IDRBT Working Paper No. 11 Authentication factors for Internet banking
|
|
- Alisha Joseph
- 8 years ago
- Views:
Transcription
1 IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased use of alternate delivery channels by banks, the need for appropriate authentication of customers has now gained significant importance for the banking system. Banks in India have been adopting different authentication mechanisms to provide for security during the last few years. In the search for more effective authentication techniques, an approach which promises substantial benefit pertains to the use of mutual authentication which can be implemented by providing some challenge questions. This paper elucidates the various facets of mutual authentication and outlines the way forward for banks to provide mutual authentication using identifiable pictures, by listing three approaches for storing these pictures, viz: identifiable pictures stored either at the server end or at the client side or by dividing the picture into two transparencies and implementing Visual Cryptography for ensuring Secure Authentication. 1.0 Introduction The technological metamorphosis in banking has resulted in a plethora of delivery channels being now available for customers of banks. The retail customers of banks have perhaps benefited most by the use of technology based systems such as Core Banking, Clustered systems, as well as delivery channels such as Automated Teller Machines, Internet banking and mobile banking, to name a few. In all these new delivery channels the most important requirement pertains to the need for identifying the customer who would no longer be visiting the branch premises but would be accessing services of the bank through the new delivery channels. Identification in the context of banks happens through a variety of means but the most important aspects which are checked pertain to the account number of the customer and the name of the customer. Once the identification process is completed, the next important factor to be validated pertains to authentication of the customer to ensure that the person who claims to be the customer is indeed the one who is the customer. Authentication plays a vital role especially in the cases where the customer is not present in front of the banker or its authorized representative. This assumes more significance in online banking as well, where a public medium of access such as the Internet is used as the means of accessing the bank s IT systems (and thus ultimately the funds too, by the customer ). There are multiple ways through which banks can authenticate users. These range from the simple systems such as a combination of the username and password to complex systems such as biometric and / or one time usage based variable tokens. As technology continues to change, banks need to adapt their security systems to effectively combat threats posed by malafide intents, imposters, hackers, thieves, and the like. Selecting the right technologies for each organization cannot be generalized. However, knowing what authentication techniques are available is the first step in moving over to Working paper No Authentication factors for Internet banking 1
2 a secure environment. This paper attempts to provide an overview of the appropriate technological tools available for authentication in Internet based banking. Internet banking is the service offering by banks, using which customers can gain access to the financial services offered by the banks through a computer, using the Internet medium and without the need for going over to the customer s bank. This means of access to banking services has gained substantial ground since its introduction in the late nineties and almost all commercial banks in the country have internet based access facilities offered to their discerning customers. With the large scale usage of Internet banking, the attendant risks of Internet also began to surface thus exposing the bank as well as the customer to risks, Cases of malafide access to customer accounts, fraudulent withdrawal of funds, phishing, spamming and other such online frauds began to surface. Authentication has become one of the main factors in internet banking, for banks to provide secure and safe banking to the users. This prompted the Reserve Bank of India (RBI), as the regulator of the banking system in the country, to review the entire gamut of Internet Banking and come out with guidelines for authentication in respect of online banking. A similar approach was followed in the other countries of the world as well, with the Federal Financial Institutions Examination Council (FFIEC) in the US also issuing guidance for banks for single factor authentication in 2001 and two factor authentication in 2005 to prevent online fraud. It is interesting to note that on June 28, 2011, the FFIEC issued a Supplement to the Authentication in an Internet Banking Environment guidance first issued in Oct. 2005, while RBI issued guidelines for banks to implement two factor authentication for online banking in 2008 itself. These have, to some extent, mitigated the risks associated with Internet Banking. 2.0 Authentication - Overview Authentication is the process of verifying a claim made by a subject that it should be allowed to act on behalf of a given person, computer, process, etc. Authentication process is preceded by Authorization, which in the banking context, is preceded by Identification. Authorization, involves verifying that an authenticated subject has permission to perform certain operations or access specific resources. Authentication procedures are based on three factors related to the user i.e. the person who is authenticating, say a transaction in Internet Banking. They are 1. User knows 2. User possesses and 3. User is. The following are the various options used under each of the three factors. User knows User possesses User Is Username Password USB Token Smart Card Fingerprint Palm print PIN OTP by IRIS Card No. CVV 2 SMS/token Swipe cards Voice Vein pattern 3D Secure/ VbV Mobile Signature Identifiable picture 2.1 Types of Authentication Table 1: Authentication Factors Working paper No Authentication factors for Internet banking 2
