The Implementation of Multifactor Authentication in Canadian Financial Institutions. By Wilson Yee Tsun Lo ACC 626
|
|
- Loren Ferguson
- 8 years ago
- Views:
Transcription
1 The Implementation of Multifactor Authentication in Canadian Financial Institutions By Wilson Yee Tsun Lo ACC 626
2 1.0 Introduction The Internet has enabled financial institutions to offer various additional banking services for both their individual and corporate customers. Individuals may perform online transactions and other banking services at their convenience with the click of a mouse. On the other hand, financial institutions benefit from improved efficiency and significant amount of savings. As such, online banking services are often promoted by these institutions to their customers. Nonetheless, with the increasing popularity of online financial services for customers, the main challenge is to ensure that their customer s confidential information is secured against fraud and other malicious attacks. Unlike performing a transaction at a branch where the identity may be verified in person with valid identifications, a detailed authentication process is required for online banking to monitor and control access to customer s banking information. Authentication techniques must be implemented by security professionals as a part of the company s security measures to prevent fraudulent attacks from exposing the company to unnecessary legal liabilities and a loss of business. The majority of financial institutions in the United States have implemented some form of multifactor authentication as required by the Federal Financial Institutions Examination Council. In Canada, although several institutions have voluntarily implemented multifactor authentication, there are currently no guidelines or regulations in place to enforce the security system for online banking services. The purpose of this report is to provide an analysis of multifactor authentication to determine whether financial institutions in Canada should implement some form of multifactor authentication. This is achieved by examining the features and issues of multifactor authentication and providing an in-depth analysis of the techniques that are available to implement multifactor authentication. 2.0 Analysis 2.1 What is Multifactor Authentication? Multifactor authentication is a security system in which more than one form of authentication is implemented to verify the legitimacy of a transaction. 1 In terms of internet banking services, it is used to prevent unauthorized access to a customer s online banking information by combining both physical and/or logical access controls. There are 3 general forms of authentication: 1 Multifactor Authenticaiton (MFA). 12 April TechTarget. 7 July < 1 of 14 1
3 1) Something you know (e.g. password) 2) Something you have (e.g. fob or a token) 3) Something you are (e.g. fingerprint or eye scan) 2 Multifactor authentication makes use of at least two of the above combinations. In addition to incorporating the use of technologies, institutions can also establish proper policies, procedures and controls. 3 The chief information security officer (CISO) works closely with the marketing team to design and implement a multifactor authentication product that is approved by bank customers in addressing the risks of the transactions. Risk-based assessments are carried out to determine the level of authentication controls required to properly address the risk of identity theft, online fraud and loss of confidential customer information. 4 If the risk is moderate, a combination of a shared secret and a token may be sufficient. The addition of biometrics, such as fingerprint recognition, may be required if the high-risk transactions are involved. The risk assessment must take into consideration the type of customers, the functions available, the sensitivity of the information, and the volume of transactions Implementation of Multifactor Authentication in United States The Federal Financial Institutions Examination Council (FFIEC) issued an announcement, Authentication in an Internet Banking Environment in mid-october 2005, which mandates financial institutions in the United States to review and determine which of the provided internet services require enhanced authentication techniques. 6 The single-factor authentication, which only requires one type of identification verification from the customer, is inadequate for online financial transactions. The FFIEC guideline states that the agencies consider single-factor authentication, as the only control mechanism, to be inadequate for highrisk transactions involving access to customer information or the movement of funds to other parties. 7 The FFIEC requested financial institutions to apply multifactor or any other approach that addresses high risk transactions by the end of 2006 for auditing compliance with the rules. 2 Authentication in an Internet Banking Environment. FFIEC. 11 July < 3 Ibid 4 Childs, Robert S. Banking on Multifactor Authentication. 22 February SearchFinancialSecurity. 3 June < 5 Authentication in an Internet Banking Environment. FFIEC. 11 July < 6 Cocheo, Steve. Read this before you take Multi-factor Plunge. American Bankers Association. ABA Banking Journal. May Vol. 98 Issue 5. Page ABI Inform. University of Waterloo, ON. 7 Authentication in an Internet Banking Environment. FFIEC. 11 July < 2 of 14 2
