We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byCale Vink
Modified about 1 year ago
Challenges of Identity Fraud Chris Voice, VP Technology
© Copyright Entrust, Inc We are Security Specialists… Top 12 security software company with ~ $100M in annual revenues Industry pioneer and leader, with 500 employees and 100+ patents Best in class service and support, and integration for leading technology vendors Strong balance sheet, with significant cash balance and no debt –Publicly-listed (NASDAQ: ENTU)
© Copyright Entrust, Inc Definitions Identity TheftIdentity Fraud
© Copyright Entrust, Inc Identity Theft Incidents
© Copyright Entrust, Inc Major Identity Theft Incidents
© Copyright Entrust, Inc ?
© Copyright Entrust, Inc Phishing Reports Received Nov ’04 – Nov ‘05 88% Year over Year Increase
© Copyright Entrust, Inc More Complex Attacks
© Copyright Entrust, Inc Password Stealing Malicious Code URLs Over 300% in Seven Months
© Copyright Entrust, Inc Online Identity Fraud Influencing Consumer Behavior IDC Financial Insights: “…6% admitted to switching banks to reduce their risk of becoming a victim of identity theft.” Forrester: “…14% of online consumers have stopped using online banking and bill pay due to fraud concerns.”
© Copyright Entrust, Inc Online Identity Fraud Influencing Consumer Behavior Gartner: “…nearly 14 percent of them [on-line bankers] have stopped paying bills via online banking." Entrust: “…18% of consumers have decreased or outright stopped doing on-line banking in the last 12 months because of concerns of identity security..”
© Copyright Entrust, Inc Driving Legislative Impacts
© Copyright Entrust, Inc Legislation Have introduced Data Security Legislation Have Not Introduced Data Security Legislation
© Copyright Entrust, Inc Financial Service Mandates FFIEC considers single-factor authentication…to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. Financial institutions should implement multifactor authentication, layered security…by end of 2006.
© Copyright Entrust, Inc How Can Security Help People ProcessesTechnology Strong Authentication Encryption Content Control
© Copyright Entrust, Inc Encryption Two-thirds of fresh and critical data is on employee laptops and desktops – not the servers. Gartner, April 2004 Two-thirds of fresh and critical data is on employee laptops and desktops – not the servers. Gartner, April 2004 Companies typically lose 5-8% of their laptops per year. The FBI estimates that 50% of network penetration is due to information derived from a stolen laptop. Meta, January 2005 Companies typically lose 5-8% of their laptops per year. The FBI estimates that 50% of network penetration is due to information derived from a stolen laptop. Meta, January 2005 By year-end 2007, 80% of Fortune 1000 enterprises will encrypt critical “data at rest” (0.8 probability) Gartner, April 2004 By year-end 2007, 80% of Fortune 1000 enterprises will encrypt critical “data at rest” (0.8 probability) Gartner, April 2004
© Copyright Entrust, Inc Persistent Data Encryption
© Copyright Entrust, Inc Benefits of Persistent Data Encryption Any person or business that conducts business in California…shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. California SB1386
© Copyright Entrust, Inc Content Scanning Automated Policy Enforcement Detection and Blocking across broad set of outbound protocols Employees, Partners, Customers Employees ftp:// IM
© Copyright Entrust, Inc Stronger Mutual Authentication Understanding and Countering the Phishing Threat A Financial Services Industry Perspective Top 3 Recommendations: 1.Focus on Mutual Customer/Financial Institution Authentication 2.Improved Fraud Screening 3.Industry-wide Attack Method/Mitigation Information Sharing Report Defend Detect Prevent Solution Areas:
© Copyright Entrust, Inc The Authentication Challenge Usability & Cost Security Minimize customer experience impact – Only impact user experience with stronger authentication when necessary – The right authentication for the right risk level – at the right time Fraud Risk
© Copyright Entrust, Inc The Authentication Challenge – Risk-based Authentication Transaction Sequence Increasing Impact of Fraud Login Check Balance Register Bill Funds Transfer Risk based authentication requires a range of capabilities Increasing Authentication Strength
© Copyright Entrust, Inc New Authentication Technologies Authentication Strength Purchase & Deployment Cost Passwords One-Time-Password Tokens Smartcards Traditional Biometrics $
© Copyright Entrust, Inc Range of Risk-Based Strong Authentication Policy-based authentication allowing single authentication layer to meet multiple business requirements –Per transaction, per user, per application, per LOB… Machine Auth Authorized set of workstations Knowledge Auth Challenge / response questions Out-of-Band One-time-passcode to mobile device or phone Scratch Pad Auth One-time password list Grid Auth Grid location challenge and response Additional Technologies to Come
© Copyright Entrust, Inc Unique authentication card issued to each user Random characters in grid with row/column headers Separate plastic card or on existing card Example – Grid Authentication Stand-Alone CardCard Add-On
© Copyright Entrust, Inc Grid Authentication Process User enters ID & Password as is done today. Personal ID ********
© Copyright Entrust, Inc Grid Authentication Process cont’d
© Copyright Entrust, Inc Grid Authentication Process cont’d 1 2 3
© Copyright Entrust, Inc Authentication Needs to be Mutual Easy to use mechanisms for customers to recognize they are on the right site. Message Replay Auth User entered message Serial Replay Auth Grid card serial number Image Replay Auth User selected image
© Copyright Entrust, Inc Announced Wins in 2H05
© Copyright Entrust, Inc Summary Identity Fraud will change the way organizations protect your sensitive information –May require legislation to drive real action Identity Fraud will change the way you interact with your financial institutions –Focus on addressing your confidence to drive continued internet adoption
Dean Ocampo, CISSP, Check Point Software Manager, Web Security Product Marketing Steve Neville, Entrust, Inc. Sr. Manager, Identity Products & Solutions.