3 Authentication mechanisms are of three kinds based on the authentication factors as shown in Table 1. Those include Single Factor Authentication An authentication mechanism that utilizes any one of the factors is called single factor authentication. This is the basic authentication method. (For example, a User id and password comes under this category) Two Factor Authentication An authentication mechanism that utilizes a combination of two factors i.e. (User knows, User possesses). This method is used by various banks for authentication for online banking. E.g. User using a password as the first factor (User knows ) and a One-Time Password (OTP) as the second factor (User possesses) to perform say, a funds transfer transaction Multi Factor Authentication An authentication mechanism where two or more factors are used in which one of the factors is necessarily pertaining to the user is. (For example, a large value transaction authorized in a bank by using a combination of the person s user id, a smart card and his biometric authentication factor). 2.2 Authentication factors used by banks Authentication factors used by Indian banks Indian banks generally resort to the use of two factor authentication by seeking the username, password and OTP s to authenticate the users in online banking. Most of the banks in India resort to OTP s by means of SMS or hard tokens as a second factor of authentication. After logging into the net banking using id, password, for making any transaction banks provide OTP s and ask password (same as login password or different) to provide security and reduce fraud. Some of the banks use OTP s as a second layer of authentication immediately after logging in by id, password and also use these OTP for doing transactions. It may be mentioned that this has been implemented based on the regulatory requirements Authentication factors used by foreign banks Foreign banks also use two factor authentication for online banking. Most of banks use the basic user name, pass code and OTP s through a mobile device or OTP s provided by a security device or by a hard token. There are also instances of certain banks providing an extra layer of authentication by introducing a site key, by means of which the user-customer can identify the fake websites. Some banks provide hard tokens or security device for getting dynamic OTP s. Some banks use security tokens or mobile phones to generate these OTP s. From the above, it can be seen that although there is no specific pattern in respect of uniformity in the use of authentication factors for online banking, the approaches seem to follow a general trend, which pertains to the use of two factor authentication. Working paper No Authentication factors for Internet banking 3
4 Some of the facilities available in this area are described below 3.0 Mutual authentication Mutual authentication or two way authentication can be provided between the user and the Organization. It refers to two parties authenticating each other. When describing online authentication processes, mutual authentication is referred to as website-to-user authentication. By means of this authentication, the user knows that he/she is on the valid banking website. Mutual authentication can be implemented by providing some challenge questions. The customer selects the image (identifiable pictures), image title and a text phrase (optional) from a collection of images which are provided in the banking website at the time of enrollment. The customer can further change this image during his first login. Further when customer enters login id and before entering the password, the site randomly asks these challenge questions and when the user answers it, it displays the image, title and phrase. If the displayed image is correct then customer can enter the password and can login in. If not the customer can stop logging in and can contact the bank. This makes the customer to know whether it is a real banking website or fake website. This facility provides the customer and server to authenticate mutually so that we can reduce phishing attacks. Identifiable pictures (images) are one of the authentication factors that can be used to provide website authentication. These identifiable pictures act as an extra layer of authentication to prevent unauthorized access to the accounts and assure that the customer is at the valid online banking site. Identifiable pictures used for web authentication can be stored in three different ways. They are 1. Images stored at server side (web server), 2. Images stored at client side, and 3. Images can be divided into two shares, storing one share at server side and the other share at client side and merging the two shares using visual cryptography. The above three mechanisms have been explained in the ANNEXURE I. 3.1 Challenge-Response mechanism Challenge Response mechanism can be implemented for the high value transactions which exceed some threshold. This threshold value depends on the bank. While the customer initiates the transaction beyond the threshold value, the bank site can pose challenge question and if the customer answers it, he/she can proceed with the transaction. This facility provides an extra layer of authentication for two factor authentication (password and OTP). 4.0 Multi factor authentication Mutual authentication requires two or more of the three factors used for authenticating the user. Multi factor authentication provides users higher levels of protection for online banking fraud. Multi factor authentication includes biometrics (something the user is) as one factor; hence it improves security for online banking customers and reduces online fraud. This authentication can be provided for the customers (corporate or individual customers) who make transactions beyond the threshold value that was set up by the bank. Working paper No Authentication factors for Internet banking 4
