WHITE PAPER Moving Beyond the FFIEC Guidelines

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "WHITE PAPER Moving Beyond the FFIEC Guidelines"

Transcription

1 WHITE PAPER Moving Beyond the FFIEC Guidelines How Device Reputation Offers Protection Against Future Security Threats

2 Table of Contents Introduction 1 The FFIEC Guidelines 2 Why Move Beyond Complex Device ID to Device Reputation? iovation s Device Reputation Service 4 Conclusion 8

3 Introduction With the continued growth of electronic banking and the greater sophistication of fraudsters, more effective security measures are required in order for financial institutions to reduce fraudulent activities and transactions. Criminal groups have expanded rapidly, becoming more specialized in financial fraud and much more successful in developing and deploying effective, complicated, and malicious methods to compromise authentication mechanisms and gain unauthorized access to customers online accounts. During the last several years, fraudsters have moved beyond account origination and are now also executing account takeover maneuvers, causing financial institutions and consumers to experience substantial losses. In the past few years alone, thousands of publicly reported data breach incidents have occurred, compromising over 460 million sensitive records; and creating hundreds of millions of dollars in losses resulting from online account takeovers and illicit funds transfers. The continued explosion of mobile connectivity and services only compounds the security challenges financial institutions face today. All of these factors are driving the necessity for the implementation of additional proactive security controls to better protect financial institutions and their customers. Berg Insight forecasts that the worldwide usage of mobile banking and related services will grow at a compound annual rate of 89% to reach 913 million users in

4 The FFIEC Guidelines In June of 2011, the Federal Financial Institutions Examination Council (FFIEC) issued a supplement to the Authentication in an Internet Banking Environment guidance (originally released in October 2005). The original guidance provided a risk management framework for financial institutions offering Internet-based products and services to their customers. The supplement reinforces the framework and updates supervisory expectations for customer authentication, layered security, and other controls in the increasingly hostile online environment. The FFIEC is concerned that customer authentication methods and controls have become less effective causing financial institutions and customers to face significant risks. These latest guidelines recommend minimum safeguards financial institutions should implement in order to protect themselves and their customers from hundreds of millions of dollars in potential losses caused by attack tools streamlined into downloadable kits and frighteningly sophisticated malware. The FFIEC s Supplement to Authentication in an Internet Banking Environment emphasizes the utilization of: Risk assessments Customer authentication for high-risk transactions Layered security programs Effectiveness of certain authentication techniques Customer awareness and education According to ComScore, in Q4 2010, 29.8 million Americans accessed financial service accounts (bank, credit card, or brokerage) via their mobile device, up 54 percent from The new FFIEC guidelines instruct banks and financial institutions to focus network defenses on layered security that involves fraud monitoring, dual customer authorization through different access devices, out-of-band verification, and technologies that limit the fraudulent transactional use of an account. The guidelines state that it is important to move from simple device identification to complex device identification, yet taking it one step further to device reputation, is what many leading financial institutions already have in place. This will ensure that financial institutions utilize the maximum protection possible against future security risks, and also prepare them for the FFIEC audits scheduled to begin in January Why Move Beyond Complex Device ID to Device Reputation? Most banks and financial institutions have already implemented simple device ID, which typically uses a cookie loaded onto a customer s PC confirming that it is the same PC originally enrolled by the customer, and that it matches the logon ID and password provided. However, this type of cookie can be copied and moved to a fraudster s PC, allowing the fraudster to impersonate a legitimate customer. 2

5 Complex device ID involves the creation of a digital fingerprint based on several characteristics of the device including hardware and software configuration, Internet protocol addresses, and geolocation. Unfortunately, complex device ID by itself only increases the strength of identification; it does little to increase the efficacy of an overall anti-fraud strategy. So while complex device ID provides a more secure line of defense over simple device ID and protects financial institutions against what the fraudsters dreamed up yesterday, notable personal security and identify theft expert, Robert Siciliano, suggests a smooth progression from complex device ID to device reputation to extend this protection for tomorrow s threats. Device reputation offers all of the security measures that complex device ID does, but it also strategically incorporates velocity, anomalies, proxy busting, webs of associations, and fraud and abuse histories. Device reputation moves from a micro to a macro view of transactions which takes into account how particular devices behave or have behaved beyond its activities with a financial institution, its usage by a current user or other users, and/or its relationship to other devices. Device reputation is the most comprehensive response and effective strategy available to address the FFIEC s call for fraud detection and monitoring systems that include consideration of customer history and behavior, that enable a timely and effective institution response. SIMPLE DEVICE ID COMPLEX DEVICE ID DEVICE REPUTATION Cookies / Tokens IP / Geolocation Device Fingerprint Browser Anomalies Behavior Patterns Evidence Shared Experience Hidden Associations Velocity Real IP / Proxy Piercing 3