4 According to a study performed by Javelin Strategy & Research, approximately 20% of the banks in the survey were using multi-factor authentication before the deadline. In 2007, 88% of the banks have implemented multi-factor authentication techniques. 8 It should be noted that there were some confusions among the banks on the authentication technique to implement before the 2006 year-end deadline. The FFIEC guideline states that it does not endorse any particular technology. 9 It only asks financial institutions to assess their own risk and conclude on an alternative that meets their needs. However, banks, vendors and experts were over focused on the term multi-factor authentication. The FFIEC guideline does not explicitly state that multi-factor authentication is the only solution Multi-factor Authentication Technologies Share Secrets Selected by the customer during the enrollment stage, shared secrets represent some information that is known by both the customer and authenticating entity. By demanding a periodic change to the shared secret, this can enhance the security of the system, as the risk of theft decreases when it is periodically updated. Security is also enhanced when more than one shared secret is used by authenticating entities. Some examples of shared secrets include 11 : Password and PINs Questions or queries that require specific customer knowledge to answer Customer-selected images that must be identified or selected from a pool of images Tokens Tokens are physical devices that are classified under something you have. In order to achieve multi-factor authentication, companies only have to add this technology to its existing user name and password system. The three common types of tokens are: USB Tokens A USB token is a small device that can be attached to a keychain or placed in a pocket. In order to access a computer or network, the USB token is inserted into the USB port, and the user enters his/her password for authorization. Customers are not required to install any specific 8 Bruno-Britz, Maria. FFIEC Rules Making a Difference Javelin study finds more banks using multifactor authentication. Bank Systems & Technology. December Vol. 44 Issue 12. Page 17. ABI Inform. University of Waterloo, ON. 9 Authentication in an Internet Banking Environment. FFIEC. 11 July < 10 Feig, Nancy. The Final Countdown As the FFIEC Online Banking Authentication Deadline Looms, Banks work through the Confusion to select their Solutions. Bank Systems & Technology. September Vol. 43 Issue 9. Page 11. ABI Inform. University of Waterloo, ON. 11 Authentication in an Internet Banking Environment. FFIEC. 11 July < 12 Ibid 3 of 14 3
5 hardware on their computer. The authentication service then verifies the user by prompting for their password to log in to the system. 13 As USB tokens are difficult to copy and tamper-proof, they are a good candidate for storing a variety of information and security functions, such as cryptography, and other physical and logical access controls. They can store digital certificates that may be used in a public key infrastructure environment. Because of their acceptable size, processing power and storage capabilities, USB tokens are becoming popular. Its size allows the user to carry it around in their pocket and they are simple to use. 14 One of the vendors that produce USB tokens is SafeNet. The SafeNet ikey USB Token is a USB-based portable PKI authentication token that generates and stores digital credentials. 15 It allows the company to implement the technology without installing any card readers or biometric devices. Smart Cards A smart card is comparable to a credit card in its shape and size. Similar to a USB token, a microprocessor is embedded in it, containing user credentials such as digital certificates, encryption keys, and digital signatures. For log-in purposes, the smart card is inserted into a network-attached or embedded smart card reader, and the reader sends the data to the authentication server. Similarly, the authentication service then verifies the user by prompting for their password to log in to the system. 16 Due to the similarities between a smart card and a USB token, SafeNet is also a vendor that produces Smart Cards. The SafeNet Smart Card is provided in two formats as a Java card or as a multi-function card employing the highly secure DKCCOS card operating system. 17 It can also be used as a physical access control card by using magnetic stripe technologies. One-time Passwords (OTP) A one-time password (OTP) token generates a unique password every 30 or 60 seconds. Customers must enter a regular password and the OTP generated by the token in order to be authenticated. By changing the password after every use, it becomes increasingly difficult for a thief to access a customer s online account. OTP either applies mathematical algorithm to 13 Ibid 14 Multi-factor Authentication. Safe Net. 11 June < 15 Ibid 16 Ibid 17 Ibid 4 of 14 4
6 generate a new password, or relies on time synchronization between the server and the client. This is beneficial because customers do not have to worry about the risk of a theft stealing the password. However, there is a significant cost associated with this technology as hardware tokens must be supplied to customers, along with the necessary training. 18 RSA is one of the most well-known vendors that produce OTP s. Information Security Magazine ranked RSA Security SecurID as the 2005 product of the year gold award. By automatically changing the password every 60 seconds, it provides authentication when accessing data and applications via wireless networks, VPNs, and web servers. It is a token that cannot be reverse-engineered and cannot be easily broken. With its size and reputation, SecurID allows large companies to handle authentication for millions of users and hundreds of applications using its Authentication and Deployment managers Biometrics Biometric technologies are most commonly combined with a password or a token to produce a multifactor authentication system. Categorized under something you are, they record a unique physiological or physical characteristic of the individual and use it to verify a user s identity. Facial structure, iris configuration, or fingerprints is classified as physiological characteristics. The rate of movement, such as the pattern of typing on a computer keyboard is classified as a physical characteristic. During the enrollment process, a sample of data relating to the user s characteristics is gathered and stored in the biometric-based system as the template. Similar to passwords, there is a risk that these templates may be stolen. When customers log in with a live-scan, the result is compared to the registered template. Access is only granted when the result matches with the template. 20 Financial institutions in North America and Europe have increased the use of biometrics as a measure of increasing security and convenience. For example, institutions in the United States used fingerprint recognition and voice verification to comply with FFIEC. Biometrical enabled ATMs are also popular in Japan, and have been implemented in India, Latin America, and the Middle East. World Financial biometrics Market, a consulting firm, determined that 18 Myerson, Judith. Pros and cons of multifactor authentication technology for consumers. 28 May SearchFinancialSecurity.com. 3 June < 19 Products of the Year: Authentication and Authorization. 4 January SearchSecurity.com. 11 June < 20 Authentication in an Internet Banking Environment. FFIEC. 11 July < 5 of 14 5