5 5.0 SMS alert SMS can be sent to the customer immediately after the transaction. SMS sent to the customer after logging onto the online banking website. This can make the customer aware, in the case of unauthorized login or access to his/her account. SMS alerts tend to, as the name suggest only alert the customer. They can complement the authentication factors listed above. 6.0 Identifiable pictures used as authentication factor Identifiable pictures can also be used as password for authentication. These pictures can be used to generate a graphical password every time the user logins from a set of images stored in the client s computer. These images can act as one of the authentication factors (password). 7.0 Suggestions The following table outlines the broad levels of authentication suggested for enhancing the level of security in the authentication process for online banking in the Indian context. Suggestions Mutual Authentication between the user and the Organization using identifiable features such as specific pictures selected by the usercustomer. Risk Mitigation Reduces the risks associated with phishing attacks. Ease of use Cost Strengths/Weakness User friendly and easy to use, remember and implement; there are no major overheads for the bank either. Minor Costs for the banks; no cost implication for the customer Strength: It provides an extra layer of user authentication and helps the user identifying the real website. Weakness: If the entire repository of information storing the user features is compromised or breached, then the factor loses its significance. Working paper No Authentication factors for Internet banking 5
6 Challenge-Response Mechanism for high value transactions which exceed a particular threshold level. Reduces phishing type attacks; incidents arising out MIM attacks, and easy pattern recognition. Reduces the risk of Unauthorized access of accounts; and enhances safety of large value transactions. Easy to use by simply answering questions and can be implemented for transactions which cross the threshold. Cost is involved at the bank end for posing the challenge questions. No cost is involved as far as the customer is concerned. Strength: This can be used as an extra layer of authentication to reduce online fraud and improves security. Weakness: It becomes difficult for a customer to remember many challenge questions for different types of authentications. This may entice him to use the same question across multiple locations and not changing them at all for long periods of time. The weaknesses associated with passwords may apply to this factor as well. Multi factor authentication can be provided for the transactions which exceed a specific threshold level. Reduces the risks related to identity theft and man in the middle attacks etc. Easy to use. As biometrics is used cost will be involved for the bank as well as the customer. Strength: This provides a secure environment since multiple factors are used. Weakness: The customer has to navigate through multiple levels of complexity making it cumbersome. Challenges associated with rejection of certain factors such as biometrics for some target population groups do exist thus resulting in customer difficulties. Working paper No Authentication factors for Internet banking 6
7 8.0 Various Authenticating mechanisms categorized into this matrix, so that banks can offer multiple options and customers choose what is right for them Easy to crack Difficult to crack 1. Mutual authentication by identifiable pictures provides easy access and somewhat difficult to crack, provides extra layer of site authentication beyond two factor authentication. 2. Username, password along with OTP (by SMS or hard token)easy to use and difficult to crack 1. Username, password is easy to use and also easy to crack. 1. Authentication using smart cards and hard tokens (security devices) is difficult to use and difficult to crack. 2. Biometric authentication is also difficult to crack and difficult to use. 3. Multi factor authentication also provides strong authentication but at high cost. Easy to implement Difficult to implement----- Working paper No Authentication factors for Internet banking 7
8 ANNEXURE I The three different mechanisms of storing the identifiable pictures and authenticating the users to provide online security are: 1. Authentication using identifiable pictures (images) stored at server side 2. Authentication using identifiable pictures stored at client side 3. Authentication using Visual cryptography 1.0 Authentication using identifiable pictures (images) stored at server side (web server) Users can select their desired images (identifiable picture) displayed on the bank s site and the bank s server stores the image in its database. If the bank s server displays the customer s image while logging in, before entering the password, the customer can be assured that he/she is at the original online bank website. For example, in the site key mechanism [1], the bank s site stores an image and text in the bank s server and displays it when the customer. This assures the customer that he is at the valid banking site. 1.1 Advantages 1. It helps the customers to recognize whether they are at the valid banking site or at the fraudulent site. 2. It adds another layer of online security to online banking and prevents unauthorized access to the accounts. 3. It lowers the risk of identity theft and fraud. 4. Reduces the risks related to phishing attacks. 1.2 Disadvantages 1. This does not reduce the man- in- the- middle attacks fully. 2.0 Authentication using identifiable pictures stored at client side Identifiable pictures can also be stored at client side computer for assuring the user that he is on the real site and not on a phishing site. In this, the user himself provides some images and the server randomly takes some parts of the images and displays the image and then the user enters the password. Picture password mechanism is a novel integration of client side secrets and graphical passwords [2] [3]. It will ask user to create a graphical password by choosing four images in a particular order from a set of twelve. This set of twelve images which are taken from a large set of images are stored in the client s computer. Every time the user logins, he/she has to enter the particular four images in the same order to get a graphical password. It is impossible to the phisher to know the twelve images set and getting the right set of images, in the right order. Working paper No Authentication factors for Internet banking 8
