1 / 34

Challenges of Identity Fraud

Challenges of Identity Fraud. Chris Voice, VP Technology. We are Security Specialists…. Top 12 security software company with ~ $100M in annual revenues Industry pioneer and leader, with 500 employees and 100+ patents

casta
Download Presentation

Challenges of Identity Fraud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Challenges of Identity Fraud Chris Voice, VP Technology

  2. We are Security Specialists… • Top 12 security software company with ~ $100M in annual revenues • Industry pioneer and leader, with 500 employees and 100+ patents • Best in class service and support, and integration for leading technology vendors • Strong balance sheet, with significant cash balance and no debt • Publicly-listed (NASDAQ: ENTU)

  3. Definitions Identity Theft Identity Fraud

  4. Identity Theft Incidents

  5. 2005 Major Identity Theft Incidents

  6. ?

  7. ?

  8.  Source: www.mailfrontier.com

  9. Phishing Reports Received Nov ’04 – Nov ‘05 88% Year over Year Increase

  10. More Complex Attacks

  11. Password Stealing Malicious Code URLs Over 300% in Seven Months

  12. IDC Financial Insights: “…6% admitted to switching banks to reduce their risk of becoming a victim of identity theft.” Forrester: “…14% of online consumers have stopped using online banking and bill pay due to email fraud concerns.” Online Identity Fraud Influencing Consumer Behavior

  13. Entrust: “…18% of consumers have decreased or outright stopped doing on-line banking in the last 12 months because of concerns of identity security..” Online Identity Fraud Influencing Consumer Behavior Gartner: “…nearly 14 percent of them [on-line bankers] have stopped paying bills via online banking."

  14. Driving Legislative Impacts

  15. Have introduced Data Security Legislation Have Not Introduced Data Security Legislation Legislation

  16. Financial Service Mandates • FFIEC considers single-factor authentication…to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. • Financial institutions should implement multifactor authentication, layered security…by end of 2006.

  17. People Processes Technology Strong Authentication Encryption Content Control How Can Security Help Technology

  18. Encryption Two-thirds of fresh and critical data is on employee laptops and desktops –not the servers. Gartner, April 2004 By year-end 2007, 80% of Fortune 1000 enterprises will encrypt critical “data at rest” (0.8 probability) Gartner, April 2004 Companies typically lose 5-8% of their laptops per year. The FBI estimates that 50% of network penetration is due to information derived from a stolen laptop. Meta, January 2005

  19. Persistent Data Encryption

  20. Benefits of Persistent Data Encryption Any person or business that conducts business in California…shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. California SB1386

  21. IM http:// Employees, Partners, Customers ftp:// Employees Content Scanning Automated Policy Enforcement • Detection and Blocking across broad set of outbound protocols

  22. Solution Areas: Detect Prevent Defend Report Stronger Mutual Authentication Understanding andCountering the Phishing Threat A Financial Services Industry Perspective Top 3 Recommendations: • Focus on Mutual Customer/Financial Institution Authentication • Improved Fraud Screening • Industry-wide Attack Method/Mitigation Information Sharing

  23. Usability & Cost Security • Minimize customer experience impact • Only impact user experience with stronger authentication when necessary • The right authentication for the right risk level – at the right time FraudRisk The Authentication Challenge

  24. The Authentication Challenge –Risk-based Authentication Risk based authentication requires a range of capabilities Funds Transfer Increasing Authentication Strength Register Bill Increasing Impact of Fraud CheckBalance Login Transaction Sequence

  25. New Authentication Technologies $ Biometrics Smartcards Traditional Purchase & Deployment Cost One-Time-Password Tokens Passwords Authentication Strength

  26. Scratch Pad Auth One-time password list Grid Auth Gridlocation challenge and response Machine Auth Authorized set of workstations Knowledge Auth Challenge / response questions Out-of-Band One-time-passcode to mobile device or phone Range of Risk-Based Strong Authentication • Policy-based authentication allowing single authentication layer to meet multiple business requirements • Per transaction, per user, per application, per LOB… AdditionalTechnologiesto Come

  27. Example – Grid Authentication • Unique authentication card issued to each user • Random characters in grid with row/column headers • Separate plastic card or on existing card Stand-Alone Card Card Add-On

  28. Grid Authentication Process User enters ID & Password as is done today. Personal ID ********

  29. Grid Authentication Process cont’d

  30. Grid Authentication Process cont’d 1 2 3

  31. Message Replay Auth User entered message Image Replay Auth User selected image Serial Replay Auth Grid card serial number Authentication Needs to be Mutual • Easy to use mechanisms for customers to recognize they are on the right site.

  32. Announced Wins in 2H05

  33. Summary • Identity Fraud will change the way organizations protect your sensitive information • May require legislation to drive real action • Identity Fraud will change the way you interact with your financial institutions • Focus on addressing your confidence to drive continued internet adoption

  34. Thank You chris.voice@entrust.com www.entrust.com 888-690-2424

More Related