Authentication (User) Blog

User Authentication solutions provide two-factor authentication, public key infrastructure (PKI) services, and risk-based authentication to protect interactions between consumers, business partners, and employees. User Authentication solutions are delivered as cloud-based solutions, enabling enterprises to add strong authentication to applications, networks, and devices without the capital cost of hardware and software associated with traditional strong authentication solutions.

Follow Us on Twitter
  • 0
    Updated: vipmobile 08 Aug 2012

    VeriSign has "got your back" on fraudulent ATM activity

    Han Dong, Senior Product Marketing Manager, User Authentication One great thing about blogging for a company like VeriSign, which happens to have so many cool tools in its bag, is that it's so easy to find several blogs on the net that mention you. And in this case I'm referring to a Wall Street Journal blog: "Under Surveillance: Big Brother Stocks", by James Altucher. In this blog, Altucher talks about all of the various measures (and money spent - to the tune of $200 billion in the U.S.) taken to automate the monitoring and protection of your banking transactions, checking in at the airport, and even your simple ATM cash...
  • 0
    Updated: vipmobile 08 Aug 2012

    Cloud computing security standards - Vinton Cerf, father of the internet, has got your back

    Han Dong, Senior Product Marketing Manager, User Authentication It's a good thing that people much smarter than me are thinking about the future of the internet, cloud computing, and ensuring I'm properly indoctrinated on the right social networking sites du jour. More importantly, these same smart people are constantly thinking about really critical things, like 'standards', 'interoperability', and 'security'. Guys like Tim Berners-Lee, the inventor of the Web and HTML, Paul Mockapetris, the inventor of DNS, and Vinton Cerf, the father of the internet and co-designer of TCP/IP, are constantly analyzing what's happening today and thinking about what's coming in the future. These people are part of the founding fathers of the web, the internet, and how all the intricate pieces work together seamlessly -...
  • 0
    Updated: vipmobile 08 Aug 2012

    Layered Security Strategy, the Key to Trust

    Han Dong, Senior Product Marketing Manager, User Authentication Some thoughts on a couple of recent articles, one from Gartner Research: Where Strong Authentication Fails and What You Can Do About It, by Avivah Litan and a similar article by Jaikumar Vijayan in Computerworld, which also references Ms. Litan's article. The basic idea presented in these two articles is that "one-time passwords...are no longer enough to protect online banking transactions against fraud." These one-time password (OTP) token-based two-factor authentication methods may be compromised by man-in-the-browser malware that overwrites the user transactions to steal their assets. So the general recommendation from Avivah Litan is "A...
  • 0
    Updated: yohai 08 Aug 2012

    The next Hollywood blockbuster?

    It's about time Hollywood produces a blockbuster about identity management. No, I'm kidding. No producer would never even read a script which includes the term "identity management" in its title (except, perhaps, "Harry Potter and the Identity Management Prince"). But there is a new Bruce Willis movie that deals with the issue of identities, among other things, and, well, that's a start. The movie is called "Surrogates" (watch trailer), and it tells the story of a futuristic world in which humans live in isolation while only communicating with their fellow man through robots that serve as social surrogates and are better-looking versions of their human counterparts. Now isn't that kind of what happens today in our own world? When we go to the web we have a virtual identity through which we communicate with our fellow man, fellow banks, fellow stores: we send our virtual identity (user...
  • 0
    Updated: yohai 08 Aug 2012

    Putting order into things (Part I)

    By Yohai Einav, Senior Fraud Analyst A deserted street, night, a frightened old lady hops towards a policeman who just left the bar. Old lady: "Please officer, this e-mail is trying to phish me!" She shows a laptop to the Policeman. Old lady: "My grandson gave it to me for my birthday, and he warned me of such things. Now it is trying to phish me!" Policeman: "Let me see this". The Policeman looks at the screen. He sees a phishing email. Policeman: "Lady, do you have any idea what this is? This is identity theft! Wait a second; I must report this to my superiors right away!" The policeman talks into his walkie-talkie: Policeman: "Jim, I want to report an identity theft on 8th and Houston.... Yes, an old lady again.... Yes, her grandson... no, I didn't get the IP..." The policeman leans toward the old lady. Policeman: "You are lucky to still have your...
  • 0
    Updated: vipblog 08 Aug 2012