9 2.1 Advantages 1. This method makes users fail to reveal even a single image from their password during the phishing attempt and, in a blind test, none revealed the entire password. 2. This feature reduces the brute force attacks and search attacks when compared to site key. 2.2 Disadvantages 1. This method can be used only when the users login from the computer from which they registered. 2. It doesn t recognize the phishing site when the user logins from the other device or computer. 3.0 Authentication using Visual cryptography Visual cryptography is a cryptographic technique which allows visual information (pictures, text, etc.) to be encrypted in such a way that the decryption can be performed by the human visual system [4, 5]. It is a visual secret sharing scheme, where an image is broken up into N shares so that only someone with all N shares could decrypt the image, while any N-1 shares revealed no information about the original image. It is as if each share was printed on a separate transparency, and decryption performed by overlaying the shares. Only when all N shares were overlaid, the original image would appear. The concept of Visual Cryptography can be used in internet banking. The picture is divided into two shares and one share can be stored at bank s server and the other share can be stored at client side. The customer is already provided with one share image and when he/she logs in, the bank s server provides the other secret shared image and by using visual cryptographic technique, the two transparencies are overlaid and display the decrypted image. It is not possible to retrieve the secret information from one of the shares. Images can be of any format. jpg, png or bitmap images can be used. 3.1 Image Decryption using visual Cryptography In this mechanism, share 1 image is stored at server side and share 2 images are stored at client side, i.e. at the client s computer. When the customer logs in to the banking site, the server side image transparency is merged through visual Cryptographic technique with client side stored image and displays the overlapped decrypted image as shown in figure 1, so that the customer can proceed with further login process. Working paper No Authentication factors for Internet banking 9
10 Share 1 Share 1 + Share 2 Share 2 Figure 1: image decryption using visual cryptography 3.2 Text decryption using Visual Cryptography Figure 2 shows the text encryption using visual cryptography. In the below figure 2, IDRBT text message has been split into two shares. The original logo is split into two of the same blocks that have full black and white pixels. When these two blocks are overlaid, they align exactly and the result is light-colored block with half white and half black pixels. If only one share is given, a second share can be crafted to reveal any possible image; hence, individual shares reveal no information about the original image [4]. Working paper No Authentication factors for Internet banking 10
11 Share 1 IDRBT Share 2 Share 1 + Share 2 Figure 2: Text decryption using visual cryptography 3.3 Advantages of visual cryptography 1. An essential advantage of visual cryptography is that there is no need for any previous knowledge or experience in the field of cryptography in order to apply it. 2. It's impossible to retrieve the information when one share is intercepted. 3. Visual cryptography is performed only with the combination of two shares. Hence it can reduce phishing attacks to some extent. 3.4 Disadvantages 1. If the customer logs in from any other device or computer, this system does not assure for phishing site, as the client side secret is stored within the registered computer. 3.5 Challenges in implementation 1. An image has to be split into two shares and merging the shares and displaying a decrypted image should be in very less time. 2. While storing one share in client s computer, i.e. the customer can login only from the registered computer. He is not able to login from any other unregistered computer. Working paper No Authentication factors for Internet banking 11
12 4.0 Conclusion This paper describes the use of identifiable pictures for authentication in internet banking. These pictures or images can be used for website authentication and to identify phishing website so that can reduce fraud and phishing. We explained the three ways of storing these pictures, storing images at server side, storing images at client side and storing one image share in server and the other share in the client s computer and merging the shares using the concept of visual cryptography. In this concept, either one share can t reveal the image only with the combination of two shares reveal the decrypted image; hence reduce phishing attacks, man in the middle attacks. 5.0 References 1. Fraud Vulnerabilities in Site Key Security at Bank of America, Review draft to Bank of America/RSA: June 26, 2006, Cambridge, MA, July 18, Picture password protects your account from phishing, 4 November PhorceField: A Phish-Proof Password Ceremony 4. Visual Cryptography Wikipedia 5. Visual Cryptography Deze pagina in het Nederlands Working paper No Authentication factors for Internet banking 12
An Enhanced Countermeasure Technique for Deceptive Phishing Attack
An Enhanced Countermeasure Technique for Deceptive Phishing Attack K. Selvan 1, Dr. M. Vanitha 2 Research Scholar and Assistant Professor, Department of Computer Science, JJ College of Arts and Science
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationAUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes
AUTHENTIFIERS Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes Authentify delivers intuitive and consistent authentication technology for use with smartphones,
More informationXYPRO Technology Brief: Stronger User Security with Device-centric Authentication
Ken Scudder Senior Director Business Development & Strategic Alliances XYPRO Technology Talbot A. Harty CEO DeviceAuthority XYPRO Technology Brief: Stronger User Security with Device-centric Authentication
More informationWhitepaper on AuthShield Two Factor Authentication with ERP Applications
Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password
More informationMulti-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies
More informationPublic Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage
Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage P. Selvigrija, Assistant Professor, Department of Computer Science & Engineering, Christ College
More informationAuthentication Types. Password-based Authentication. Off-Line Password Guessing
Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More information2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries
Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application
More informationMulti Factor Authentication API
GEORGIA INSTITUTE OF TECHNOLOGY Multi Factor Authentication API Yusuf Nadir Saghar Amay Singhal CONTENTS Abstract... 3 Motivation... 3 Overall Design:... 4 MFA Architecture... 5 Authentication Workflow...
