modified over 9 years ago

Similar presentations

Presentation on theme: "0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized."— Presentation transcript:

1 0

2 1

3 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized party I prefer dealing with people I do not want to pay a fee I do not find online banking valuable 2008 2007 2006 2005 0%10%20%30%40%50%60% ©Javelin Strategy and Research, August 2008

4 Identity Fraud – Evolution and Solutions

5 Agenda  Attack vectors –Phishing –Man-in-the-middle (MITM) attacks –Malware  Solutions –One-time passwords –Transaction signatures –Endpoint assessment  Summary 4

6 Phishing 5

7 Pharming 6 http://www User Website www.nicebank.com Fake Website www.n1cebank.com Attacker DNS Server (Local or ISP)

8 Smishing 7

9 Vishing 8

10 Smishing Phishing Vishing Pharming http://www User Website www.nicebank.com Fake Website www.n1cebank.com Attacker DNS Server (Local or ISP) PHISHING

11 10 Two factor authentication  Something the user has  Strengths –Compromised user credentials less valuable for attacker –Break down the traditional economic model of phishing attacks

12 11 Types of one-time-passwords  Counter-based one-time passwords  Time-based one-time passwords  Challenge-based one-time passwords  Mutual authentication one-time passwords  Out-of-Band one-time passwords

13 OATH (Open Authentication)  A group of technology and industry leaders –60+ members –Open and royalty-free specifications –Promote interoperability  Benefits –Standardization drives down cost –Prevents “vendor lock-in”

14 MITM / MITB attacks 13 Man-in-the-middle attack End-User “John” 1. “John”, “psd” Browser NetBanking Server Banking Trojan 2. OTP 3. $500 to Bob 1. “John”, “pswd” 2. OTP 3. $500 to Bob 1. “John”, “pswd” 2. OTP 3. $5000 to Bill End-User’s Computer Man-in-the-browser attack Web Server End-User MITM

15 Transaction Signing Soft Tokens  Signature = cryptographic Message Authentication Code 14 On Internet Banking On the software token Enter Account no 0243758 Enter Amount 0243758 500.00 Generate Signature 0243758 500.00 afcbff100 Seal Transaction with Signature 0243758 500.00 afcbff100 Transaction signature stored in Audit Log for verification

16 Risk levels (NIST SP 800-63-1) 15 Minimal High Medium Low KBA OTP PKI OOB

17 16 Security Industry in 2001 Security Industry in 2011

18 17 Trojans / Malware

19 Endpoint Assessment  Endpoint Security Assessment  Session Clean-Up 18 POLICY Personal Firewall Anti-Virus Spyware Patches Inventory Device using File Scan Process Scan Registry Scan OS Scan Compare device scan with access policy SCANCOMPARE Allow Partial Pass Decline

20 19 Summary  Sophistication of identity fraud schemes is increasing  Authentication deployments are converging to: –Hybrid solutions: >1 authentication method per end-user –Risk-based authentication –Endpoint security assessment  Choose a technology that –Does not lock you in –Provides entire solution – from authentication to endpoint assessment to abolishment

21 Questions and Answers E-mail: tejas.lagad@nexussafe.com Mobile: +91 99229 39931 Twitter: @Ltejas

Download ppt "0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized."

Similar presentations

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
Challenges of Identity Fraud Chris Voice, VP Technology.

Challenges of Identity Fraud Chris Voice, VP Technology.
A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” emails to counterfeit sites Users “give up” personal financial.

A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” s to counterfeit sites Users “give up” personal financial.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
1 Managing Identity Threats May 2010. 2 Where are the threats ? Customer Web/App Server Vulnerabilities: Trojan sniffers Soliciting Email to enter credentials.

1 Managing Identity Threats May Where are the threats ? Customer Web/App Server Vulnerabilities: Trojan sniffers Soliciting to enter credentials.
E-banking.

E-banking.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Iron Key and Portable Drive Security Zakary Littlefield.

Iron Key and Portable Drive Security Zakary Littlefield.
Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September 2014 1 Oberthur Technologies – Identity.

Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September Oberthur Technologies – Identity.
Payment Fraud Trends : What Can you do? Protect Yourself and Your Business from Financial Fraud.

Payment Fraud Trends : What Can you do? Protect Yourself and Your Business from Financial Fraud.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.

INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.

Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Similar presentations

Ads by Google