3 Powerful Security Methods to Prevent Identity Breaches October 16, 2013 by Tom Potterf security Protecting against online crime and fraud in an interconnected, cross-device world is more challenging than ever for companies transacting valuable assets with other companies over the internet, selling products or information in a web application, or under regulatory compliance mandates. Online criminals are utilizing increasingly sophisticated techniques to gain access to valuable assets, and securing against these threats doesn’t end at protecting the front door. It requires layered defenses and shared security intelligence that looks well beyond IP address, geolocation, and trusting customers’ antivirus. With Janrain, organizations can enable users to register and sign in using the identities they have already established with Facebook, Google, and Yahoo!, thereby utilizing these top identity providers’ existing state-of-the-art security measures. For organizations that require deeper levels of security, there are additional strategies that can be deployed to protect the business and customers from online crime and fraud, including two-factor authentication, threat detection, and fraud detection. 1) Two-Factor Authentication One-factor authentication involves something a user knows, typically a password. Passwords can be a secure method provided customers are creating strong ones and changing them frequently…but that approach creates its own set of problems. And even the strongest passwords can be intercepted and captured through a variety of methods, though one-time passwords can be used to enhance the the security of the one-factor method. Two-factor authentication takes one-factor and adds something a user has, significantly improving authentication security. Customers are familiar with this method. For example, whenever you visit the ATM, you’re using two-factor authentication by inserting your bank card (the thing you have) and inputting your PIN (the thing you know). Online, two-factor authentication can involve a digital certificate (when accessing a VPN for example), a physical token, or a tokenless approach where customers access a website by using an app on their verified mobile device to scan a QR code on a website to authenticate their identity. 2) Threat Detection Depending on the needs of the organization, security threats can be detected and risks mitigated through a variety of methods. Device identification helps organizations validate returning customers for online access and transaction requests by detecting device attributes and anomalies. If a device has been compromised, risk mitigation actions can be taken based on the requirements of the organization and type of transaction. Threat detection also involves the ability to detect, assess, and act on desktop, laptop, and mobile devices that have been compromised by botnets deployed from IP-masking proxies and VPNs, malware or OS-level rootkits surreptitiously installed on poorly-protected customer devices, and man-in-the-middle attacks that intercept sessions and inject new messages that pose as authentic business transactions/conversations in order to hijack authentication keys and obtain other personal data. This data can also be aggregated with other transactional data to create incredibly accurate risk assessment tools for all kinds of application requests. 3) Fraud Detection Sophisticated fraud detection methods build behavioral profiles from past user behavior and then compare that to visitors to determine if they are who they say they are. Peoples’ social behaviors across social networks create a unique and hard-to-replicate signature that is a powerful method to assert an authentic online identity. When a new user registers using social registration or a form, your site queries a third-party provider that computes an authenticity score and is either verified, sequestered, or rejected for an account creation. What’s an Enterprise to Do? Through social login, organizations can rely on the top identity providers state-of-the-art identity verification methods, systems, and full-time security teams. By enabling account creation through a major player like Facebook, Google, or Yahoo!, there are substantial privacy and security advantages of social login. Additional depth of identity security and validation is offered through security and authentication vendors: VASCO provides cloud-based authentication services including two-factor authentication, one-time passwords, strong user authentication and e-signatures, and provides consumers with MYDIGIPASS.COM, a free password management and sign-on app for use on enabled sites. Socure provides detection of fraudulent users on your website and mobile applications, as well as analytics to gain insights about your business’ fraud footprint.