We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byAnne O'Leary
Modified about 1 year ago
George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved. Online Authentication and Security …and now, You Have To Do Something!
Section Break First: The Good News
© 2005 The Tower Group, Inc. CAGR = 8.7% Projected Online Banking Growth (Among All US Households) Online Banking Continues to Grow Source: TowerGroup
© 2005 The Tower Group, Inc. e-Commerce Continues to Grow US Dollars (millions) Source: US Department of Commerce
Section Break And Now: The Bad News
© 2005 The Tower Group, Inc. 2004 – The Year of Phishing
© 2005 The Tower Group, Inc. Malware Growth Over Time (Number of Unique Samples) Malware Attacks Are On The Rise Source: McAfee
© 2005 The Tower Group, Inc. Threats Continue to Emerge Cross-Site Scripting (XSS) Trojan Horses Keyboard Loggers Remote Administration Tools (RATs) Man-in-the-middle (MIM) Drive-by Download Pop-up Download Hacking File Sharing Networks Browser Hijackers DNS Cache Poisoning E-mail Attachments Root Kits Phishing
© 2005 The Tower Group, Inc. Consumers Cannot Defend Themselves Proliferating threats Low anti-virus, anti- spyware usage Criminals are always one step ahead Bank is viewed as protector The Bottom Line Usernames and passwords will be stolen!
© 2005 The Tower Group, Inc. My Favorite Solution (so far…)
© 2005 The Tower Group, Inc. Keys to a Good Internet Solution Convenience Minimum user action = Minimum mistakes No opt-in = No adoption issues, full coverage No change in customer behavior = No confusion No downloads or cookies = No compatibility issues Low False-Positives/False-Negatives Link analysis of compromised accounts to the same fraudster Low cost Capital Resources
© 2005 The Tower Group, Inc. Risk-Based Authentication PC Identification PC stored certificate Browser plug-in Software token generator PC fingerprinting IP Data Analytics Geolocation Range restriction Anonymous proxy Travel algorithms PC Data Internet-Network Connectivity (IP) Bank.com Website
© 2005 The Tower Group, Inc. Internet Anonymity?
© 2005 The Tower Group, Inc. Risk-Based Authentication Exhibit #: -E1 Source: TowerGroup WEB SERVER AUTHENTICATION ENGINE CUSTOMER CREDENTIALS DATABASE AUTHORIZATION RULES CUSTOMER PROFILE DATABASE IP GEOLOCATION DATABASE LOGIN REQUEST Authorization Decision Access Granted Access Denied Additional Credentials Required ADMINISTRATIVE, CASE MANAGEMENT & REPORTING TOOLS
© 2005 The Tower Group, Inc. The Bigger Picture
© 2005 The Tower Group, Inc. A Comprehensive Strategy to Prevent Fraud Source: TowerGroup Exhibit #: 41:08CPI-E8 Internet Policies Education Strong & Secure Authentication Behavioral/ Transactional Systems Detection Intervention Prevention Forensics Policy Based Framework Vulnerability Management/ Compliance Monitoring Vigorous Access Management Consumer ProtectionBrand ProtectionData Protection Corporate Policy
© 2005 The Tower Group, Inc. Ingredients for Effective and Efficient Enterprise Fraud Management Exhibit #: 43:16B-E5 Source: TowerGroup People Fraud culture Fraud mgmt. incentives Whistleblower New employee screening Business Process Rapid escalation of suspicious activity Managing fraud across customer lifecycle Link analysis across fraud types and lines of business Technology & Facilities Unified view of fraud data From systems to platforms Reduced information exposure Customers Education on fraud prevention Security awareness campaigns Heedful disclosure of personal information
© 2005 The Tower Group, Inc. Characteristics of Siloed vs. Enterprise Approach to Fraud Management Exhibit #: 43:16B-E4 Source: TowerGroup Note:R/A/A = Reporting/Alerts/Audit; CM = Case Management; M/D = Monitoring/Detection. Siloed Approach to Fraud ManagementEnterprise Fraud Management R/A/A CM M/D Point 1 Point 2 Point 3... R/A/A CM M/D Point Solution Module Fraud System Reactive response to fraud permutations No cross-channel, cross-line of business fraud picture FSIs “run in place” in fraud fighting Enables a proactive response to fraud as it morphs Enterprise view of fraud risk and fraud as it occurs Links to enterprise efforts for risk management and compliance
George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved. TowerGroup is a wholly owned subsidiary of MasterCard International and operates as a separate business entity with complete editorial independence. Online Authentication and Security …and now, You Have To Do Something!
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
Identity Assurance Emory University Security Conference March 26, 2008.
Computer Security Fundamentals Chuck Easttom Chapter 1 Introduction to to Computer Security.
Cloud Security Julian Lovelock VP, Product Marketing, HID Global.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
Topic 5: Basic Security. Topic Review... This topic will cover: - Understand the networking threats. :> Describe the risks of network intrusion. :> Sources.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
SiteLock Internet Security: Big Threats for Small Business.
OCR GCSE ICT B063 (2016) ‘PROGRESS LEISURE’ © ZigZag Education 2015 Photocopiable/digital resources may only be copied by the purchasing institution on.
Presidio Bank Business Online Banking Security Overview.
CHAPTER 8 Securing Information Systems. System Vulnerability Security (policies, procedures, technical measures) and controls (methods, policies, procedures)
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Security Issues and Challenges in Cloud Computing Lambu Akhila Reddy CSC 557.
PCI: As complicated as it sounds? Gerry Lawrence CTO
Certification Authority. Overview Identifying CA Hierarchy Design Requirements Common CA Hierarchy Designs Documenting Legal Requirements Analyzing.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.
Commercial eSecurity Training and Awareness. Common Online Threats Most electronic fraud falls into one of three categories: PHISHING – Fraudulent s.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
Presented by Manager, MIS. GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)
Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.
Dell Connected Security Solutions Simplify & unify.
A First Course in Information Security Nancy Smithfield Computer Science and IT Department Austin Peay State University
Blue Coat Confidential Web and Mobile Application Controls Timothy Chiu Director of Product Marketing, Security July 2012.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Security Trifecta – Overview of Vulnerabilities in the Racing Industry Gus Fritschie December 11, 2013.
ASP.NET 2.0 Security Alex Mackman CM Group Ltd
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
COMP 2903 A27 – Why Spyware Poses Multiple Threats to Security Danny Silver JSOCS, Acadia University.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Malware Fighting Spyware, Viruses, and Malware Ch 1 -3.
10/14/2015 Introducing Worry-Free SecureSite. Copyright Trend Micro Inc. Agenda Problem –SQL injection –XSS Solution Market opportunity Target.
Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.
© 2017 SlidePlayer.com Inc. All rights reserved.