Data Breaches are so common nowadays, which are linked to compromised Usernames and Passwords. Recent hacking attacks on Target, Neiman Marcus (holiday hack that pilfered tens of millions or more customer payment cards), eBay (145 million accounts were compromised in massive hack) and other retailers have triggered debates about data security practices, outdated payment technology system and breach notification laws. With industry experts saying these breaches are just the tip of the iceberg, so what can be done to reduce the impact of data breaches?
According to an extensive analysis of cost of fraud in US, total merchant losses “continued to be a $100 billion-plus problem” and for every $1 of direct fraud, merchants incur a “Multiplier effect” of $2.33. In this quick webinar, we discussed how ecommerce players are using a special application of voice biometrics to effectively combat m-commerce/ecommerce fraud.
Email to me at devasenag@sensiple.com for a recorded version of this session.
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Voice Biometrics-The New Normal Fraud Prevention Solution for High Profile Data Breaches
1.
2. 2
Why We are Here…
Lets Talk about Ecommerce
Fraud
Share some ideas on stronger
authentication for mobile
transactions
How biometrics can help you
become a more carefree
impulse shopper?
Discuss some use cases,
business cases and demand
drivers
3. 3
Ecommerce Fraud- Current Scenario
According to a study by Lexis-Nexis Risk Solutions,
merchants lose 10 times more than banks,
& 20 times more than consumers, due to fraud each year
$20 Billion Fraud
Growing 2x the rate of online commerce
* Online Fraud Report, CyberSource,2012
* LexisNexis Report 2012
Source: ReD European customer, January-June 2013
4. 4
Threats Occur across the Entire User Session
4
Beginning of
Web Session
Login Transaction
and Logout
Vulnerability Probing
DDOS Attacks
Phishing Attacks
Site Scraping
New Account
Registration Fraud
Promotion Abuse
Parameter Injection
Password Guessing
Access from High Risk Country
Man in The Browser
Account Takeover
High Risk Checkout
Unauthorized Account
Activity
Fraudulent Money
Movement
Man in The Middle
Pre Authentication Threats
Fraud
Post Authentication Threats
5. 5
The Shadow Internet Economy
Online fraud continues to be a growing and costly
experience for all online merchants
Fraudsters are far more sophisticated and understand the
card processing systems far better than most merchants!
Identity theft is the single largest threat to non face-to-face
transaction processing;
Phishing, Skimming, Spoofing, Malware, Server Hacking,
Credit Card Number Generators, Counterfeiters, Black
Market Card and Billing Address Lists, Key Stroke Loggers
are all prevalent methods used by fraudsters today to obtain
personal and financial information!
The “Shadow Internet Economy” is a staggering $105 billion
underground business causing havoc worldwide
6. ALL RIGHTS RESERVED SENSIPLE 2014
6
Massive Data Hacks in the History
2011
21 million North America
customers Financial data
Credit card numbers of
70 million users
110 million
shopper’s data
800000
personal
data stolen
1.1 million credit card
data hacked
7. 7
Passwords Just do not Work ANYMORE….
For Users
Painful to Use
25 Accounts
8 Logins/Day
6.5 Passwords
For Ecommerce &
Banks
Difficult to Secure
$5.5 M/Data Breach
$15 M/PWD Reset
$60+ / Token
Strongest & Weakest sites Image Source: : www.dashlane.com/securityroundup
How will biometrics help turn you become a more
carefree impulse shopper?
Unwieldy password schemes combined with jitters
about security are dampening e-commerce, with
consumers abandoning their online shopping carts on
more than two out of three forays
~ according to a compilation of 22 studies by researcher
Baymard Institute
8. Source: Dashlane’s -The Illusion of Personal Data Security in E-Commerce: Dashlane Q1 2014 Personal Data Security Roundup
Security Score of Top 100 ecommerce sites in US
9. ALL RIGHTS RESERVED SENSIPLE 2014
9
Cyber risks mitigation strategy for Online Payments
• Payment Card Industry
Data Security Standard
(PCI-DSS)
• Guidelines for
authentication (FFIEC-
OCC)
• Recommendation for the
security of online
payments (ECB)
• General data protection
regulation (EU)
1.Meet technology
security standards
and regulations
• Analyze internet security
threats against online
payments systems
• Assess impacts of online
payment fraud (card non
present fraud, phishing
attacks, check fraud,
mobile payment fraud,
internet fraud)
2.Conduct a risk
assessment
• Strong authentication for
customers
• Transaction monitoring to
identify abnormal
customer payment
patterns
• Operational process for
authorizing transactions
• Customer awareness and
education
3.Implement
security measures
10. ALL RIGHTS RESERVED SENSIPLE 2003 10
Biometrics are the most sure method of confirming that a purchaser is authorized
Verification of identity
• Match to an identity on a card or token or in a database
Non-repudiation
• The transaction cannot be denied
Fraud / Theft Prevention
• A card number can be copied, but a person cannot
• A stolen card is not valid without a matching biometric
Removes the need for complex passwords and PINs
Can Voice Biometric help e-retailers restore consumer faith?
