Video Screencast Help
Authentication (User) Blog
Showing posts tagged with fraud protection
Showing posts in English
vipmobile | 29 Jan 2010 | 0 comments

Han Dong, Senior Product Marketing Manager, User Authentication

One great thing about blogging for a company like VeriSign, which happens to have so many cool tools in its bag, is that it's so easy to find several blogs on the net that mention you. And in this case I'm referring to a Wall Street Journal blog: "Under Surveillance: Big Brother Stocks", by James Altucher. atm.jpg In this blog, Altucher talks about all of the various measures (and money spent - to the tune of $200 billion in the U.S.) taken to automate the monitoring and protection of your banking transactions, checking in at the airport, and even your simple ATM cash withdrawal.

vipmobile | 15 Dec 2009 | 0 comments

Han Dong, Senior Product Marketing Manager, User Authentication

Some thoughts on a couple of recent articles, one from Gartner Research: Where Strong Authentication Fails and What You Can Do About It, by Avivah Litan and a similar article by Jaikumar Vijayan in Computerworld, which also references Ms. Litan's article.

The basic idea presented in these two articles is that "one-time passwords...are no longer enough to protect online banking transactions against fraud." These one-time password (OTP) token-based two-factor authentication methods may be compromised by man-in-the-browser malware that overwrites the user transactions to steal their assets. So the...

yeinav | 15 Sep 2009 | 0 comments

It's about time Hollywood produces a blockbuster about identity management.

No, I'm kidding. No producer would never even read a script which includes the term "identity management" in its title (except, perhaps, "Harry Potter and the Identity Management Prince"). But there is a new Bruce Willis movie that deals with the issue of identities, among other things, and, well, that's a start.

The movie is called "Surrogates" (watch trailer), and it tells the story of a futuristic world in which humans live in isolation while only communicating with their fellow man through robots that serve as social surrogates and are better-looking versions of their human counterparts.

Now isn't that kind of what happens today in our own world? When we go to the web we have a virtual identity through which we communicate with our fellow man, fellow banks, fellow stores: we send our virtual...

yeinav | 10 Dec 2008 | 0 comments

By Yohai Einav, Senior Fraud Analyst

A deserted street, night, a frightened old lady hops towards a policeman who just left the bar.
Old lady: "Please officer, this e-mail is trying to phish me!"
She shows a laptop to the Policeman.
Old lady: "My grandson gave it to me for my birthday, and he warned me of such things. Now it is trying to phish me!"
Policeman: "Let me see this".
The Policeman looks at the screen. He sees a phishing email.
Policeman: "Lady, do you have any idea what this is? This is identity theft! Wait a second; I must report this to my superiors right away!"

The policeman talks into his walkie-talkie:
Policeman: "Jim, I want to report an identity theft on 8th and Houston.... Yes, an old lady again.... Yes, her grandson... no, I didn't get the IP..."
The policeman leans toward the old lady.
Policeman: "You are lucky to still have your...

vipblog | 12 Nov 2008 | 0 comments

By Yohai Einav, VeriSign Senior Fraud Researcher The FTC announced last month that is pushing back the deadline for the implementation of the "red-flag" requirements for another six months. Under the "red flags" all financial institutions must develop and implement an "Identity Theft Prevention Program", which includes "reasonable policies and procedures for detecting, preventing and mitigating identity theft". I'm pretty confident that somewhere in the world security chiefs are dancing in relief, and, on the other hand, so are many fraudsters (in their filthy underground caves). FFIEC guidance and beyond So why are fraudsters relieved? Because a well planned and implemented red flag program could actually slow the fraud business. While the 2005 FFIEC...

vipblog | 11 Aug 2008 | 0 comments

By Yohai Einav, VeriSign Senior Fraud Analyst

What happened to good ol' fraud?

There's a new trend in online fraud today - it is getting more brutal.

A few years ago, when a fraudster wanted to get your online banking credentials, he would send you a phishing email, asking you kindly to send him your bank's login and password; today, he would simply infect your PC with malware, then take your details by force.

Fraudsters not believing in the goodness of mankind and taking things by force?! Yes - we live in crazy times.

The brutal trend doesn't end with phishing. The same evolution happens today in the online brokerage world with the "Pump and Dump" scam.

Pump and Dump 1.0

The classic Pump and Dump scam is one of the oldest tricks in the book. Its guiding principle is simple: if you can buy a worthless stock for a very low price (typically micro-cap companies), then sell it quickly for a much higher...

vipblog | 06 Aug 2008 | 0 comments

by Perry Tancredi, Senior Product Manager, VeriSign Fraud Detection Service

I'm Perry Tancredi, and I manage the VeriSign VIP Fraud Detection Service product. A lot of times when I explain what I do to my friends and family, especially when I talk about some of the latest attacks we see, the conversation turns to whether or not it's too risky to do anything online at all. People want to know if I think banking and shopping online is safe, what virus program I use at home and what they should be doing to protect themselves.

I had already been writing this post when the news about the largest case of identity theft in America (BBC,...

vipblog | 23 Jun 2008 | 0 comments

By Yohai Einav, VeriSign Senior Fraud Analyst

I was on my way to the airport, chatting with my cab driver. After I told him my overused joke about the peasant, the seigneur and the miraculous goat, he asked me for my profession. "Oh, fraud?", he said. "You know, I almost lost $7,000 to card fraud last year".

So the sanguine driver told me how his bank called him, warning him he had gone into overdraft. When he investigated this he found that his Visa card had recently been charged with $6,000. He called Visa, and they told him - "Sir, didn't you make two £1,500 transactions in London two weeks ago?"

No, he was never in London. No, he rarely uses the British Pound in Israel.

"Time out", I said. "Credit card issuers know that this could happen, and no way could these two transactions have passed without Visa noticing them". Firstly, the amounts were high, and secondly, the driver's card had a consistent pattern of transactions in only one...