Presentation is loading. Please wait.

Presentation is loading. Please wait.

George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.

Published byAnne O'Leary Modified over 9 years ago

Similar presentations

Presentation on theme: "George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved."— Presentation transcript:

1 George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved. Online Authentication and Security …and now, You Have To Do Something!

2 Section Break First: The Good News

3 © 2005 The Tower Group, Inc. CAGR = 8.7% Projected Online Banking Growth (Among All US Households) Online Banking Continues to Grow Source: TowerGroup

4 © 2005 The Tower Group, Inc. e-Commerce Continues to Grow US Dollars (millions) Source: US Department of Commerce

5 Section Break And Now: The Bad News

6 © 2005 The Tower Group, Inc. 2004 – The Year of Phishing

7 © 2005 The Tower Group, Inc. Malware Growth Over Time (Number of Unique Samples) Malware Attacks Are On The Rise Source: McAfee

8 © 2005 The Tower Group, Inc. Threats Continue to Emerge Cross-Site Scripting (XSS) Trojan Horses Keyboard Loggers Remote Administration Tools (RATs) Man-in-the-middle (MIM) Drive-by Download Pop-up Download Hacking File Sharing Networks Browser Hijackers DNS Cache Poisoning E-mail Attachments Root Kits Phishing

9 © 2005 The Tower Group, Inc. Consumers Cannot Defend Themselves  Proliferating threats  Low anti-virus, anti- spyware usage  Criminals are always one step ahead  Bank is viewed as protector The Bottom Line Usernames and passwords will be stolen!

10 © 2005 The Tower Group, Inc. My Favorite Solution (so far…)

11 © 2005 The Tower Group, Inc. Keys to a Good Internet Solution  Convenience  Minimum user action = Minimum mistakes  No opt-in = No adoption issues, full coverage  No change in customer behavior = No confusion  No downloads or cookies = No compatibility issues  Low False-Positives/False-Negatives  Link analysis of compromised accounts to the same fraudster  Low cost  Capital  Resources

12 © 2005 The Tower Group, Inc. Risk-Based Authentication  PC Identification  PC stored certificate  Browser plug-in  Software token generator  PC fingerprinting  IP Data Analytics  Geolocation  Range restriction  Anonymous proxy  Travel algorithms PC Data Internet-Network Connectivity (IP) Bank.com Website

13 © 2005 The Tower Group, Inc. Internet Anonymity?

14 © 2005 The Tower Group, Inc. Risk-Based Authentication Exhibit #: -E1 Source: TowerGroup WEB SERVER AUTHENTICATION ENGINE CUSTOMER CREDENTIALS DATABASE AUTHORIZATION RULES CUSTOMER PROFILE DATABASE IP GEOLOCATION DATABASE LOGIN REQUEST Authorization Decision  Access Granted  Access Denied  Additional Credentials Required ADMINISTRATIVE, CASE MANAGEMENT & REPORTING TOOLS

15 © 2005 The Tower Group, Inc. The Bigger Picture

16 © 2005 The Tower Group, Inc. A Comprehensive Strategy to Prevent Fraud Source: TowerGroup Exhibit #: 41:08CPI-E8  Internet Policies  Education  Strong & Secure Authentication  Behavioral/ Transactional Systems  Detection  Intervention  Prevention  Forensics  Policy Based Framework  Vulnerability Management/ Compliance Monitoring  Vigorous Access Management Consumer ProtectionBrand ProtectionData Protection Corporate Policy

17 © 2005 The Tower Group, Inc. Ingredients for Effective and Efficient Enterprise Fraud Management Exhibit #: 43:16B-E5 Source: TowerGroup People  Fraud culture  Fraud mgmt. incentives  Whistleblower  New employee screening Business Process  Rapid escalation of suspicious activity  Managing fraud across customer lifecycle  Link analysis across fraud types and lines of business Technology & Facilities  Unified view of fraud data  From systems to platforms  Reduced information exposure Customers  Education on fraud prevention  Security awareness campaigns  Heedful disclosure of personal information

18 © 2005 The Tower Group, Inc. Characteristics of Siloed vs. Enterprise Approach to Fraud Management Exhibit #: 43:16B-E4 Source: TowerGroup Note:R/A/A = Reporting/Alerts/Audit; CM = Case Management; M/D = Monitoring/Detection. Siloed Approach to Fraud ManagementEnterprise Fraud Management R/A/A CM M/D Point 1 Point 2 Point 3... R/A/A CM M/D Point Solution Module Fraud System  Reactive response to fraud permutations  No cross-channel, cross-line of business fraud picture  FSIs “run in place” in fraud fighting  Enables a proactive response to fraud as it morphs  Enterprise view of fraud risk and fraud as it occurs  Links to enterprise efforts for risk management and compliance

19 George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved. TowerGroup is a wholly owned subsidiary of MasterCard International and operates as a separate business entity with complete editorial independence. Online Authentication and Security …and now, You Have To Do Something!

Download ppt "George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved."

Similar presentations

Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.

Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.
HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” emails to counterfeit sites Users “give up” personal financial.

A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” s to counterfeit sites Users “give up” personal financial.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.

CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.
SiteLock Internet Security: Big Threats for Small Business.

SiteLock Internet Security: Big Threats for Small Business.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Securing Information Systems

Securing Information Systems

Similar presentations

Ads by Google