11. ALL RIGHTS RESERVED SENSIPLE 2014
11
Biometrics: The Next Stage in E-Commerce Fraud Prevention
Life a fingerprint, no two voices are exactly the same. Voice Biometrics makes use of “voice
print” to accurately and securely identify an individual and secure a transaction
• Voice Authentication: Your voice is your password. No need to remember passwords, PIN
or challenge info
• Voice Signature: Secure, legally binding signature over the phone using client’s voice print.
The output of Voice Signature is a legally binding e-Signature under the federal Electronic
Signatures in Global and National Commerce Act(E-SIGN)
Cloud-based service allows retailers to instantly set up and run their online business, processing
transactions using voice biometrics to authenticate/authorise their online and mobile-based
electronic payments
Retailers can automatically deploy biometric payment system to process secure mobile
payments
Once a user has set up their authenticator, any Voice biometric enabled retailer can use the
biometrics and authenticate the user by simply calling him or her
12. 12
Use Case: Leading Direct Bank and Payment Partner in the US
Enrollment Process:
Shopping cart page with the link to register ‘New User’
New user asked to select an unique ID (may be email id) and allowed to
register credit card details, billing address and shipping address (for this POC
we will assume one shipping address)
New user will be asked to enroll their voice print for future validation
Verification Process:
Shopping cart with link ‘Verify with your Voice’.
User asked to enter their unique ID (email id used during enrollment)
User asked to say the ‘Pass Phrase’ used during enrollment process/system
prompts the User to repeat a ‘PassPhrase’
User sample voice print verified and shopping cart details are auto
populated
13. 13
The Mobile Biometrics Era….
Over 90 million smartphones with biometric technology expected to be shipped in
2014. ~ Biometrics Research Group
Mobile commerce will drive millions of biometric smartphone shipments, billions in transactions.
The research consultancy expects that worldwide mobile payment transactions will reach $250
billion in 2014, reaching $750 billion in annual transactions with more than 700 million users by
2020
Consumers are using their smartphones to bridge
the gap between brick-and-mortar stores and
ecommerce
Ecommerce is everywhere
4 out 5
Consumers use
their
Smartphones
to shop
eBay Mobile
13,161,000 unique
shoppers in 1 month
1:04:02 hrs
14. 14
Secure: Voice biometrics is well suited
to smart device apps and forms a natural
part of a multifactor authentication
system
Convenient: Voice biometrics provides legally binding
e-signature for a secure multifactor process, using
various modes like On-screen prompting, out of
band call, in-app audio interface
Natural and Intuitive:
Using your voice on a smart device is natural,
intuitive and unobtrusive
Self-Serve: Increase self-serve usage by reducing
authentication failure rates self-serve high-risk
transaction capabilities
Secure Mobile Payments using Voice Biometrics
15. Global Software Solutions provider specializing in Customer Experience Management
Founded in 1999; 14 years of outsourcing excellence
Offices across US, Singapore and India with headquarters at NJ, USA and Off-shore Development centre in
India
ISO 9001:2008 certified offshore delivery center
Proven ability to work as Clients’ extended team meeting demand spikes; Risk-free Global Delivery Model
300 employees worldwide including over 100 technical specialists, R &D specialists and software developers
Largest R&D Department of any Voice Biometrics company
Clientele include Multinationals & Fortune 500 companies across the US & APAC region
Over 10+ years of experience in delivering Cloud IVR Solutions, Cloud Contact Center Platform & Customer
Experience Analytics Solution
SINGAPORE INDIA
300+
Team
USA
About Sensiple
2003ALL RIGHTS RESERVED SENSIPLE 2014 15
Global innovation Player in the field of authentication through Voice biometrics verification
16. For any queries, please reach out to:
Email: arast@sensiple.com
Phone: 732 283 0499 X 242
East Coast Operation
1000 Rt. 9 North, Suite 303
Woodbridge, NJ 07095 USA
Phone: 732-283-0499
Fax: 732-283-0489
Midwest Operation
13011 Scott St
Omaha, NE 68142 USA
Phone: 402 505 7790
Fax: 402 505 7798
Offshore Development Center
9/A15, SIPCOT IT Park, Padur Post
Siruseri, Chennai–603 103 INDIA
Phone: 91-44-4741 9000
Fax: 91-44-4741 9100
Thank You
ALL RIGHTS RESERVED SENSIPLE 2014 16