Online Identity and Trust: Layered Security Strategy, the Key to Trust
Online Identity and Trust « Password for my password | Main | Cloud computing security standards – Vinton Cerf, father of the internet, has got your back » Layered Security Strategy, the Key to Trust
Han Dong, Senior Product Marketing Manager, User Authentication
Some thoughts on a couple of recent articles, one from Gartner Research: Where Strong Authentication Fails and What You Can Do About It, by Avivah Litan and a similar article by Jaikumar Vijayan in Computerworld, which also references Ms. Litan’s article.
The basic idea presented in these two articles is that “one-time passwords…are no longer enough to protect online banking transactions against fraud.” These one-time password (OTP) token-based two-factor authentication methods may be compromised by man-in-the-browser malware that overwrites the user transactions to steal their assets. So the general recommendation from Avivah Litan is “A layered fraud prevention approach that includes server-based fraud detection and out-of-band transaction verification that precludes call forwarding to illegitimate user phone numbers can and has mitigated these threats.”
We agree that OTP is not the end-all, be-all of security for the internet. In fact, VeriSign was recently recognized as a “best in class authentication technology solution” by Javelin Strategy & Research, primarily because VeriSign espouses a layered security approach to our customers for protecting online transactions. This approach includes Extended Validation SSL to authenticate the website to a user, with an easily identifiable green address bar. Plus the VeriSign Identity Protection Fraud Detection Service, which delivers risk-based authentication to monitor particular user behavior and trigger authentication when abnormal patterns or behavior are noted. And additionally, the VeriSign Identity Protection Service, one-time password (OTP) authentication to mitigate account takeover and require an additional factor the user must present, in addition to username and password for accessing critical accounts. OTP in and of itself is not a panacea, but it is part of a multi-layered security approach that anyone conducting business online should consider to protect its customers and business.
Fraud may be on the rise, so whom do you turn to for trust in the online world?
Easy, look for the check.
Posted by Han Dong on December 15, 2009 12:53 PM | Permalink Post a comment (If you haven’t left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won’t appear on the entry. Thanks for waiting.)
Remember personal info?
Comments: (you may use HTML tags for style)
Search Categories Authentication | Cloud-based Security | Device Security | Fraud Detection | Fraud Detection Service | Identity | Mobile devices and credentials | OpenID | VIP Blog | WiMAX | fraud protection | iPhone | layered security | two-factor authentication | second-factor authentication | verisign | Archives November 2010 October 2010 July 2010 May 2010 April 2010 March 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 Recent Posts And the SC Magazine Award finalists are… VIP Mobile Software Developer Kit (SDK) Available for Windows Phone 7 Some additional “Social Security” Qualys provides VIP Protection to its customers VeriSign Customers Honored by Computerworld Cloud-based Authentication Matters Here ‘Smart’ meters will require ‘Smart’ security A Year of Progress for VIP Access for Mobile VeriSign has “got your back” on fraudulent ATM activity Cloud computing security standards – Vinton Cerf, father of the internet, has got your back Subscribe Comments We encourage comments and look forward to hearing from you. Please note that VeriSign may, in our sole discretion, remove comments if they are off topic or inappropriate. Powered by
Movable Type 4.21-en Disclaimer: Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of VeriSign.
VeriSign Legal Notices
View the original article here