More informationAadhaar. Security Policy & Framework for UIDAI Authentication. Version 1.0. Unique Identification Authority of India (UIDAI)
Aadhaar Security Policy & Framework for UIDAI Authentication Version 1.0 Unique Identification Authority of India (UIDAI) Table of Contents ACRONYMS AND TERMS... 3 1. INTRODUCTION... 4 2. SECURITY CONSIDERATION...
More informationFramework for Biometric Enabled Unified Core Banking
Proc. of Int. Conf. on Advances in Computer Science and Application Framework for Biometric Enabled Unified Core Banking Manohar M, R Dinesh and Prabhanjan S Research Candidate, Research Supervisor, Faculty
More informationCSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity
CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics
More informationDynamic Query Updation for User Authentication in cloud Environment
Dynamic Query Updation for User Authentication in cloud Environment Gaurav Shrivastava 1, Dr. S. Prabakaran 2 1 Research Scholar, Department of Computer Science, SRM University, Kattankulathur, Tamilnadu,
More informationEconomic and Social Council
UNITED NATIONS E Economic and Social Council Distr. GENERAL ECE/TRANS/WP.30/AC.2/2008/2 21 November 2007 Original: ENGLISH ECONOMIC COMMISSION FOR EUROPE Administrative Committee for the TIR Convention,
More informationVoice Authentication for ATM Security
Voice Authentication for ATM Security Rahul R. Sharma Department of Computer Engineering Fr. CRIT, Vashi Navi Mumbai, India rahulrsharma999@gmail.com Abstract: Voice authentication system captures the
More informationWhite Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication
White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication Page 1 of 8 Introduction As businesses and consumers grow increasingly reliant on the Internet for conducting
More informationMulti-factor authentication
CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL
More informationWHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords
WHITE PAPER AUGUST 2014 Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords 2 WHITE PAPER: PREVENTING SECURITY BREACHES Table of Contents on t Become the Next Headline
More informationRemote Access Securing Your Employees Out of the Office
Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction
More informationGuide to Evaluating Multi-Factor Authentication Solutions
Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor
More information3D PASSWORD. Snehal Kognule Dept. of Comp. Sc., Padmabhushan Vasantdada Patil Pratishthan s College of Engineering, Mumbai University, India
3D PASSWORD Tejal Kognule Yugandhara Thumbre Snehal Kognule ABSTRACT 3D passwords which are more customizable and very interesting way of authentication. Now the passwords are based on the fact of Human
More informationEntrust IdentityGuard
+1-888-437-9783 sales@identisys.com IdentiSys.com Distributed by: Entrust IdentityGuard is an award-winning software-based authentication enterprises and governments. The solution serves as an organization's
More informationWHITE PAPER Usher Mobile Identity Platform
WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction
More informationAdding Stronger Authentication to your Portal and Cloud Apps
SOLUTION BRIEF Cyphercor Inc. Adding Stronger Authentication to your Portal and Cloud Apps Using the logintc April 2012 Adding Stronger Authentication to Portals Corporate and consumer portals, as well
More informationMulti-Factor Authentication of Online Transactions
Multi-Factor Authentication of Online Transactions Shelli Wobken-Plagge May 7, 2009 Agenda How are economic and fraud trends evolving? What tools are available to secure online transactions? What are best
More informationStop Identity Theft. with Transparent Two-Factor Authentication. e-lock Corporation Sdn Bhd
Stop Identity Theft with Transparent Two-Factor Authentication e-lock Corporation Sdn Bhd December 2009 Table Of Content Table Of Content... 2 Executive Summary... 3 1. Introduction... 4 1.1 The Issue
More informationFrequently Asked Questions (FAQ)
Your personal information and account security is important to us. This product employs a Secure Sign On process that includes layers of protection at time of product log in to mitigate risk, and thwart
More informationHow CA Arcot Solutions Protect Against Internet Threats
TECHNOLOGY BRIEF How CA Arcot Solutions Protect Against Internet Threats How CA Arcot Solutions Protect Against Internet Threats we can table of contents executive summary 3 SECTION 1: CA ArcotID Security
More informationLayered security in authentication. An effective defense against Phishing and Pharming
1 Layered security in authentication. An effective defense against Phishing and Pharming The most widely used authentication method is the username and password. The advantages in usability for users offered
More informatione-governance Password Management Guidelines Draft 0.1
e-governance Password Management Guidelines Draft 0.1 DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S.