6 iovation s Device Reputation Service In most device fingerprinting implementations, a newly purchased device has no connections and no history. One of the important and unique elements in iovation s device reputation service, ReputationManager 360, is its accommodation of the movement between devices and users. Gartner, Inc. positioned iovation in the Visionary Quadrant in the analyst firm s 2011 Magic Quadrant for Web Fraud Detection report, published April 19, With iovation s device reputation service, when a device (PC, Mac, laptop, tablet, mobile phone) tries to log in or complete a transaction with a financial institution, a real-time query is automatically sent to iovation related to the reputation of that device in order to assess the risk details and reach a decision whether to approve, deny and/or review the transaction. In fractions of a second, customized rules determine if a particular device has been seen before, which other devices it s related to, if any of iovation s other subscribers have seen those devices and/or had negative experiences with them; and if so, what kind of evidence has been placed against those devices. A check is also made to discover whether the specific device has any anomalous characteristics that merit suspicion, such as a browser language set in Chinese and a timezone of Panama. RM 360 FEATURES Dual-path Device ID Customer History and Behavior Script and Man-in-the- Middle (MITM) detection IP Reputation Policies and Practice Authentication RM 360 IMPLEMENTATION As part of our device reputation determination, iovation uses a 2-stage device identification strategy in order to uniquely identify devices, and correctly re-recognize devices we have seen before. This includes both token and tokenless based patterns for accurate identification, as well as control over tolerance for false positives/negatives. Commercial evidence regarding hundreds of millions of devices all over the world and from major global online brands provides factual information about past behavior. iovation velocity rules allow tracking of accounts per device, devices per account, and transactions per account, each evaluated against customizable thresholds. iovation checks IP addresses against white and block lists, flags proxies and sees through them to get the real IP. Business rules are a direct reflection of policy through selective application, thresholds and weights. iovation APIs support integration with third party services for customer authentication. 4

7 The reputation of a device is based on a living database of over a billion devices from every country in the world, providing a 360-degree view of a device s reputation. And since denying access or transactions to legitimate clients can damage customer relationships, iovation s device reputation service is managed with an eye toward near-zero false positives in device identification. iovation is the only service provider that can truly comment on device reputation around the world, across subscribers, with over 30 evidence risk types, and over 2,000 fraud professionals involved in updating the reputations of devices internationally every minute of every day. One large bank designed a log-in flow using iovation ReputationManager 360 plus authentication. Previously, legitimate customers who logged on to single accounts from multiple devices were repeatedly challenged, which could have led to unwanted churn in the bank s user base. Since device reputation enabled the bank to confidently and automatically map account-to-device relationships, repeated association between an account and a particular device was allowed to trump the authentication system s call for a challenge. The result was increased satisfaction through a system that exceeded expectations and vigorously protected customer security. DIAGRAM 1 Device Reputation Reduces Friction Device Reputation Yes No Yes No Authentication 5

8 The FFIEC guidelines suggest the implementation of value thresholds and consideration of the number of transactions allowed. Imagine a fraudster using scripted login attempts at a single financial institution on multiple accounts, but staying under the risk engine s alert threshold triggers for each individual account. This cumulative velocity would clearly exceed the norms; iovation s device velocity rules facilitate deeper visibility by allowing an institution to view activity across multiple institutions and multiple accounts originated from a single device. Another FFIEC suggestion is the use of IP reputation tools to block connection from known and suspected devices. Most institutions use third-party tools to identify anonymous proxies. However, iovation s device reputation service uses Real IP, which exposes the true IP of a device regardless of whether or not it is using an anonymous proxy. Utilizing data throughout the subscriber network provides a global view of that IP address, any evidence against it, or any devices in its web of associations. Through this mechanism, financial institutions can instantly leverage comments updated in real-time on high-risk ISPs and IP addresses. Device reputation components that financial institutions can implement in order to comply with and move beyond the FFIEC guidelines include real-time rules, forensics and reporting. These are a variety of valuable analytics and reports that work in conjunction with those real-time components to maximize protection and provide the most in-depth view of any device or web of devices. DIAGRAM 2 Device Reputation Solutions for FFIEC Compliance Real-time Rules Velocity Account Geolocation Account/Device Device/Device Forensics RM 360 Portal Evidence Placement Associations Matrixes Targeted Accounts Lookup Reporting Daily Account Takeover Suspicious Activity Daily Evidence Transaction History Strategically interwoven into security layers like authentication, iovation ReputationManager 360 helps maintain client satisfaction, minimize support calls, and ensure a competitive position in a challenging marketplace. iovation s Business Rules Editor allows financial institutions to see their rules at a glance, create new rules, adjust settings as new threats emerge and enable or disable rules at any time. 6

