Home > Fraud Management  
 
 
 
 
 

 

 

What are Authentication and Fraud Detection?
Why Do I Need them?

Organizations are relying on the channel more than ever before to reach employees, partners and consumers. At the core of performing online transactions is the need for mutually recognized identities.

Users need to feel confident that they are dealing with the intended organization. Likewise, the organization needs to have confidence in the identity of the user. Without this mutual trust, online transaction cannot be completed without significant risk of fraud and negative impact on service adoption and customer retention rates.

The majority of systems deployed today rely on basic usernames and passwords to protect the online channel. However , it is widely recognized that this is no longer sufficient. Attacks such as phishing, man-in-the-middle or other malware are able to defeat this security, causing risk to organizations not only because of the financial losses but , more importantly, because user confidence in online service is undermined.
This prevents organizations from fully realizing the savings from moving transactions from traditional to online channels.

In addition increasing regulatory pressures are dictating that organizations roll out new security systems to achieve regulatory compliance. Such initiatives include:

• PCI-DSS (Payment Card Industry Data Security Standard)
• SOX (Sarbanes-Oxley Public Company Accounting and Investor Protection Act)
• SEPA (Single Euro Payments Area Initiative)
• FPI (Faster Payment regulatory regime in UK)
• Basel II (Banking laws and regulation issued by Basel Committee on Banking Supervision)

There are three primary approaches to addressing these issues:

Strong authentication - Fraud detection - Consumer Authentication

 

Strong Authentication
Strong authentication involves the use of two or more pieces of information to verify a person’s identity for security purposes. This identity information, commonly referred to as authentication factors, are:

• Something the user uniquely has, such as a hardware or software token
• Something the user uniquely knows, such a password or PIN
• Something the user uniquely is or does, a biometric such as a fingerprint, a signature or a voice print

Combining two or more of these factors provides higher levels of assurance that the person being authenticated truly is who they claim to be. Strong authentication is suitable for remote access to corporate networks by employees and business partners, or for consumers carrying out higher-value transactions, such as money transfers in online banking. It also helps to address regulatory requirements.

Fraud Detection
Fraud detection refers to the process of monitoring, detecting and preventing fraudulent activities by looking for anomalies in users’ behaviors and transactions. This is done by examining:

• Access – fraud detection determines where and when the user is logging in and compares this to typical access patterns to find anomalies
• Transactions – fraud detection looks for unusual transactions, such as those involving high values or large bill payments to new payees
• Behavior – robust fraud detection solutions monitor the sequence of transactions within and across user sessions to spot fraudulent activity patterns. It also examines and compares user behaviours. For instance, fraud detection will monitor how a user navigates a site and compare this to previous navigational sequences to identify if the user is logging in at an unusual time of day , performing an unusual transaction.

Consumer Authentication
Identity Fraud and IdentityTheft Protection
Providing consumers with confidence through identity fraud protection, identity theft protection and regulatory compliance is now paramount. Password security is no longer “strong enough”. Organizations need to deploy strong authentication to better consumers from identity fraud and to defend and manage the risk associated with providing online services.

By leveraging a risk-based solution (delivered in partnership with Entrust) organizations are able to efficiently detect, protect and adapt to growing threats to consumer digital identities and information.

 

PKI - e-mail Security - Fraud Management - SSL Services - Digital Signature