More informationecommerce Stages of Authentication Dynamic Factor Authentication
ecommerce Stages of Authentication Dynamic Factor Authentication Card Data, name & Password MagnePrint Score card swipe Password Name Hardware authentication Mutual device authentication Single factor
More informationEnhancing Organizational Security Through the Use of Virtual Smart Cards
Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company
More informationMobile multifactor security
Mobile multifactor security A revolution in authentication and digital signing Mobile multifactor security A revolution in authentication and digital signing Smartphones will continue to ship in high volumes,
More informationIDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers
IDENTITY & ACCESS Providing Cost-Effective Strong Authentication in the Cloud a brief for cloud service providers Introduction Interest and use of the cloud to store enterprise resources is growing fast.
More informationEnhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011
Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011 On 5 th March 2010, The Association of Banks in Singapore announced key measures to adopt a holistic
More informationFAQ on EMV Chip Debit Card and Online Usage
FAQ on EMV Chip Debit Card and Online Usage Security enhancement on HSBC India Debit Card A Secure Debit Card HSBC India Debit Cards are more secure and enabled with the Chip and PIN technology? You can
More informationUsing Strong Authentication for Preventing Identity Theft
Position Paper Using Strong Authentication for Preventing Identity Theft Robert Pinheiro Consulting LLC Better identity authentication has been proposed as a potential solution not only to identity theft,
More informationHere are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.
Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit
More informationHow Secure is your Authentication Technology?
How Secure is your Authentication Technology? Compare the merits and vulnerabilities of 1.5 Factor Authentication technologies available on the market today White Paper Introduction A key feature of any
More informationIDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
IDENTITY MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More informationMCU Online and MFA (Multi Factor Authentication)
MCU Online and MFA (Multi Factor Authentication) Instructions for enrolling in MFA Security. 1. Type in your account number in the User ID box and press return or click on Log in. Figure A: 2. Enter your
More informationTwo-Factor Authentication: Tailor-Made for SMS
SAP Thought Leadership Paper SAP Mobile Services Two-Factor Authentication: Tailor-Made for SMS Exploring Myths, Misconceptions, and Best Practices for SMS-Based 2FA Table of Contents 4 Understanding Two-Factor
More informationSCB Access Single Sign-On PC Secure Logon
SCB Access Single Sign-On PC Secure Logon Manage all your passwords One smart card to access all your applications past & future Multi-factor authentication Dramatically increase your security Save $150
More informationMulti-Factor Authentication
Making the Most of Multi-Factor Authentication Introduction The news stories are commonplace: Hackers steal or break passwords and gain access to a company s data, often causing huge financial losses to
More informationWith the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.
With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful. Breach Overview Q: Media reports are stating that Target experienced a data breach. Can you provide more
More informationKEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS
KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com info@plurilock.com 2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric
More informationSecure Web Access Solution
Secure Web Access Solution I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. E-CODE SECURE WEB ACCESS SOLUTION... 3 OVERVIEW... 3 PKI SECURE WEB ACCESS... 4 Description...
More informationOnline Cash Management Security: Beyond the User Login
Online Cash Management Security: Beyond the User Login Sonya Crites, CTP, SunTrust Anita Stevenson-Patterson, CTP, Manheim February 28, 2008 Agenda Industry Trends Government Regulations Payment Fraud
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More informationStrong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment
Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1
More informationSECURING SELF-SERVICE PASSWORD RESET
SECURING SELF-SERVICE PASSWORD RESET FUNCTIONALITY IN WEB APPLICATIONS David A. Shpritz July, 2010 INTRODUCTION Many web applications requiring user authentication also provide self-service password reset
More informationE-Banking Regulatory Update
E-Banking Regulatory Update Hal R. Paretchan, CISA, CISSP, CFE Information Technology Specialist Federal Reserve Bank of Boston Supervision, Regulation & Credit (617) 973-5971 hal.paretchan@bos.frb.org
More informationCRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
More informationBusiness Banking Customer Login Experience for Enhanced Login Security
Business Banking Customer Login Experience for Enhanced Login Security User credentials uniquely identify each person who uses the banking platform. The intent of authentication is unequivocal verification
More informationa. StarToken controls the loss due to you losing your Internet banking username and password.