7 $117.3 million in 2006 was generated from the sale of biometrics, and estimates that $2.07 billion will be generated in Biometric data is similar to other data. It is stored in a server, which is prone to hackers if it is not secured. Companies must ensure the transmission is encrypted when transmitting from the biometric reader to the authenticating server. 22 However, there are no regulations to protect biometric data, as it is normally treated as an authentication credential. Regulations such as Sarbanes-Oxley, Health Insurance Portability and Accountability Act and Gramm-Leach-Bliley Act require security and access controls for customers and employee data only. Biometric data is not considered as employee or customer data, thus it is not being accounted for in the regulations. 23 Biometrics provides financial institutions with better security, convenience and time efficiency. However, customers who do not know how a biometrics work perceives this tool as an invasion of their privacy. Employees and customers may be reluctant and unwilling to submit their personal biometric information. 24 This technology is complicated and requires a huge initial investment in hardware and software, when compared to passwords. For this reason, biometric authentication should only be used in high-risk systems when the cost of the breach outweighs the cost of implementing the system. For example, it may be used in a company with high-value money transfers or large amount of customer data. 25 The market for biometrics is segmented. Companies do not know whether to buy a fingerprint reader, a voice recognition system or an iris scanner. It is hard to compare each product during a company s bid process as each product is unique in terms of approach and installation. 26 However, the two biometric techniques that are becoming popular and gaining acceptance are: 21 Frost & Sullivan: The Use of Biometrics in Financial Institutions Is on the Rise. Wireless News. 31 May ABI Inform. University of Waterloo, ON. 22 Dubin, Joel. Should we use biometric authentication on devices. 6 June SearchSecurity.com. 11 June < 23 Dubin, Joel. Is there any policy or regulation to help protect biometric data. 2 May SearchSecurity.com. 7 June < 57>. 24 Frost & Sullivan: The Use of Biometrics in Financial Institutions Is on the Rise. Wireless News. 31 May ABI Inform. University of Waterloo, ON. 25 Dubin, Joel. Will biometric authentication replace the password. 15 December SearchSecurity.com. 6 June < 26 Dubin, Joel. Should we use biometric authentication on devices. 6 June SearchSecurity.com. 11 June < 6 of 14 6
8 Face Recognition This technology makes a two or three dimensional map by identifying specific features on the face. The template that is generated is stored and used for later comparisons. Face recognition is a new technology that requires further improvements. 27 A well-known biometrics vendor is Acsys Biometrics, who specializes in the development of facial biometrics and voice biometrics. Their biometric solutions may be customized to fit the needs of government agencies, financial institutions, manufacturing and health sectors. 28 Fingerprint recognition This technology analyzes the pattern and only stores the unique marks on the fingerprint. As fingerprints are unique and complex, it is the most accurate and mature biometric technology. Fingerprint recognition technology requires the installation of special hardware and software into the user s computer. It is to easier to install and more user-friendly for customers than other advance technologies such as an iris scan. 29 Instead of using password logins, HP has developed laptops that rely on fingerprint recognition technologies to access the computer program and data. Entrust is another well-known vendor that provides multifactor authentication. Its Entrust IdentityGuard allows companies to assign authentication techniques to various users and applications based on the risk of a given transaction. It can protect valuable data and applications with a wide range of authenticators such as one-time-password tokens, grid card, biometrics, question and answers, out-of-band and mutual authentication Out-of-Band Authentication Out-of-Band authentication occurs when the identity of the party who initiated the transaction is confirmed by a medium other than the one that the party used to request the transaction. For example, when a party initiates an online fund transfer or other monetary transaction, the server will generate a telephone call that will ask for a pre-determined confirmation number, word or phrase to confirm the transaction. 31 Authentify is a leader in out-of-bank authentication. It uses the telephone as an automated authentication device to provide an Internet security process. After a transaction is 27 Authentication in an Internet Banking Environment. FFIEC. 11 July < 28 The Evolution of Security. Acsys Biometrics Corp. 20 July < 29 Authentication in an Internet Banking Environment. FFIEC. 11 July < 30 Entrust Bolsters GetAcess with IdentityGuard Multifactor Authentication. Wireless News. 9 September ABI Inform. University of Waterloo, ON. 31 Authentication in an Internet Banking Environment. FFIEC. 11 July < 7 of 14 7