    Why "Red Flags" would work

    By Yohai Einav, VeriSign Senior Fraud Researcher The FTC announced last month that is pushing back the deadline for the implementation of the "red-flag" requirements for another six months. Under the "red flags" all financial institutions must develop and implement an "Identity Theft Prevention Program", which includes "reasonable policies and procedures for detecting, preventing and mitigating identity theft". I'm pretty confident that somewhere in the world security chiefs are dancing in relief, and, on the other hand, so are many fraudsters (in their filthy underground caves). FFIEC guidance and beyond So why are fraudsters relieved? Because a well planned and implemented red flag program could actually slow the fraud business. While the 2005 FFIEC regulations (or, "...
  • 0
    Updated: vipblog 08 Aug 2012

    Who's minding the Identity store?

    by Perry Tancredi, Senior Product Manager, VeriSign Fraud Detection Service Greg Pierson of iovation recently wrote an interesting blog postabout the idea that the more places your identity information resides, the greater the chance of your identity actually getting stolen. It reminded me of an incident that happened to me recently. I live in a condo and our neighbor's sprinkler system had gone off. There was so much water that it seeped through the walls and ceiling and flooded one of our rooms, which happened to be carpeted. Our landlord, along with the condo association, arranged to have the carpet replaced. When the workers arrived, they insisted on taking my wife's credit card number even though they weren't going to charge us. They took an impression of the card, and then insisted on writing down the CVV2 number (the three digit number on the back of the card, often called a "security...
  • 0
    Updated: vipblog 08 Aug 2012

    The Magical Defense against the "Pump and Pump" Scam

    By Yohai Einav, VeriSign Senior Fraud Analyst What happened to good ol' fraud? There's a new trend in online fraud today - it is getting more brutal. A few years ago, when a fraudster wanted to get your online banking credentials, he would send you a phishing email, asking you kindly to send him your bank's login and password; today, he would simply infect your PC with malware, then take your details by force. Fraudsters not believing in the goodness of mankind and taking things by force?! Yes - we live in crazy times. The brutal trend doesn't end with phishing. The same evolution happens today in the online brokerage world with the "Pump and Dump" scam. Pump and Dump 1.0 The classic Pump and Dump scam is one of the oldest tricks in the book. Its guiding principle is simple: if you can buy a worthless stock for a very low price (typically micro-cap companies), then sell it quickly for a much higher...
  • 0
    Updated: vipblog 08 Aug 2012

    Just assume your identity has already been stolen

    by Perry Tancredi, Senior Product Manager, VeriSign Fraud Detection Service I'm Perry Tancredi, and I manage the VeriSign VIP Fraud Detection Service product. A lot of times when I explain what I do to my friends and family, especially when I talk about some of the latest attacks we see, the conversation turns to whether or not it's too risky to do anything online at all. People want to know if I think banking and shopping online is safe, what virus program I use at home and what they should be doing to protect themselves. I had already been writing this post when the news about the largest case of identity theft in America (BBC, Washington Post), it seems more...
  • 0
    Updated: vipblog 08 Aug 2012

    Online fraud: Thinking "outside of the box"

    By Yohai Einav, VeriSign Senior Fraud Analyst I was on my way to the airport, chatting with my cab driver. After I told him my overused joke about the peasant, the seigneur and the miraculous goat, he asked me for my profession. "Oh, fraud?", he said. "You know, I almost lost $7,000 to card fraud last year". So the sanguine driver told me how his bank called him, warning him he had gone into overdraft. When he investigated this he found that his Visa card had recently been charged with $6,000. He called Visa, and they told him - "Sir, didn't you make two £1,500 transactions in London two weeks ago?" No, he was never in London. No, he rarely uses the British Pound in Israel. "Time out", I said. "Credit card issuers know that this could happen, and no way could these two transactions have passed without Visa noticing them". Firstly, the amounts were high, and secondly, the driver's card had a consistent pattern of transactions in only one...