1. What is StarToken? StarToken is the next generation Internet banking security solution that is being offered by Bank of India to all its Internet Banking customers (Retail as well as Corporate). StarToken
More informationFrench Justice Portal. Authentication methods and technologies. Page n 1
French Justice Portal Authentication methods and technologies n 1 Agenda Definitions Authentication methods Risks and threats Comparison Summary Conclusion Appendixes n 2 Identification and authentication
More informationMODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION
Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION A SURVEY SHOWS THAT 90% OF ALL COMPANIES HAD BEEN BREACHED IN THE LAST 12 MONTHS. THIS PAIRED WITH THE FACT THAT THREATS
More informationReview Paper on Two Factor Authentication Using Mobile Phone (Android) ISSN 2319-9725
Review Paper on Two Factor Authentication Using Mobile Phone (Android) ISSN 2319-9725 Rahul Kale Neha Gore Kavita Nilesh Jadhav Mr. Swapnil Shinde Bachelor s Degree program in Information Technology Engineering
More informationEnhanced Login Security Frequently Asked Questions
Enhanced Login Security Frequently Asked Questions Below are Frequently Asked Questions to assist you and you can also contact Customer Service at 903-657-8525 or 800-962-1610. Q: What is Enhanced Login
More informationApplication-Specific Biometric Templates
Application-Specific Biometric s Michael Braithwaite, Ulf Cahn von Seelen, James Cambier, John Daugman, Randy Glass, Russ Moore, Ian Scott, Iridian Technologies Inc. Introduction Biometric technologies
More informationMobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager
Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords Mika Devonshire Associate Product Manager 1 Agenda 2 What is Cybersecurity? Quick overview of the core concepts 3 Cybercrime
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationDevice-Centric Authentication and WebCrypto
Device-Centric Authentication and WebCrypto Dirk Balfanz, Google, balfanz@google.com A Position Paper for the W3C Workshop on Web Cryptography Next Steps Device-Centric Authentication We believe that the
More informationMultifactor Graphical Password Authentication System using Sound Signature and Handheld Device
Multifactor Graphical Password Authentication System using Sound Signature and Handheld Device Jyoti Rao *1,Kishan Mistry #2, Bhumika Mistry #3, Divya Malviya #4, Devesh Gudway #5 # Student & Department
More informationHard vs. Soft Tokens Making the Right Choice for Security
Hard vs. Soft Tokens Making the Right Choice for Security HSTE-NB0012-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com
More informationWhen you are prompted to enroll, you will be asked to enter a Security Phrase and select/answer three different Challenge Questions.
IMPORTANT SECURITY INFORMATION We take your online security seriously. Your online banking site contains a security feature called Enhanced Authentication. Everyone will be required to enroll in Enhanced
More informationHow TraitWare TM Can Secure and Simplify the Healthcare Industry
How TraitWare TM Can Secure and Simplify the Healthcare Industry January 2015 Secure and Simplify Your Digital Life. Overview of HIPPA Authentication Standards When Title II of the Health Insurance Portability
More informationmbank Introduces Personal Security Image MFA* for Consumer on-line banking *Multi-Factor Authentication
mbank Introduces Personal Security Image MFA* for Consumer on-line banking *Multi-Factor Authentication Enhanced security for your on-line banking activities. Beginning 24 January 2007 all mbank clients
More informationSecuring corporate assets with two factor authentication
WHITEPAPER Securing corporate assets with two factor authentication Published July 2012 Contents Introduction Why static passwords are insufficient Introducing two-factor authentication Form Factors for
More informationAuthentication Scenarios India. Ramachandran
Authentication Scenarios India Ramachandran India 1.2 billion residents -640,000 villages -~800 million mobile, ~200-300 mn migrant workers Authentication Scenarios Government e-praman authentication framework
More informationA puzzle based authentication method with server monitoring
A puzzle based authentication method with server monitoring GRADUATE PROJECT REPORT Submitted to the Faculty of The School of Engineering & Computing Sciences Texas A&M University-Corpus Christi Corpus
More informationSecuring e-government Web Portal Access Using Enhanced Two Factor Authentication
Securing e-government Web Portal Access Using Enhanced Two Factor Authentication Ahmed Arara 1, El-Bahlul Emhemed Fgee 2, and Hamdi Ahmed Jaber 3 Abstract This paper suggests an advanced two-factor authentication
More informationInternational Journal of Software and Web Sciences (IJSWS) www.iasir.net
International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) ISSN (Print): 2279-0063 ISSN (Online): 2279-0071 International
More informationMulti-Factor Authentication (FMA) A new security feature for Home Banking. Frequently Asked Questions 8/17/2006