9 made, the Authentify software will immediately contact the party to gather user contact and a proof of consent Issues related to Multi-factor Authentication? One issue related to multifactor authentication is getting general customer acceptance. It is difficult and time-consuming to educate and explain the idea behind multifactor authentication. Customers want to access their banking information fast and without any trouble. As a token may be lost or stolen, it would create a lot of trouble for the customer to replace it. In addition, the accuracy of biometric readers is questionable. The user s fingerprints may be smudged, faces and voices may change over time and these biometric data can potentially be misread. As a result, this may prevent the access of legitimate users or permit the access of unauthorized users. 33 By asking customers to provide an answer to a question that the customer previously created, this causes a lot of trouble when they forget the answer they previously chosen. Customers will have to contact the institution s customer service hotline, and ask them to reset the web account. A verification process is also in place when the customer wishes to contact a service representative. This time consuming process defeats the purpose of having a fast and trouble-free web account. Multifactor authentication is costly to implement and maintain. Companies may need to install a new set of hardware and application servers. Forrester Research, a research analyst firm, states that the estimated annual cost per user for the administration of password is between $340 and $800. For larger companies that require password for a wide range of applications, the average annual cost is $550 per user. 34 The maintenance costs, in addition to the initial installation costs required for the specific multifactor authentication tool are often reasons for institutions to defer the implementation until it is deemed necessary by the enactment of a regulation by a governing body. For multi-national firms, they should consider the ease of deployment, which includes enrollment and administration. It is difficult to deploy multifactor authentication tools and software to all offices around the world. For example, distributing tokens for a geographically dispersed company will be a hard task, as each token must be assigned to the right employee, 32 The Leader in Out-of-Bank Authentication. Authentify. 14 July < 33 Dubin, Joel. Should we use biometric authentication on devices. 6 June SearchSecurity.com. 11 June < 34 Byme, Jim. Large-scale Biometric Management: A Centralized, Policy-based Approach to Reducing Organizational Identity Chaos. Vol ISACA. 7 June < 8 of 14 8
10 registered and enrolled into the system. The challenge is to find out and verify whether the enrolled employee is actually the intended user. 35 Although multi-factor authentication is effective in fighting online fraud, criminals have switched back to phone and mail-frauds where they pretend to be bank representatives and ask for account details. An investigation performed by Javelin Strategy and Research has discovered that the number of fraud and victims in the United Sates is overall continuously declining as a result of the multi-factor authentication and other fraud-fighting tools. Specifically, there are 3 consecutive years of declining losses from identify theft. However, the number of old vishing methods by criminal enterprises have increased to 40% of all fraud incidents in 2007 from 3% in 2006, as it is less expensive and easy to deceive careless customers. 36 Vishing uses Voice over IP to gain access to the telephone system and scam customers to disclose personal information by claiming to be a legitimate financial institution. 37 Multifactor authentication may not be useful when the situation involves friends or family members. Investigators have seen a persistent increase in the number of family or friend related identity theft, and victims do not want to accuse them. The victims want their money back, but they don t want their family member arrested. In this situation, any multi-factor authentication or other techniques will not be capable of preventing any fraud actions Implementation of Multifactor Authentication in Canada There are currently no requirements for Canadian banks to implement multifactor authentication. However, according to Celent LLC, a Boston-based research firm, about 44% of Canadian banks have some sort of multi-factor authentication for online banking. 39 TD Bank Financial Group, which is one of the early adopters, launched EasyWeb IdentificationPlus in April 2007, which allows customers to choose five questions from a list and provide answers for future verification purposes. The online system asks one of these questions when the customer logs in from a different computer or performs a high-risk transaction. The system places a web cookie on the customer s computer after the question is answered so that a question will not be 35 Stephenson, Peter. Multifactor authentication January SC Magazine. 6 June < 36 Fest, Glen. Thwarted Online, Fraud Goes Low-Tech Again. USBanker. April Vol. 118 Issue 4 Page 16. ABI Inform. University of Waterloo, ON. 37 Vishing or Voice Phishing. 28 April RCMP. 11 July < 38 Fest, Glen. Thwarted Online, Fraud Goes Low-Tech Again. USBanker. April Vol. 118 Issue 4 Page 16. ABI Inform. University of Waterloo, ON. 39 Buckler, Grant. There's no single answer to securing online banking. 1 November The Globe and Mail. 7 June < 9 of 14 9
11 asked again when the customer uses the same computer to login the next time. On the other hand, HSBC Bank s online service asks a question regardless of the computer the customer is using. 40 When looking at the multifactor authentication techniques offered by TD Bank Financial Group and HSBC Bank, one would question whether they are really offering multifactor authentication. The two banks are enhancing security by making use of two share secrets. However, it would not be difficult for hackers to gain access to both these shared secrets as they are most likely stored together in the bank s database. Although Canadian banks are mainly focused on online services, they are also investing multi-factor authentication tools for ATMs and phone transactions. Celent quotes that 7% of Canadians use phone, 27% uses online, 29% in-person and 33% uses bank machine for banking. ING Direct s services are mostly provided by phone, since it does not have any branches. In order to verify the caller, ING employees compare the calling number with customer records. In addition, ING Direct has tried voice identification, but there are accuracy problems. 