Video Screencast Help
Authentication (User) Blog
Showing posts in English
vipmobile | 01 Apr 2008 | 0 comments

Posted by Kerry Loftus

I drove my 13-year-old and his friends to one of their activities recently (yes, I have a minivan) and their conversation was really interesting and eye opening. I quickly called my gal pals in Erie, PA to find out if they were hearing the same and got the affirmative so this is not just a 'valley' phenomena. All of our kids are online and many are using various email, IM and social networking applications. Did you know that they all know each other's usernames and passwords? If they don't know the password part, they can very quickly guess (I chimed in at one point and asked them if they knew anything about 'strong passwords'-- most of them replied that they just use 'password'!). They didn't really think protecting the information was important.

It's probably harmless to sign in as your friend on IM and send one of the girls in your class a provocative message, but couldn't that be the tip of the iceberg? What about online...

Tim Callan | 31 Mar 2008 | 0 comments

Posted by Jen Gilburg

Last week a news headline from across the pond proclaimed:

"Abbey wary of two-factor authentication. Bank decides against password verification devices because customers consider them a hassle."

Turns out Abbey, a major retail bank in the UK, did a survey on strong authentication. Turns out that two-thirds of those surveyed did not want the "hassle" of two-factor authentication. Turns out those surveyed even poo-pooed challenge questions.

So Abbey decided to act on the survey results. They decided to do nothing. And they decided to shout it out for all (including the fraudsters) to hear!

I question which business schools their marketing folks graduated from.

I wonder too what context the survey questions were raised (perhaps a brief explanation of how two-factor authentication protects against...

Vicente | 21 Mar 2008 | 0 comments

Posted by Vicente Silveira, Sr. Product Manager for VIP Fraud Detection Service

The never ending parade of consumer data leakage and the inevitable fraud that follows added another participant this week with the Hannaford incident. This time, the damage amounts to 4.2 million credit and debit cards being compromised. It is early to tell all the ramifications of this incident, but the unraveling already started with the first salvo of class-action lawsuits against Hannaford.

When I see something like this happen, I'm always left to wonder: what is the true cost of a fraud incident ?

Looking back to some of the high-water mark incidents of the past we can have some hints of what the direct cost involved may look like. Take...

Vicente | 12 Mar 2008 | 0 comments

Posted by Vicente Silveira, Sr. Product Manager for VIP Fraud Detection Service

If you live in the UK, the answer would be a little over twenty thousand dollars (at current exchange rates) for the average adult internet user, a nice bounty for phishers, bot herders, malware coders and other cyber-criminals to go after.

This is based on highlights of a recent YouGov survey that estimates European Internet users are risking up to 1.6 trillion dollars by sharing personal and financial data with sites that are not adequately protected, with UK Internet users responding for a 731 billion chunk of the total amount.

What the research also suggests is that the ubiquity of social networking and other data sharing sites has increased dramatically the quantity and sensitivity of the information available on the web, with users volunteering more and more details in order to...

Tim Callan | 10 Mar 2008 | 0 comments

Posted by Jen Gilburg, Director of Business Development for Identity and Authentication Solutions

I have a confession to make. I was almost a victim of fraud.

It involved Craig's List, the selling of a refrigerator, a random check for $3000 over the amount being sent for payment, the panic of the buyer for overpaying and them begging me to 'Western Union' them the erroneous overpayment once I cashed the check. I was even 'offered' $200 of the overpayment for my troubles.

I am embarrassed to admit- I got all the way to the bank. I actually deposited the check- then in a last minute of "this doesn't seem right" had them run the check and low and behold...

Truth is I was taken off guard, in the middle of a move, not really paying attention-- just happy to have the refrigerator out of my garage.

What is mortifying is that I have been working in security sector of high tech for the last 20 years. The fact I didn't immediately rip up the...

Vicente | 06 Mar 2008 | 0 comments

Hi there! My name is Vicente Silveira and I'm responsible for the VIP Fraud Detection Service , or as we call it, VIP FDS, product at VeriSign.

Our team develops products that help businesses and individuals transact securely on the internet. Needless to say we have a lot of work to do.

I just spent some time in Europe talking to financial institutions and comparing notes on fraud trends here and there. One of the quick conclusions is that online criminals are sharing tools and methods on a global basis and on a scale that we haven't seen before.

One example is a modern variation of an old stock touting technique known as "Pump and Dump" , where fraudsters use e-mail spam to falsely promote a thinly traded instrument (such as a...

vipmobile | 28 Feb 2008 | 0 comments

Posted by Kerry Loftus, Vice President of Consumer Authentication

I am constantly evaluating our offerings and other technology solutions, asking: will this really play in my hometown of Erie, PA? The challenge for security vendors has always been there but have we delivered solutions that provide a broad spectrum of security for our customers depending on their needs, risks and users? Two years ago, when the FFIEC guidance around multifactor authentication came out, our customers told us we hadn't. Companies like VeriSign quickly innovated to find that right balance between security, usability, and convenience. Device IDs, images, networked authentication and a whole host of convenient 2-factor credentials emerged and the race is on to find that next game- changing security solution.

We at VeriSign believe there are two critical pieces to this moving forward:

1. Open standards. In other words: two-factor authentication solutions from...

Tim Callan | 26 Feb 2008 | 0 comments

My name is Jen Gilburg and I am the Director of Business Development for the Identity and Authentication Solutions team here at VeriSign.

Google's announcement of the launch of a new program that allows users to post their medical records online caught my attention. While there are obvious benefits to having a centralized store of historical health information, medications, test results, etc., my first inclination was to be concerned about the security of such personal information.

Naturally I am inclined to believe that everything should have strong authentication. However, not wanting to be overly paranoid, I thought I would investigate just what the exposure is should one gain access to my medical records. I mean -- just how much damage could be done should someone discover that I have hay fever and a rather bizarre allergic reaction to arugula? Is...

Tim Callan | 21 Feb 2008 | 0 comments

My name is Fran Rosch and I manage the group that writes this blog and develops VeriSign's identity and authentication solutions.

I just got back from a 2-week trip to India, Israel and London talking to customers, prospects, and VeriSign team members. I spent much of the time talking about how customers should deploy solutions that are very "risk based." When consumers access lots of critical data or financial assets on their website, a user name and password is probably not enough. But how much is enough? Does one solution fit all? How much should we change user experience? How much should we spend on security and authentication?

As I traveled through the airports in San Francisco, Frankfurt, Bangalore, Delhi, Mumbai, Amman, Tel Aviv and Heathrow, I was struck by the very different security policies and I realized that they also deploy "risk-based" approaches just as we recommend on our customer's Web sites. Here were some different approaches I noticed:

...
vipmobile | 15 Feb 2008 | 0 comments

We were pleasantly surprised by the positive response to our announcement around VeriSign joining the OpenID Foundation. These articles feature our VP of Innovation, Nico Popp.

OpenID Gets Star Power By Kenneth Corbin of InternetNews.com

Tech heavyweights join OpenID Foundation board By Deborah Gage of The San Francisco Chronicle

OpenID gains support for online single sign-on By Shane Schick of...