Authentication

Next-Generation Authentication: Addressing Changing Compute Paradigms

To achieve optimal security in today’s rapidly evolving computing environment, companies are turning to sophisticated authentication mechanisms. Next-generation authentication is identity and access validation that adapts to protect assets against both static and continuously changing variables. This type of authentication needs to accommodate the following: The burgeoning of bring-your-own-device (BYOD) trends The growing reliance on…

3D Secure Innovations: New Analytics Dashboard Helps Improve Response to Fraud

The 3D Secure protocol has been much (and somewhat unfairly!) maligned for the negative impact it has on the cardholder’s online experience. Requiring cardholders to produce their password each and every time they try to transact on a participating merchant site significantly disrupts purchase flow. Adding friction to the online checkout process leads to cart…

Making Smart Choices for Identity Assurance

Good news: in 2015, device makers, OS providers and authentication solution providers all picked up their momentum on initiatives tackling user authentication challenges. Cases in point: the support of fingerprint sensors in Google Android M, the proliferation of Apple Touch ID supporting solutions, Microsoft Windows 10 multi-method biometric support, Samsung’s fingerprint enabled devices, and the…

Ransomware Rules for Payment: Do Extortionists Have the Advantage?

When an entire health system fell prey to cybercriminals and medical records were locked up by a ransomware attack in early February, there seemed no choice but to pay the sum demanded in order to avoid the impact on patient care: $17,000 in 40 Bitcoin.   And in that single moment, one hospital became the obligatory…

Authentication: One Size Does Not Fit All

I’ve been coming to the RSA conference on and off (mostly on) for more than 15 years, and each year there seems to be more strong authentication vendors demonstrating new and interesting approaches to authenticating end users. At RSA, we track and test these different approaches to find the best ones for integration into our…

Biometrics: A Next-Generation Authentication Mechanism

The days of username and password combinations are coming to an end as next-generation authentication mechanisms come of age. Faced with having to remember old-style credentials for an ever-wider range of applications, most users have resorted to insecure password management practices such as writing down credentials. This is especially the case when using complex passwords…

Beyond the Login: Web Behavior Analytics Helps Retailers Stop Fraud

In a world of scammers, fraudsters and bad actors, there are two immutable rules thoroughly entrenched in the consciousness of IT professionals trying to stop them.  Rule 1: If there is something to monetize, cybercriminals will find it.  Rule 2: If you have a loophole or weak control on your website, cybercriminals will find it.…

Context-Based, Next-Generation Authentication: Key Traits and Endurance

When analyzing a particular component within a security ecosystem, it is always useful to first take a drone’s-eye view of the system. This strategy can be used to map precisely where within the infrastructure the component may be deployed most efficiently. Where is its mission critical? Where can it profitably replace an alternative? Where will…

Does EMV Make Online eCommerce Transactions Safer?

Ok, let’s get this quickly out of the way: EMV, the non-swipe chip-embedded credit cards are sturdy barriers against (in-person) credit card fraud.  However, when it comes to card-not-present eCommerce transactions (e.g. online ecommerce) where EMV is not a factor and where cybersecurity threats continue to proliferate, shouldn’t the customer experience be as secure and…

The Compromised Affair

If people’s credentials are compromised, that is a bad thing. Everybody knows that. But what if those compromised credentials include people’s biometric data? What value does a stolen fingerprint template or an encrypted voice profile provide to hackers? And what steps can companies take to reduce the risk associated with dealing with such information? Six…