Multi-Factor Authentication (FMA) A new security feature for Home Banking Frequently Asked Questions 8/17/2006 1. Why is MFA being added? We take our obligation to protect our members seriously. To make
More informationThe Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems
The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems Becky Cutler Rebecca.cutler@tufts.edu Mentor: Professor Chris Gregg Abstract Modern day authentication systems
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 10 Authentication and Account Management Objectives Describe the three types of authentication credentials Explain what single sign-on
More informationSecurity in an Increasingly Threatened World. SMS: A better way of doing Two Factor Authentication (2FA)
Security in an Increasingly Threatened World SMS: A better way of doing Two Factor Authentication (2FA) January 2015 The Proliferation of The App World The revolution of the smart phone forever affected
More informationBuilding Secure Multi-Factor Authentication
Building Secure Multi-Factor Authentication Three best practices for engineering and product leaders Okta Inc. I 301 Brannan Street, Suite 300 I San Francisco CA, 94107 info@okta.com I 1-888-722-7871 Introduction
More informationAn Implementation of Secure Online Voting System
An Implementation of Secure Online Voting System Prof. Anisaara Nadaph 1, Rakhi Bondre 2, Ashmita Katiyar 3, Durgesh Goswami 4, Tushar Naidu 5 1 Pune University, Trinity college of Eng. And res., anisaaranadaph@gmail.com
More informationTechnical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and
Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationCreating Trust Online TM. Comodo Mutual Authentication Solution Overview: Comodo Two Factor Authentication Comodo Content Verification Certificates
Creating Trust Online TM Comodo Mutual Authentication Solution Overview: Comodo Two Factor Authentication Comodo Content Verification Certificates January 2007 Setting the stage Banking and doing business
More informationApplying Cryptography as a Service to Mobile Applications
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
More informationBriefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication.
Polling Question Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication. Please type in your response. This poll will close promptly at 1:00 pm CDT Getting the
More informationThe 4 forces that generate authentication revenue for the channel
The 4 forces that generate authentication revenue for the channel Web access and the increasing availability of high speed broadband has expanded the potential market and reach for many organisations and
More informationWhitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers
Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to
More information2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec
2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec TECHNOLOGY WHITEPAPER DSWISS LTD INIT INSTITUTE OF APPLIED INFORMATION TECHNOLOGY JUNE 2010 V1.0 1 Motivation With the increasing
More informationData Leakage Detection in Cloud Computing using Identity Services
International Journal of Computer Sciences and Engineering Open Access Research Paper Volume-4, Issue-04 E-ISSN: 2347-2693 Data Leakage Detection in Cloud Computing using Identity Services K. Mythili 1*,
More informationTwo-Factor Authentication Making Sense of all the Options
Two-Factor Authentication Making Sense of all the Options The electronic age we live in is under attack by information outlaws who love profiting from the good record of others. Now more than ever, organizations
More informationSecurity enhancement on HSBC India Debit Card
Security enhancement on HSBC India Debit Card A Secure Debit Card HSBC India Debit Cards are more secure and enabled with the Chip and PIN technology. In addition to this you can restrict usage of the
More informationReducing Fraud whilst Keeping Transactions in Motion
Reducing Fraud whilst Keeping Transactions in Motion Fraud Today Following a decrease in 2012, fraud is on the rise again, and so are the costs involved in managing it. These factors are in turn driving
More informationIntroduction to Encryption What it s all about
Introduction to Encryption What it s all about At MOA Project, we believe privacy and the ability to communicate without government or corporate eavesdropping is a basic right of all people. Some groups,
More informationKey Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking
Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed
More informationTop Authentication & Identification Methods to Protect Your Credit Union
Top Authentication & Identification Methods to Protect Your Credit Union Presented on: Thursday, May 7, 2 3 ET Co presented by: Ann Davidson VP of Risk Consulting at Allied Solutions Tammy Behnke Credit
More informationBlackShield Authentication Service
BlackShield Authentication Service Guide for Users of CRYPTOCard MP-1 Software Tokens on Smart Phones Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright Copyright 2011.
More informationStrong Authentication for Secure VPN Access
Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More information