41 Other authentication methods are required if customers desire to perform a transaction from places other than the calling number stated in their records. 3.0 Conclusion Multifactor authentication provides better security to customers by making use of more than one form of authentication to validate a transaction. Although not mandatory, Canadian financial institutions should consider the implementation of multifactor authentication as it provides better security for their customers using their online services. They must understand that the costs of providing the security may be compensated by customer confidence and smaller losses from thefts. Financial institutions need to perform a risk assessment to determine the type of authentication required. However, institutions must take into consideration customer acceptance and the ease of development of the technology, as tokens may need to be distributed during enrolment. They need to be aware that criminals may simply switch to other forms of frauds that do not require usage of the internet. Manufacturers must constantly seek to improve and develop advanced technologies that produce the minimal amount of error. 40 Buckler, Grant. There's no single answer to securing online banking. 1 November The Globe and Mail. 7 June < 41 Ibid 10 of 14 10
12 Appendix The intended audiences of this report are Canadian financial institution executives, mainly chief information security officers, who are debating whether to implement multifactor authentication for their company. They must decide whether it is worthwhile to implement some form of multifactor authentication before a regulation is enacted. This would ensure that a proper planning for the implementation is carried out and not rushed. The executive also wants to satisfy their customers concerns regarding the security of internet services by implementing enhanced controls. 11 of 14 11
13 Works Cited Note: Items in bold represent new sources found after the submission of the annotated bibliography Authentication in an Internet Banking Environment. FFIEC. 11 July < Bruno-Britz, Maria. FFIEC Rules Making a Difference Javelin study finds more banks using multifactor authentication. Bank Systems & Technology. December Vol. 44 Issue 12. Page 17. ABI Inform. University of Waterloo, ON. Buckler, Grant. There's no single answer to securing online banking. 1 November The Globe and Mail. 7 June < NStory/GlobeTQ/home/>. Byme, Jim. Large-scale Biometric Management: A Centralized, Policy-based Approach to Reducing Organizational Identity Chaos. Vol ISACA. 7 June < Childs, Robert S. Banking on Multifactor Authentication. 22 February SearchFinancialSecurity. 3 June < Cocheo, Steve. Read this before you take Multi-factor Plunge. American Bankers Association. ABA Banking Journal. May Vol. 98 Issue 5. Page ABI Inform. University of Waterloo, ON. Dubin, Joel. Is there any policy or regulation to help protect biometric data. 2 May SearchSecurity.com. 7 June < _tax299857,00.html?bucket=ETA&topic=299857>. Dubin, Joel. Should we use biometric authentication on devices. 6 June SearchSecurity.com. 11 June of 14 12
14 < ,00.html>. Dubin, Joel. Will biometric authentication replace the password. 15 December SearchSecurity.com. 6 June < ,00.html>. Entrust Bolsters GetAcess with IdentityGuard Multifactor Authentication. Wireless News. 9 September ABI Inform. University of Waterloo, ON. The Evolution of Security. Acsys Biometrics Corp. 20 July < Feig, Nancy. The Final Countdown As the FFIEC Online Banking Authentication Deadline Looms, Banks work through the Confusion to select their Solutions. Bank Systems & Technology. September Vol. 43 Issue 9. Page 11. ABI Inform. University of Waterloo, ON. Fest, Glen. Thwarted Online, Fraud Goes Low-Tech Again. USBanker. April Vol. 118 Issue 4 Page 16. ABI Inform. University of Waterloo, ON. Frost & Sullivan: The Use of Biometrics in Financial Institutions Is on the Rise. Wireless News. 31 May ABI Inform. University of Waterloo, ON. The Leader in Out-of-Bank Authentication. Authentify. 14 July < Multifactor Authenticaiton (MFA). 12 April TechTarget. 7 July < Multi-factor Authentication. Safe Net. 11 June < Myerson, Judith. Pros and cons of multifactor authentication technology for consumers. 28 May SearchFinancialSecurity.com. 3 June < Products of the Year: Authentication and Authorization. 4 January SearchSecurity.com. 11 June < 13 of 14 13
15 Stephenson, Peter. Multifactor authentication January SC Magazine. 6 June < Vishing or Voice Phishing. 28 April RCMP. 11 July < 14 of 14 14
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies
More informationOnline Cash Management Security: Beyond the User Login
Online Cash Management Security: Beyond the User Login Sonya Crites, CTP, SunTrust Anita Stevenson-Patterson, CTP, Manheim February 28, 2008 Agenda Industry Trends Government Regulations Payment Fraud
More informationEntrust IdentityGuard
+1-888-437-9783 sales@identisys.com IdentiSys.com Distributed by: Entrust IdentityGuard is an award-winning software-based authentication enterprises and governments. The solution serves as an organization's
More informationRemote Access Securing Your Employees Out of the Office
Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction
More informationMoving to Multi-factor Authentication. Kevin Unthank
Moving to Multi-factor Authentication Kevin Unthank What is Authentication 3 steps of Access Control Identification: The entity makes claim to a particular Identity Authentication: The entity proves that
More informationStrong Authentication. Securing Identities and Enabling Business
Strong Authentication Securing Identities and Enabling Business Contents Contents...2 Abstract...3 Passwords Are Not Enough!...3 It s All About Strong Authentication...4 Strong Authentication Solutions
More informationAuthentication in an Internet Banking Environment
Federal Financial Institutions Examination Council FFIEC Logo 3501 Fairfax Drive Room 3086 Arlington, VA 22226-3550 (703) 516-5588 FAX (703) 516-5487 http://www.ffiec.gov Authentication in an Internet
More informationWhite Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS
