Digital Resolve Adds Website Authentication Module(TM) to Fraud Analyst Line; Online Fraud Prevention Solution Aimed at Spoofed Websites and Man-in-the-Middle Attacks.ATLANTA -- Digital Resolve, the leading provider of transparent, risk-based authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. solutions, has introduced a new approach to mutual authentication Mutual authentication or two-way authentication refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both with the addition of a Website Authentication Module to its Fraud Analyst product for online fraud and identity theft prevention for the financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. industry. With Digital Resolve's Fraud Analyst Website Authentication Module, financial institutions can now provide their customers with the ability to seamlessly determine whether or not they are communicating with their banks' Web servers. This Module is aimed at the detection of fake Websites and the prevention of Website spoofing Website spoofing is the act of creating a website, as a hoax, with the intention of misleading readers that the website has been created by a different person or organisation. Normally, the website will adopt the design of the target website and sometimes has a similar URL. , more specifically Man-in-the-Middle attacks that involve a cyber (1) From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently. See virtual. criminal redirecting the consumer from a bank's Website to the criminal's server. That server then acts as a proxy for communication between the consumer's personal computer and the bank's Website, allowing the attacker to observe all the data passed in between. "There has been an enormous focus recently on one-way security In computer security, one-way security is a means of protecting sensitive computer data, which needs to be verified but not read. The sensitive data (such as a password) is hashed to make a unique, unreadable string of text. strategies that authenticate (1) To verify (guarantee) the identity of a person or company. To ensure that the individual or organization is really who it says it is. See authentication and digital certificate. (2) To verify (guarantee) that data has not been altered. customers to financial institutions," Dennis Maicon, executive vice president, Financial Services Solutions, said. "However, most financial institutions are not authenticating their Websites to customers and prospects before collecting sensitive information. This is the very reason that phishing, pharming pharming (fär`mĭng), the use of genetically altered livestock, such as cows, goats, pigs, and chickens, to produce medically useful products. , and now Man-in-the-Middle attacks are successful. Until now, unsuspecting consumers just cannot tell they are being redirected to a spoofed Website during an attack or that a man in the middle has hijacked their session." Unlike current technologies in the marketplace that incorporate cookies and shared images or watermarks and require active user participation, Digital Resolve's Website Authentication Module is very difficult to defeat and provides protection against phishing, pharming and man in the middle attacks without intervention by end users. Furthermore, other approaches to mutual authentication provide no protection beyond login Signing in and gaining access to a network server, Web server or other computer system. The process (the noun) is a "login" or "logon," while the act of doing it (the verb) is to "log in" or to "log on. authentication, such as when non-bank customers wish to apply for a bank's services online and as such must provide personally identifiable information In information security and privacy, personally identifiable information or personally identifying information (PII) is any piece of information which can potentially be used to uniquely identify, contact, or locate a single person. . This fool-proof solution utilizes patented techniques to create a "trusted" server list that legitimizes Websites and verifies that there is no man in the middle for both banking customers and non-customers alike. In addition, the Website Authentication Module's back-end processes use patented methods to build the trusted server list in a secure environment, with constant quality checks to identify any potential list contamination. "Allowing the customer's computer to determine who it is communicating with is crucial to any mutual authentication strategy. Current approaches using secure cookies and shared images are still extremely vulnerable to these types of insidious attacks. They simply do not provide the necessary - and expected - protection when a man in the middle is involved and do not even address a bank's prospects," Maicon added. Now in beta, the Website Authentication Module will be generally available in the fourth quarter of 2005. About Digital Resolve Digital Resolve is built on a legacy of developing innovative approaches to online authentication. It was the first company to introduce a privacy-sensitive online fraud prevention solution designed specifically for financial institutions and was the first to market with a real-time tool to protect against phishing. Most recently, the company pioneered a transparent approach to multi-factor authentication. Through its Fraud Analyst and E-Scam products, Digital Resolve provides financial institutions, Internet Service Providers Internet service provider (ISP) Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. and other online entities with seamless and non-invasive methods to protect the online channel and to build consumer confidence in utilizing Internet communications and transactions. For more information, please visit www.digital-resolve.net. Digital Resolve is a business unit of Digital Envoy. |
|
Printer friendly
Cite/link
Email
Feedback
Reader Opinion