9 Banks can configure and weight business rules in categories including: Evidence Rules Trigger an alert when activity comes from an account or device already associated with fraud such as online scams or financial fraud. Geolocation Rules Trigger an alert when activity is coming from an unauthorized country or through a proxy. Velocity Rules Trigger alerts when thresholds for the number of accounts opened, or the number of devices accessing an account has been exceeded within a certain timeframe or when an account has been accessed by too many countries. Watch List Rules Trigger alerts on your pre-defined list of attributes. These lists can be set up as positive or negative lists, depending on what result or weight you assign to the rule. Lists could include accounts, devices, IP ranges, ISP lists and more. Age-Based Rules Trigger an alert based on the amount of experience that you have with a device or device-account pair. If activity comes from a device that has never previously been associated with an account in your system, you may want to offer additional authentication questions prior to giving account access. Anomaly Rules While individual device characteristics may not be indicators of risk, certain characteristics are worth monitoring, or several in combination with each other may indicate attempts by the user to evade detection. Risk Profile Rules Profile risk rules look at the specific combination of characteristics for the device accessing a site and then assesses the risk by examining all other devices in iovation s system that look similar. These profiles are based on devices that have accessed your financial site, as well as devices seen at any of iovation s global client sites. Banks can manage their business rule sets without requiring IT support or changes to the web integration. The Business Rules Editor is a standard component of iovation s ReputationManager 360 fraud prevention service. The truly forward-thinking have already moved on (from complex device ID) and are successfully leveraging the benefits of device reputation and shared device intelligence. Robert Siciliano / Personal security and identity theft expert 7

10 Conclusion With fraudsters becoming more innovative every day, it s no longer sufficient to protect against yesterday s threats. Since virtually every authentication technique can be compromised, financial institutions should not rely solely on any single control for authorizing transactions, but should instead utilize a system of layered security. Whether users are accessing a website through a PC or any type of mobile device connected to the Internet via a wireless network, iovation quickly identifies the device and generates critical device reputation intelligence. This allows financial institutions to instantly determine the risk of a transaction and provides an extra layer of protection without disrupting the customer s experience. By implementing iovation s device reputation service at the start of the fraud detection process, financial institutions can easily meet the FFIEC s compliance requirements and move beyond the latest guidelines to address future security threats. Please contact us to learn more about exceeding FFIEC guidelines by ing or calling (503) ABOUT IOVATION iovation protects online businesses and their end users against fraud and abuse, and identifies trustworthy customers through a combination of advanced device identification, shared device reputation, device-based authentication and real-time risk evaluation. More than 3,000 fraud managers representing global retail, financial services, insurance, social network, gaming and other companies leverage iovation s database of more than 2 billion Internet devices and the relationships between them to determine the level of risk associated with online transactions. The company s device reputation database is the world s largest, used to protect 12 million transactions and stop an average of 200,000 fraudulent activities every day. The world s foremost fraud experts share intelligence, cybercrime tips and online fraud prevention techniques in iovation s Fraud Force Community, an exclusive virtual crime-fighting network. For more information, visit GLOBAL HEADQUARTERS iovation Inc 111 SW 5th Avenue, Suite 3200 Portland, OR USA PH +1 (503) FX +1 (503) UNITED KINGDOM PH +44 (0)

WHITE PAPER. Internet Gambling Sites. Expose Fraud Rings and Stop Repeat Offenders with Device Reputation