White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services Over the past decade, the demands on government agencies to share information across the federal, state and local levels
More informationMultifactor authentication systems Jiří Sobotka, Radek Doležel
Multifactor authentication systems Jiří Sobotka, Radek Doležel Fakulta elektrotechniky a komunikačních technologií VUT v Brně Email: sobotkaj@feec.vutbr.cz Fakulta elektrotechniky a komunikačních technologií
More informationEnhanced Security for Online Banking
Enhanced Security for Online Banking MidSouth Bank is focused on protecting your personal and account information at all times. As instances of internet fraud increase, it is no longer sufficient to use
More informationACI Response to FFIEC Guidance
ACI Response to FFIEC Guidance Version 1 July 2011 Table of contents Introduction 3 FFIEC Supervisory Expectations 4 ACI Online Banking Fraud Management 8 Online Banking Fraud Detection and Prevention
More informationKEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS
KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com info@plurilock.com 2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric
More informationTechnical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and
Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected
More informationVoice Authentication On-Demand: Your Voice as Your Key
Voice Authentication On-Demand: Your Voice as Your Key Paul Watson, Vice President Relationship Technology Management Voice Search Conference March 2-4, 2009 Convergys Corporation A Global Leader in Relationship
More informationE-Banking Regulatory Update
E-Banking Regulatory Update Hal R. Paretchan, CISA, CISSP, CFE Information Technology Specialist Federal Reserve Bank of Boston Supervision, Regulation & Credit (617) 973-5971 hal.paretchan@bos.frb.org
More informationMulti-Factor Authentication of Online Transactions
Multi-Factor Authentication of Online Transactions Shelli Wobken-Plagge May 7, 2009 Agenda How are economic and fraud trends evolving? What tools are available to secure online transactions? What are best
More informationOnline Gaming: Legalization with Protection for Minors, Adult Players, Problem Gamers
Online Gaming: Legalization with Protection for Minors, Adult Players, Problem Gamers Frequently Asked Questions and Answers 2011 CardLogix Corporation. All rights reserved. This document contains information
More informationsolutions Biometrics integration
Biometrics integration Challenges Demanding access control and identity authentication requirements drive the need for biometrics. Regulations such as Sarbanes-Oxley (SOX), Health Insurance Portability
More informationIDRBT Working Paper No. 11 Authentication factors for Internet banking
IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased
More informationSecuring corporate assets with two factor authentication
WHITEPAPER Securing corporate assets with two factor authentication Published July 2012 Contents Introduction Why static passwords are insufficient Introducing two-factor authentication Form Factors for
More informationPursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES
Pursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES Contents PART I An Increasing Threat: Identity Theft The FFIEC Response Risk Assessment Fundamentals The FFIEC
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief
ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing
More informationBeyond passwords: Protect the mobile enterprise with smarter security solutions
IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive
More informationEnhancing Organizational Security Through the Use of Virtual Smart Cards
Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company
More informationAn Enhanced Countermeasure Technique for Deceptive Phishing Attack
An Enhanced Countermeasure Technique for Deceptive Phishing Attack K. Selvan 1, Dr. M. Vanitha 2 Research Scholar and Assistant Professor, Department of Computer Science, JJ College of Arts and Science
More informationHIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics
HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationConfidence in Commerce: Enabling e-banking and online services with two-factor authentication
Abstract The combination of online banking s rising popularity and the increasing number of online services offered by financial organizations indicates a bright future for e-banking. However, to maximize
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationMulti-Factor Authentication
Enhancing network security through the authentication process Multi-Factor Authentication Passwords, Smart Cards, and Biometrics INTRODUCTION Corporations today are investing more time and resources on
More informationDigitalPersona, Inc. Creating the authentication infrastructure for a digital world.
DigitalPersona, Inc. Creating the authentication infrastructure for a digital world. Rising Security Needs Secure Access Control is Critical Users Access Security Information Engineering, Intellectual
More informationIDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
IDENTITY MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationIdentity Access Management: Beyond Convenience
Identity Access Management: Beyond Convenience June 1st, 2014 Identity and Access Management (IAM) is the official description of the space in which OneLogin operates in but most people who are looking
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More informationAuthentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS
Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime
More informationTwo-Factor Authentication
Chen Arbel Vice President, Strategic Development Authentication Unit & Software DRM Aladdin Knowledge Systems Two-Factor Authentication The key to compliance for secure online banking Legal Notice Copyright
More informationJim Bray, Cyber Security Adviser InfoSight, Inc.
Best Practices for protecting patient data Training and education is your best defense! Presented by Jim Bray, Cyber Security Adviser InfoSight, Inc. 2014 InfoSight Cyber Security starts with education
More informationBriefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication.
