By Yohai Einav, VeriSign Senior Fraud Researcher The FTC announced last month that is pushing back the deadline for the implementation of the "red-flag" requirements for another six months. Under the "red flags" all financial institutions must develop and implement an "Identity Theft Prevention Program", which includes "reasonable policies and procedures for detecting, preventing and mitigating identity theft". I'm pretty confident that somewhere in the world security chiefs are dancing in relief, and, on the other hand, so are many fraudsters (in their filthy underground caves). FFIEC guidance and beyond So why are fraudsters relieved? Because a well planned and implemented red flag program could actually slow the fraud business. While the 2005 FFIEC...
Organizations around the world are deploying VeriSignÂ® Identity Protection (VIP) services to stop fraudsters from tricking consumers into revealing sensitive private information. VeriSign Identity Protection service's one-time-passwords (OTP) are one element of a layered security approach. Other layers include Web site security brought by an Extended Validation (EV) SSL Certificate, fraud detection services to monitor anomalies on the back end, and consumer education.
Today we announced that the American Bankers Association will be joining the VIP Network. We are very excited about this on many levels. Getting VIP credentials into the hands of 350 member banks creates a huge opportunity for VeriSign and makes this much more convenient for their users. ABA Members will have first hand experience with strong authentication on tools they use every day. And as this protection rolls out, ABA member banks will witness how easily they can deploy strong, two-factor authentication, and how convenient it is for their customers. We look forward to working with the ABA. Welcome to the network!
Network Products Guide just announced we won the Reader Trust Award for Best in Multi- and Second-Factor Security. We're putting it in our trophy case right next to the Product Innovation Award in the Consumer Application or Service category. This is great for companies making decisions about two-factor authentication for their customers -- they might want to know the industry thinks highly of VIP. It's also great for the team here at VeriSign working on VIP to see all their efforts to create a great product payoff with an award like this. So thank you, Network Products Guide, from the team at VeriSign. Here is the ...
by Perry Tancredi, Senior Product Manager, VeriSign Fraud Detection Service
I'm Perry Tancredi, and I manage the VeriSign VIP Fraud Detection Service product. A lot of times when I explain what I do to my friends and family, especially when I talk about some of the latest attacks we see, the conversation turns to whether or not it's too risky to do anything online at all. People want to know if I think banking and shopping online is safe, what virus program I use at home and what they should be doing to protect themselves.
I had already been writing this post when the news about the largest case of identity theft in America (BBC,...
We asked people on the streets of San Francisco about what they do online, how many passwords they have, and whether they think their personal information is safe.
"Any bill that I pay, other than my rent, I pay online"
"There's probably a lot of sites out there that have my personal information."
"Sometimes even with secure sites, hackers get through"
"Every time I use a credit card, I hope that's the only place it gets used."
Find out how VeriSign can help keep your online identity safe.
This week should be an exciting week for the OpenID community, with lots of things happening at the RSA conference going on in San Francisco. Here's an announcement between VeriSign and some of its partners in the OpenID effort announcing plans to work with Microsoft on making OpenID and CardSpace interoperable:
Microsoft to Work With the OpenID Community, Collaborating With JanRain, Sxip, and VeriSign
JanRain, Microsoft, Sxip, and VeriSign will collaborate on interoperability between OpenID and Windows CardSpace(TM) to make the Internet safer and easier to use. Specifically:
As part of OpenID's security architecture, OpenID will be extended to allow relying parties to explicitly request and be informed of the use of phishing-resistant credentials.
Microsoft recognizes the growth of the OpenID community and believes OpenID plays a significant role in the Internet identity infrastructure. Kim Cameron, Chief...
I'm happy to welcome my VeriSign colleage Kiran Dandekar to the Infrablog. Kiran's working with me on the team here that is building infrastructure and tools around open identity. He's become increasingly central on our team and visible in the community in building technical consensus and business momemtum around OpenID and our Personal Information Provider. We'll be adding a handful of team members to the Infrablog in the next few weeks.
Kiran's just your run-of-the-mill-MIT-PhD Boston Red Sox fan and family man. He previously did some cool stuff over at MicroStrategy before coming to VeriSign a couple years ago to help build our supply chain business.
You're invited to visit and try out a beta version of an identity service we've provided. It's called the VeriSign Personal Identity Provider (“PIP” for short), and you can find it at http://pip.verisignlabs.com. The VeriSign PIP is designed to provide a “home base” for users who want use OpenID applications. Users who register with the VeriSign PIP get an OpenID – a URL they can use to login and authenticate at sites that accept OpenID. In addition, the VeriSign PIP lets you store profile information, and control how, when and with whom that information can be shared.
What Can I Do With The VeriSign PIP?
When you register at the VeriSign PIP, your user name is used to generate a unique URL for your profile. My username is “mgraves”, so my OpenID is “http://mgraves.pip...
I was at Internet Identity Workshop 2006 last week, and because it is a conference focused solely on the subject of identity, it served as a good opportunity to take stock of the situation. To be sure, a lot of progress has been made in the last year; if I have my facts right, YADIS – the lightweight discovery protocol for specifying capabilities for URLs – was conceived at last years IIW and has made it all the way to a 1.0 specification this spring. The ecosystem has come a long way towards the issue of identity in the past year too.
At Esther Dyson’s PCForum in Carlsbad, CA last month, the theme for the conference was “Erosion of Power: Users in Charge”. As with all forward-looking conferences there’s always an element of wishful thinking and projection in the conference themes. From the myriad conversations I’ve had at PCForum...
User Authentication solutions provide two-factor authentication, public key infrastructure (PKI) services, and risk-based authentication to protect interactions between consumers, business partners, and employees. User Authentication solutions are delivered as cloud-based solutions, enabling enterprises to add strong authentication to applications, networks, and devices without the capital cost of hardware and software associated with traditional strong authentication solutions.