WHITE PAPER. Internet Gambling Sites. Expose Fraud Rings and Stop Repeat Offenders with Device Reputation WHITE PAPER Internet Gambling Sites Expose Fraud Rings and Stop Repeat Offenders with Device Reputation Table of Contents Confident Casinos: How to stop fraud before it starts 1 Organized Fraud: A Growing

More information

WHITE PAPER Fighting Banking Fraud Without Driving Away Customers

WHITE PAPER Fighting Banking Fraud Without Driving Away Customers WHITE PAPER Fighting Banking Fraud Without Driving Away Customers Effective Methods for Targeting Cybercrime in Financial Services Table of Contents Introduction 1 Stopping Fraud: One Goal Among Many 2

More information

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP White Paper FFIEC Authentication Compliance Using SecureAuth IdP September 2015 Introduction Financial institutions today face an important challenge: They need to comply with guidelines established by

More information

WHITE PAPER. Credit Issuers. Stop Application Fraud at the Source With Device Reputation

WHITE PAPER. Credit Issuers. Stop Application Fraud at the Source With Device Reputation WHITE PAPER Credit Issuers Stop Application Fraud at the Source With Device Reputation Table of Contents Overview 1 Why you need more than conventional methods of fraud detection 2 It is not just credit

More information

ACI Response to FFIEC Guidance

ACI Response to FFIEC Guidance ACI Response to FFIEC Guidance Version 1 July 2011 Table of contents Introduction 3 FFIEC Supervisory Expectations 4 ACI Online Banking Fraud Management 8 Online Banking Fraud Detection and Prevention

More information

Protecting Online Gaming and e-commerce Companies from Fraud

Protecting Online Gaming and e-commerce Companies from Fraud Protecting Online Gaming and e-commerce Companies from Fraud White Paper July 2007 Protecting Online Gaming and e-commerce Companies from Fraud Overview In theory, conducting business online can be efficient

More information

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login

More information

Supplement to Authentication in an Internet Banking Environment

Supplement to Authentication in an Internet Banking Environment Federal Financial Institutions Examination Council 3501 Fairfax Drive Room B7081a Arlington, VA 22226-3550 (703) 516-5588 FAX (703) 562-6446 http://www.ffiec.gov Purpose Supplement to Authentication in

More information

Solving Online Credit Fraud Using Device Identification and Reputation

Solving Online Credit Fraud Using Device Identification and Reputation Solving Online Credit Fraud Using Device Identification and Reputation White Paper July 2007 Solving Online Credit Fraud Using Device Identification and Reputation About this White Paper iovation has pioneered

More information

FFIEC BUSINESS ACCOUNT GUIDANCE

FFIEC BUSINESS ACCOUNT GUIDANCE FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit unions and business account holders to make online banking safer and more secure from account hijacking and unauthorized funds

More information

FFIEC CONSUMER GUIDANCE

FFIEC CONSUMER GUIDANCE FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their

More information

Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.

Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit

More information

10 Things Every Web Application Firewall Should Provide Share this ebook

10 Things Every Web Application Firewall Should Provide Share this ebook The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security

More information

Device Fingerprinting and Fraud Protection Whitepaper

Device Fingerprinting and Fraud Protection Whitepaper Device Fingerprinting and Fraud Protection Whitepaper 1 of 6 Table Of Contents 1 Overview... 3 2 What is Device Fingerprinting?... 3 3 Why is Device fingerprinting necessary?... 3 4 How can Device Fingerprinting

More information

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing

More information

WHITE PAPER Fighting Mobile Fraud

WHITE PAPER Fighting Mobile Fraud WHITE PAPER Fighting Mobile Fraud Protecting Businesses and Consumers from Cybercrime Table of Contents Executive Summary 1 Introduction 2 The Challenge 3 Keeping Pace with Mobile Innovation 4 Business

More information

FFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager

FFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager FFIEC Supplemental Guidance to Authentication in an Robert Farmer Senior Technology Compliance Manager 1 888 250 4400 Effective Date The FFIEC Supplement to Authentication in an was issued on June 28,

More information

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users Table of Contents How TrustDefender Mobile Works 4 Unique Capabilities and Technologies 5 Host Application Integrity

More information

A strategic approach to fraud

A strategic approach to fraud A strategic approach to fraud A continuous cycle of fraud risk management The risk of fraud is rising at an unprecedented rate. Today s tough economic climate is driving a surge in first party fraud for