How to secure an information security environment January 15, 2014 Lance P. Hawk CFE, CGEIT, CISA, CISM, CRISC
Data Masking Counter Attack to Identity Theft Paul Preston Data Masking: Counter Attack to Identity Theft.
© 2011 Verdasys, Inc. All Rights Reserved. CONFIDENTIAL AND PROPRIETARY - DO NOT REPRODUCE. Enterprise Information Protection When DLP is Not Enough? Graham.
IT Security Auditing. Topics Defining IT Audit Risk Analysis Internal Controls Steps of an IT Audit Preparing to be Audited Auditing IT Applications Who.
Working with the Internet 2 Information Technology Working with the Internet This presentation will explore: Internet workings & uses facilities.
Boston Springfield Albany Enter Presentation Title Here Presenter Name © 2009 Wolf & Company, P.C. Presentation date Location 1 Boston Springfield Albany.
PCI-DSS Compliance and Payment Card Acceptance Cathy Freeman Cash and Treasury Services Phone:
Copyright © 2011 Pearson Education, Inc. publishing as Prentice Hall 14-1 MANAGING INFORMATION TECHNOLOGY 7 th EDITION CHAPTER 14 INFORMATION SECURITY.
Field TDM Deck Optimize and Secure Your Core Infrastructure for Midsize Businesses.
Secure File Interchange (SFI) A Managed Security Solution Whitenoise Laboratories Inc. November 24, 2006 For use in your enterprise A service offering.
John Clark COO, PCI Security and Compliance CCIA Fall Meeting – 7 th October 2011.
Communication for the open minded Study on user identification methods in card payments, e-payments and mobile payments Summary of recommendations (WP5)
PCI Boot Camp Presented by the PCI Compliance Task Force.
Security Policy. TOPICS Objectives WLAN Security Policy General Security Policy Functional Security Policy Conclusion.
Selecting a Strong Authentication Solution Scott Mackelprang, V.P. of Security Digital Insight.
SECURITY AWARENESS. The Importance of Security Awareness Training Security Awareness Training provides the knowledge to protect information systems and.
Bank of America Merchant Services ASTRA Meeting Shirley Davis, Relationship Manager JD Wilks, Technical Relationship Manager Melinda Speer, Strategic Account.
1 CREDANT Confidential. 1 NLIT CREDANT Company Overview 2007 Data Security Leadership Quadrant 2007 & 2008: #1 Fastest Growing Private (Security)
UNIT I FUNDAMENTAL OF E-COMMERCE 1.1INTRODUCTION TO E-COMMERCE 1.2 DRIVING FORCES OF E-COMMERCE 1.3 BENEFITS AND LIMITATIONS OF E-COMMERCE 1.4 DATA MINING.
Personal Privacy Identity protection in this wired world.
Star Wars in the New Millennium: Cyber Liability and Data Risk.
© Copyright Ovum. All rights reserved. Ovum is a subsidiary of Informa plc. 1 Addressing “The BYOD Gap” Richard Absalom, Analyst, Consumer Impact Technology.
Common types of online attacks Dr.Talal Alkharobi.
Mobile Device Management Ryder Audit Services 2013.
© 2016 SlidePlayer.com Inc. All rights reserved.