Blog

Blog

Increase E-Commerce Profits using Risk Based Authentication

Security Token Risk Based AuthenticationMost websites use the combination of usernames and passwords. Both are items that a user knows.  Asking “what street did I grow up on”, is just asking more things that a user knows, firms that do this are just implementing more KBA’s. Economics of Authentication To use some basic economics, the addition of the password as opposed to not requiring validation has a huge marginal benefit to the company. Implementing a second, and third and forth has an ever decreasing

Read More >

4 Big Problems with Knowledge Based Authentication

security_questionsLet’s look at the traditional method of Knowledge-based authentication to understand its shortfalls.BackgroundSince the dawn of the web, online account authentication has barely changed. A user would input their username (email or screen name) and follow up with a password.This is the foundation of knowledge-based authentication (KBA)For companies that aim to appear more secure, it isn’t uncommon for them to use knowledge-based authentication questions in addition to your password. I bank with two different bank accounts; both ask me what

Read More >

What is Risk Based Authentication? (KBA)

OTP-token Risk Based AuthenticationRisk-based authentication process applies varying levels of strictness to the authentication process based on the probability that a given application can be compromised. The authentication process becomes restrictive and casts a wider net based on the increase in risk.Understanding the Types of AuthenticationAuthentication methods are usually grouped into a few different factors.1.    Ownership FactorsBank cards, security tokens, mobile phone. Physical objects which a user is required to be in possession of. The risks to these types of authentication are theft

Read More >

Account Takeover – How Do Criminals Do It?

scripted-replayWe do not condone or support this and only aim to describe how easy it is for criminals to steal user account details. In 2013 alone we have seen the New York Times, Associated Press’ Twitter and the Ubutu forum hacked. These were all made possible by password theft. When a criminal tweeted as Reuters, the stock market dropped. The consequences are huge. We describe in 4 steps, how easy it is to perform these devastating attacks with very little

Read More >

$200m Credit Card Fraud – Quiser Khan and Shafique Ahmed Enter Guilty Plea

Tax Form Application FraudSix out of eighteen defendants; Quiser Khan, Shafique Ahmed, Muhammad Shafiq, Mohammad Khan, Vernina Adams and Raghbir Singh have all entered guilty pleas to the accusation of the creation of over 7,000 identities in order to create 25,000 credit cards. The credit card fraud and mass money-laundering scheme utilized over 169 foreign and domestic bank accounts. The gang used the accounts to steal and launder over $200 million dollars of banks’ money. The operation was highly organised and managed to

Read More >