More information

How Device Identification Defeats Online Fraud Whitepaper

How Device Identification Defeats Online Fraud Whitepaper How Device Identification Defeats Online Fraud Whitepaper Verify New Account Originations Authorize Payments and Transactions Authenticate User Logins Overview The Internet makes it fast and easy for people

More information

Protect Your Business and Customers from Online Fraud

Protect Your Business and Customers from Online Fraud DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently

More information

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

More information

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Beyond passwords: Protect the mobile enterprise with smarter security solutions IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive

More information

TrustDefender Mobile Technical Brief

TrustDefender Mobile Technical Brief TrustDefender Mobile Technical Brief Fraud Protection for Native Mobile Applications TrustDefender Mobile from ThreatMetrix is a lightweight SDK library for Google Android and Apple ios mobile devices.

More information

INTELLIGENCE DRIVEN FRAUD PREVENTION

INTELLIGENCE DRIVEN FRAUD PREVENTION INTELLIGENCE DRIVEN FRAUD PREVENTION OVERVIEW If you were in business 15 years ago, the term cybercrime was just hitting the mainstream and cyber criminals were transitioning from showing off technical

More information

Five Trends to Track in E-Commerce Fraud

Five Trends to Track in E-Commerce Fraud Five Trends to Track in E-Commerce Fraud Fraud is nothing new if you re in the e-commerce business you probably have a baseline level of fraud losses due to stolen credit cards, return fraud and other

More information

The Cloud App Visibility Blindspot

The Cloud App Visibility Blindspot The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before

More information

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer. THE 2014 THREAT DETECTION CHECKLIST Six ways to tell a criminal from a customer. Telling criminals from customers online isn t getting any easier. Attackers target the entire online user lifecycle from

More information

Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper

Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention White Paper Table of Contents Executive Summary 3 Key Requirements for Effective and Sustainable Online Banking Fraud Prevention

More information

Fight identity-theft tax fraud with integrated layers of authentication

Fight identity-theft tax fraud with integrated layers of authentication WHITE PAPER Fight identity-theft tax fraud with integrated layers of authentication Jeffrey Huth Vice President, Product Strategy TransUnion Government Information Solutions Executive summary Identity-theft

More information

RSA Adaptive Authentication For ecommerce

RSA Adaptive Authentication For ecommerce RSA Adaptive Authentication For ecommerce Risk-based 3D Secure for Credit Card Issuers SOLUTION BRIEF RSA FRAUD & RISK INTELLIGENCE The Threat of ecommerce Fraud ecommerce fraud is a threat to both issuers

More information

Electronic Fraud Awareness Advisory

Electronic Fraud Awareness Advisory Electronic Fraud Awareness Advisory Indiana Bankers Association Fraud Awareness Task Force February, 2012 Electronic Fraud Awareness Advisory Purpose/Summary The Indiana Bankers Association (IBA) was involved

More information

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction

More information

Security Best Practices

Security Best Practices White Paper Security Best Practices Maintaining tight security, including using both standard and advanced fraud detection and prevention tools, is crucial to maintaining a successful business. No merchant

More information

ThreatMetrix Persona DB Technical Brief

ThreatMetrix Persona DB Technical Brief ThreatMetrix Persona DB Technical Brief Private and Scalable Entity/Attribute Database Persona DB is part of the TrustDefender Cybercrime Prevention Platform from ThreatMetrix. It s an extensible, enterprise-accessible

More information

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security

More information

McAfee Acquires NitroSecurity

McAfee Acquires NitroSecurity McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security

More information

Are All High-Risk Transactions Created Equal?

Are All High-Risk Transactions Created Equal? Are All High-Risk Transactions Created Equal? How to Minimize FFIEC Exam Pain 1 Lee Wetherington, AAP Director of Strategic Insight ProfitStars @leewetherington Agenda New Supplement to FFIEC Guidance

More information

Strengthen security with intelligent identity and access management

Strengthen security with intelligent identity and access management Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers

More information

WHITE PAPER. VeriSign Identity Protection Fraud Detection Service An Overview

WHITE PAPER. VeriSign Identity Protection Fraud Detection Service An Overview VeriSign Identity Protection Fraud Detection Service An Overview CONTENTS + Introduction 3 + Fraud Detection Risk-Based 3 Authentication + Detecting Fraud in Web 4 Transactions + Rules Engines 5 + Anomaly