Polling Question Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication. Please type in your response. This poll will close promptly at 1:00 pm CDT Getting the
More informationAUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes
AUTHENTIFIERS Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes Authentify delivers intuitive and consistent authentication technology for use with smartphones,
More informationTHE FFIEC CHALLENGE A Call for Reliable Authentication
THE FFIEC CHALLENGE A Call for Reliable Authentication March 14, 2006 ISACA LOS ANGELES RISK ADVISORY SERVICES INFORMATION RISK MANAGEMENT Agenda The FFIEC Challenge Current/Future Authentication Scenarios
More informationSecuring e-government Web Portal Access Using Enhanced Two Factor Authentication
Securing e-government Web Portal Access Using Enhanced Two Factor Authentication Ahmed Arara 1, El-Bahlul Emhemed Fgee 2, and Hamdi Ahmed Jaber 3 Abstract This paper suggests an advanced two-factor authentication
More informationTwo-Factor Authentication over Mobile: Simplifying Security and Authentication
SAP Thought Leadership Paper SAP Mobile Services Two-Factor Authentication over Mobile: Simplifying Security and Authentication Controlling Fraud and Validating End Users Easily and Cost-Effectively Table
More informationAuthentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business
Authentication Solutions Versatile And Innovative Authentication Solutions To Secure And Enable Your Business SafeNet Strong Authentication and Transaction Verification Solutions The Upward Spiral of Cybercrime
More informationTransforming the Customer Experience When Fraud Attacks
Transforming the Customer Experience When Fraud Attacks About the Presenters Mike Young, VP, Product Team, Everbank Manages consumers and business banking products, as well as online and mobile banking
More informationXYPRO Technology Brief: Stronger User Security with Device-centric Authentication
Ken Scudder Senior Director Business Development & Strategic Alliances XYPRO Technology Talbot A. Harty CEO DeviceAuthority XYPRO Technology Brief: Stronger User Security with Device-centric Authentication
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationHow To Choose An Authentication Solution From The Rsa Decision Tree
White paper The RSA Decision Tree: Selecting the Best Solution for Your Business What is the best authentication solution for my business? This is a recurring question being asked by organizations around
More informationPayments Fraud: It's Not Fun & Games
Payments Fraud: It's Not Fun & Games Claudia Swendseid Senior Vice President Payments Information & Outreach Office Federal Reserve Bank of Minneapolis NACHA Payments 2015 Claudia Swendseid Senior Vice
More informationWHITE PAPER Usher Mobile Identity Platform
WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction
More informationWhite Paper for Software Publishers. Strong Authentication: Securing Identities and Enabling Business
White Paper for Software Publishers Strong Authentication: Securing Identities and Enabling Business A l a d d i n. c o m / H A S P Table of Contents Abstract...3 Introduction...4 Passwords Are Not Enough!...4
More informationGuide to Evaluating Multi-Factor Authentication Solutions
Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationCreating Trust Online TM. Comodo Mutual Authentication Solution Overview: Comodo Two Factor Authentication Comodo Content Verification Certificates
Creating Trust Online TM Comodo Mutual Authentication Solution Overview: Comodo Two Factor Authentication Comodo Content Verification Certificates January 2007 Setting the stage Banking and doing business
More informationResearch Article. Research of network payment system based on multi-factor authentication
Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):437-441 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Research of network payment system based on multi-factor
More informationEntrust IdentityGuard Versatile Authentication Platform for Enterprise Deployments. Sam Linford Senior Technical Consultant Sam.linford@entrust.
Entrust IdentityGuard Versatile Authentication Platform for Enterprise Deployments Sam Linford Senior Technical Consultant Sam.linford@entrust.com Entrust is a World Leader in Identity Management and Security
More informationEnhancing Web Application Security
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
More informationCHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device
CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge
More informationAuthentication Levels. White Paper April 23, 2014
Summary White Paper April 23, 2014 This document describes levels of authentication that can be utilized for users known and unknown to gain access to applications and solutions. Summary... 1 Description...
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationDigital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government
Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government Briefing W. Frisch 1 Outline Digital Identity Management Identity Theft Management
More informationIT Compliance Volume II
The Essentials Series IT Compliance Volume II sponsored by by Rebecca Herold Addressing Web-Based Access and Authentication Challenges by Rebecca Herold, CISSP, CISM, CISA, FLMI February 2007 Incidents
More informationAchieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER
with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics
More informationSecuring Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology
20140115 Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology TABLE OF CONTENTS What s at risk for your organization? 2 Is your business
More informationM&T BANK CANADIAN PRIVACY POLICY
M&T BANK CANADIAN PRIVACY POLICY At M&T Bank, we are committed to safeguarding your personal information and maintaining your privacy. This has always been a priority for us and this is why M&T Bank (
More informationRF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards
RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards January 2007 Developed by: Smart Card Alliance Identity Council RF-Enabled Applications and Technology:
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationTwo-Factor Authentication Making Sense of all the Options
Two-Factor Authentication Making Sense of all the Options The electronic age we live in is under attack by information outlaws who love profiting from the good record of others. Now more than ever, organizations
More informationStrong Authentication for Secure VPN Access
Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations
More informationImproving Online Security with Strong, Personalized User Authentication
Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationTarget Security Breach
Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected
More informationOpenEdge Research & Development Group April 2015
2015: Security, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 solutions@openedgepay.com openedgepay.com 2015: Security, Merchant Table of Contents The
More informationVoice biometrics. Advait Deshpande. 2002-2013 Nuance Communications, Inc. All rights reserved. Page 1
Voice biometrics Advait Deshpande 2002-2013 Nuance Communications, Inc. All rights reserved. Page 1 Imagine a world without PINS/Passwords 2002-2013 Nuance Communications, Inc. All rights reserved. Page
More informationGuide to Vulnerability Management for Small Companies
University of Illinois at Urbana-Champaign BADM 557 Enterprise IT Governance Guide to Vulnerability Management for Small Companies Andrew Tan Table of Contents Table of Contents... 1 Abstract... 2 1. Introduction...