More information

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security

More information

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users Table of Contents How TrustDefender Mobile Works 4 Unique Technologies and Features 4 Dynamic Configuration and

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

DETECT MONITORING SERVICES MITIGATING THE EPSILON EMAIL BREACH SUMMARY

DETECT MONITORING SERVICES MITIGATING THE EPSILON EMAIL BREACH SUMMARY DETECT MONITORING SERVICES MITIGATING THE EPSILON EMAIL BREACH SUMMARY The April 1st statement released by the marketing firm Epsilon has turned out to be no April Fools Day joke. Sophisticated and targeted

More information

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection Foreword The consumerization

More information

CA Arcot RiskFort. Overview. Benefits

CA Arcot RiskFort. Overview. Benefits PRODUCT SHEET: CA Arcot RiskFort CA Arcot RiskFort CA Arcot RiskFort provides real-time protection against identity theft and online fraud via risk based, adaptive authentication. It evaluates the fraud

More information

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge

More information

one admin. one tool. Providing instant access to hundreds of industry leading verification tools.

one admin. one tool. Providing instant access to hundreds of industry leading verification tools. 2 7 12 14 11 15 8 16 10 41 40 42 19 49 45 44 50 48 47 51 46 52 53 55 54 56 57 67 68 1 5 39 43 58 71 81 82 69 70 88 25 29 23 26 22 3 21 28 4 6 32 30 38 33 31 37 34 35 36 63 59 64 60 62 61 65 72 73 66 74

More information

Prevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA

Prevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA Prevent Malware attacks with F5 WebSafe and MobileSafe Alfredo Vistola Security Solution Architect, EMEA Malware Threat Landscape Growth and Targets % 25 Of real-world malware is caught by anti-virus Malware

More information

ONLINE AND MOBILE BANKING, YOUR RISKS COVERED

ONLINE AND MOBILE BANKING, YOUR RISKS COVERED ONLINE AND MOBILE BANKING, YOUR RISKS COVERED WITH KASPERSKY FRAUD PREVENTION ONLINE AND MOBILE BANKING, YOUR RISKS COVERED WITH KASPERSKY FRAUD PREVENTION Financial fraud is a serious risk with damaging

More information

ENABLING FAST RESPONSES THREAT MONITORING

ENABLING FAST RESPONSES THREAT MONITORING ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,

More information

PCI Data Security Standards (DSS)

PCI Data Security Standards (DSS) ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants

More information

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide

More information

Protecting Against Online Fraud with F5

Protecting Against Online Fraud with F5 Protecting Against Online Fraud with F5 Fraud is a relentless threat to financial services organizations that offer online banking. The F5 Web Fraud Protection solution defends against malware, phishing

More information

The State of Insurance Fraud Technology. A study of insurer use, strategies and plans for anti-fraud technology

The State of Insurance Fraud Technology. A study of insurer use, strategies and plans for anti-fraud technology The State of Insurance Fraud Technology A study of insurer use, strategies and plans for anti-fraud technology September 2014 The State of Insurance Fraud Technology A study of insurer use, strategies

More information

Concierge SIEM Reporting Overview

Concierge SIEM Reporting Overview Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts

More information

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview 2 RSA and Citrix have a long history of partnership based upon integration between RSA Adaptive Authentication and Citrix NetScaler

More information

Fighting Online Fraud

Fighting Online Fraud White Paper Fighting Online Fraud Maintaining tight security, including using both standard and advanced fraud detection and prevention tools, is crucial to maintaining a successful business. No merchant

More information

Multi-Factor Authentication of Online Transactions

Multi-Factor Authentication of Online Transactions Multi-Factor Authentication of Online Transactions Shelli Wobken-Plagge May 7, 2009 Agenda How are economic and fraud trends evolving? What tools are available to secure online transactions? What are best

More information

SECURING IDENTITIES IN CONSUMER PORTALS

SECURING IDENTITIES IN CONSUMER PORTALS SECURING IDENTITIES IN CONSUMER PORTALS Solution Brief THE CHALLENGE IN SECURING CONSUMER PORTALS TODAY The Bilateral Pull between Security and User Experience As the world becomes increasingly digital,

More information

Reliance Bank Fraud Prevention Best Practices

Reliance Bank Fraud Prevention Best Practices Reliance Bank Fraud Prevention Best Practices May 2013 User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters and numbers.

More information

ACH AND WIRE FRAUD LOSSES

ACH AND WIRE FRAUD LOSSES ACH AND WIRE FRAUD LOSSES Financial Institution Technology Funnel Matthew G. Brenner Date: September 26, 2013 Orlando, Florida www.lowndes-law.com What We Will Cover Why is this important? Who does this

More information

ACCEPT MORE ORDERS, FROM MORE PEOPLE, IN MORE PLACES.

ACCEPT MORE ORDERS, FROM MORE PEOPLE, IN MORE PLACES. ACCEPT MORE ORDERS, FROM MORE PEOPLE, IN MORE PLACES. Kount s fraud prevention platform helps you maximize sales. Now you can sell more, to more people, and in more markets than ever before. SELL MORE

More information

Corporate Account Take Over (CATO) Guide

Corporate Account Take Over (CATO) Guide Corporate Account Take Over (CATO) Guide This guide was created to increase our customers awareness of the potential risks and threats that are associated with Internet and electronic- based services,

More information

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May 2014. TrustInAds.org. Keeping people safe from bad online ads

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May 2014. TrustInAds.org. Keeping people safe from bad online ads Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams May 2014 TrustInAds.org Keeping people safe from bad online ads OVERVIEW Today, even the most tech savvy individuals can find themselves

More information

White paper. Convenient Multi-Factor Authentication (MFA) for Web Portals & Enterprise Applications

White paper. Convenient Multi-Factor Authentication (MFA) for Web Portals & Enterprise Applications White paper Convenient Multi-Factor Authentication (MFA) for Web Portals & Enterprise Applications As the usage of online portals, SSL VPN applications, and web access management (WAM) products continue

More information

The SIEM Evaluator s Guide

The SIEM Evaluator s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,

More information

Best Practices in Account Takeover

Best Practices in Account Takeover WHITEPAPER Best Practices in Account Takeover July 2013 2 Table of Contents Introduction 3 Account Takeover is Painful 4 Differences between Account Takeover and Account Compromise 4 Why Account Compromise

More information

Your security is our priority

Your security is our priority Your security is our priority Welcome to our Cash Management newsletter for businesses. You will find valuable information about how to limit your company s risk for fraud. We offer a wide variety of products

More information

Evaluating DMARC Effectiveness for the Financial Services Industry

Evaluating DMARC Effectiveness for the Financial Services Industry Evaluating DMARC Effectiveness for the Financial Services Industry by Robert Holmes General Manager, Email Fraud Protection Return Path Executive Summary Email spoofing steadily increases annually. DMARC

More information

ALERT LOGIC FOR HIPAA COMPLIANCE

ALERT LOGIC FOR HIPAA COMPLIANCE SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare

More information

Turning on network protections for Web Fraud

Turning on network protections for Web Fraud Turning on network protections for Web Fraud Gad Elkin Regional Sales Director, EMEA Alfredo Vistola Security Solution Architect, EMEA Fraud and malware remains a challenge Malware/Fraud Statistics Phishing

More information

RSA Web Threat Detection

RSA Web Threat Detection RSA Web Threat Detection Online Threat Detection in Real Time Matthew Joseff, Sr. Technology Evangelist, RSA 2 RSA Web Threat Detection Online Threat Detection in Real Time Matthew Joseff, Sr. Technology

More information

Transaction Anomaly Protection Stopping Malware At The Door. White Paper

Transaction Anomaly Protection Stopping Malware At The Door. White Paper Transaction Anomaly Protection Stopping Malware At The Door White Paper Table of Contents Overview 3 Programmable Crime Logic Alter Web Application Flow & Content 3 Programmable Crime Logic Defeats Server-Side

More information

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

2015 CENTRI Data Breach Report:

2015 CENTRI Data Breach Report: INDUSTRY REPORT 2015 CENTRI Data Breach Report: An Analysis of Enterprise Data Breaches & How to Mitigate Their Impact P r o t e c t y o u r d a t a Introduction This industry report attempts to answer

More information

Product. Onboard Advisor Minimize Account Risk Through a Single, Integrated Onboarding Solution

Product. Onboard Advisor Minimize Account Risk Through a Single, Integrated Onboarding Solution Product Onboard Advisor Minimize Account Risk Through a Single, Integrated Onboarding Solution Product Losses from account fraud and debit risk are growing, so you ve got to move quickly and decisively