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More informationHere are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.
Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit
More informationMinnesota State Colleges and Universities System Guideline Chapter 5 Administration
Minnesota State Colleges and Universities System Guideline Chapter 5 Administration Appropriate Use and Implementation of Electronic Part 1. Purpose. To establish requirements and responsibilities for
More informationLongmai Mobile PKI Solution
Longmai Mobile PKI Solution A quick Solution to External and Internal fraud in Insurance Industry Putting the client at the center of modernization Contents 1. INTRODUCTION... 3 1.1 Challenges... 3 1.2
More informationPCI and EMV Compliance Checkup
PCI and EMV Compliance Checkup ATM Security Jim Pettitt Director, ATM Security Diebold Incorporated Agenda ATM threats today Top of mind risk PCI Impact on Security U.S. EMV Migration Conclusions / recommendations
More informationRSA SecurID Two-factor Authentication
RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial
More informationRSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief
RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The
More informationCRS Report for Congress Received through the CRS Web
Order Code RS20344 Updated January 19, 2001 CRS Report for Congress Received through the CRS Web Summary Electronic Signatures: Technology Developments and Legislative Issues Richard M. Nunno Analyst in
More informationA Feasible and Cost Effective Two-Factor Authentication for Online Transactions
A Feasible and Cost Effective Two-Factor Authentication for Online Transactions Jing-Chiou Liou Deaprtment of Computer Science Kean University 1000 Morris Ave. Union, NJ 07083, USA jliou@kean.edu Sujith
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 10 Authentication and Account Management Objectives Describe the three types of authentication credentials Explain what single sign-on
More informationMulti-Factor Authentication
Making the Most of Multi-Factor Authentication Introduction The news stories are commonplace: Hackers steal or break passwords and gain access to a company s data, often causing huge financial losses to
More informationA Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards
A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security
More informationSecuring Virtual Desktop Infrastructures with Strong Authentication
Securing Virtual Desktop Infrastructures with Strong Authentication whitepaper Contents VDI Access Security Loopholes... 2 Secure Access to Virtual Desktop Infrastructures... 3 Assessing Strong Authentication
More informationMulti-factor authentication
CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL
More informationIDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers
IDENTITY & ACCESS Providing Cost-Effective Strong Authentication in the Cloud a brief for cloud service providers Introduction Interest and use of the cloud to store enterprise resources is growing fast.
More informationApplication of Biometric Technology Solutions to Enhance Security
Application of Biometric Technology Solutions to Enhance Security Purpose: The purpose of this white paper is to summarize the various applications of fingerprint biometric technology to provide a higher
More informationFrench Justice Portal. Authentication methods and technologies. Page n 1
French Justice Portal Authentication methods and technologies n 1 Agenda Definitions Authentication methods Risks and threats Comparison Summary Conclusion Appendixes n 2 Identification and authentication
More informationSmart Cards and Biometrics in Privacy-Sensitive Secure Personal Identification Systems
Smart Cards and Biometrics in Privacy-Sensitive Secure Personal Identification Systems A Smart Card Alliance White Paper May 2002 Smart Card Alliance 191 Clarksville Road Princeton Junction, NJ 08550 www.smartcardalliance.org
More informationOpinion and recommendations on challenges raised by biometric developments
Opinion and recommendations on challenges raised by biometric developments Position paper for the Science and Technology Committee (House of Commons) Participation to the inquiry on Current and future
More informationADVANCE AUTHENTICATION TECHNIQUES
ADVANCE AUTHENTICATION TECHNIQUES Introduction 1. Computer systems and the information they store and process are valuable resources which need to be protected. With the current trend toward networking,
More informationSecurity Upgrade FAQs
EMFA FAQs Security Upgrade FAQs Your online security is important to us. Soon, we ll be upgrading your online banking experience to include a new security service, which is known in the online security
More informationENHANCING ATM SECURITY USING FINGERPRINT AND GSM TECHNOLOGY
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 4, April 2014,
More informationMANAGING RISK: SECURING DIGITAL IDENTITIES Striking the balance between user experience and security
MANAGING RISK: SECURING DIGITAL IDENTITIES Striking the balance between user experience and security You re more connected, but more at risk too Enterprises are increasingly engaging with partners, contractors
More informationPCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
More informationWHITEPAPER. Identity Access Management: Beyond Convenience
WHITEPAPER Identity Access Management: Beyond Convenience INTRODUCTION Identity and Access Management (IAM) is the official description of the space in which OneLogin operates in but most people who are
More information