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning Niara Security Analytics Automatically detect attacks on the inside using machine learning Automatically detect attacks on the inside Supercharge analysts capabilities Enhance existing security investments

More information

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value. SYMANTEC MANAGED SECURITY SERVICES Superior information security delivered with exceptional value. A strong security posture starts with a smart business decision. In today s complex enterprise environments,

More information

Smart Device Identification for Cloud-Based Fraud Prevention. Alisdair Faulkner Chief Products Officer

Smart Device Identification for Cloud-Based Fraud Prevention. Alisdair Faulkner Chief Products Officer Smart Device Identification for Cloud-Based Fraud Prevention Alisdair Faulkner Chief Products Officer Contents Basic Device Identification is no longer enough... 3 Times have changed but your Device ID

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

Understanding and Combating Online Fraud in 2014

Understanding and Combating Online Fraud in 2014 Understanding and Combating Online Fraud in 2014 Fraud is pervasive online and high-risk merchants must be vigilant in employing a multi-layered, comprehensive approach to security and risk management.

More information

On-Premises DDoS Mitigation for the Enterprise

On-Premises DDoS Mitigation for the Enterprise On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has

More information

Top five strategies for combating modern threats Is anti-virus dead?

Top five strategies for combating modern threats Is anti-virus dead? Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.

More information

Best Practices: Reducing the Risks of Corporate Account Takeovers

Best Practices: Reducing the Risks of Corporate Account Takeovers Best Practices: Reducing the Risks of Corporate Account Takeovers California Department of Financial Institutions September 2012 INTRODUCTION A state led cooperative effort, including the United States

More information

Securing Your Software for the Mobile Application Market

Securing Your Software for the Mobile Application Market WHITE PAPER: SECURING YOUR SOFTWARE FOR THE MOBILE APPLICATION MARKET White Paper Securing Your Software for the Mobile Application Market The Latest Code Signing Technology Securing Your Software for

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

Stay ahead of insiderthreats with predictive,intelligent security

Stay ahead of insiderthreats with predictive,intelligent security Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent

More information

A Practical Guide to Anomaly Detection

A Practical Guide to Anomaly Detection A Practical Guide to Anomaly Detection Implications of meeting new FFIEC minimum expectations for layered security White Paper A Practical Guide to Anomaly Detection: Implications of meeting new FFIEC

More information

Case Study SMS Two Factor Authentication. Contact us Infracast Ltd, Merlin House Brunel Road, Theale, Berkshire, RG7 4AB

Case Study SMS Two Factor Authentication. Contact us Infracast Ltd, Merlin House Brunel Road, Theale, Berkshire, RG7 4AB Case Study SMS Two Factor Authentication Contact us Infracast Ltd, Merlin House Brunel Road, Theale, Berkshire, RG7 4AB T M W 0117 123 4567 07989 101 112 www.infracast.com 01 - About Infracast Infracast

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

FFIEC Authentication Guidance Examination in 2012: Are You Prepared?

FFIEC Authentication Guidance Examination in 2012: Are You Prepared? FFIEC Authentication Guidance Examination in 2012: Are You Prepared? Areas of Continuity, Change, and Emphasis The Knowledge Congress LIVE Webcast March 8, 2012 Andrew Lorentz Partner, Washington, D.C.

More information

FRAUD PREVENTION IN M-COMMERCE: ARE YOU FUTURE PROOFED? A Chase Paymentech Paper

FRAUD PREVENTION IN M-COMMERCE: ARE YOU FUTURE PROOFED? A Chase Paymentech Paper FRAUD PREVENTION IN M-COMMERCE: ARE YOU FUTURE PROOFED? A Chase Paymentech Paper In the UK, Europe s largest online market, consumers continue to embrace m-commerce at an astonishing speed with an estimated

More information

Feature. Log Management: A Pragmatic Approach to PCI DSS

Feature. Log Management: A Pragmatic Approach to PCI DSS Feature Prakhar Srivastava is a senior consultant with Infosys Technologies Ltd. and is part of the Infrastructure Transformation Services Group. Srivastava is a solutions-oriented IT professional who

More information

The Sumo Logic Solution: Security and Compliance

The Sumo Logic Solution: Security and Compliance The Sumo Logic Solution: Security and Compliance Introduction With the number of security threats on the rise and the sophistication of attacks evolving, the inability to analyze terabytes of logs using

More information