SlideShare ist ein Scribd-Unternehmen logo

ISS SA le presenta IdentityGuard Mobile de Entrust

Als PPT, PDF herunterladen
Information Security Services SA
Information Security Services SA

La aplicación avanzada de autenticación móvil es un componente de un enfoque de seguridad de capas para frustrar los ataques maliciosos de software Man-in-the-Browser - como el vil Zeus Trojan - y está ya disponible como parte de la versión más reciente de Entrust IdentityGuard 9.3. "Para combatir con efectividad las cadenas cada vez más sofisticadas de software malicioso, incluyendo los ataques Man-in-the-Browser, las instituciones financieras deberían utilizan un enfoque por capas dirigido por soluciones de seguridad basadas en identidad demostradas", "Además de los sólidos métodos de autenticación y fraude, la verificación de transacciones fuera de banda mediante una aplicación móvil puede demostrar ser efectiva para ayudar a combatir los ataques Man-in-the-Browser".

Technologie
1 von 31
Ganando la batalla contra el Man-in-the-Browser
Let’s talk about Man-in-the-Browser
 
How does it work? 3 User initiates ACH or Wire Transfer 4 Malware intercepts user’s request, substitutes alternate amount and destination Bank receives malware’s request, sends transaction details for review and requests one-time-passcode (OTP) 5 Malware intercepts site’s transaction detail confirmation, modifies them to correspond to user’s initial request 6 7 User views transaction details (which look fine) then enters OTP token code into Web browser Bank receives and validates OTP, transacting the malware-modified transaction without the user ever knowing 8 User visits bank and logs into account 1 Malware ‘wakes up’ based on URL watch list 2
Alternative approaches to capturing user information… Malware modifies web pages to prompt for OTP so it can silently execute a wire transfer or send OTP to criminal via Instant Message
La Alternativa: la verificación de transacciones fuera de banda mediante una aplicación móvil H. Chen
Demonstration
 
 
 
 
 
 
 
User phone automatically wakes up and notifies user of transaction
Application is PIN protected to ensure security
User reviews and confirms transaction details… … or gets instructions if transaction is suspect
If transaction details OK, user gets confirmation code to enter on web browser
 
 
Transaction history maintained for future reference
Entrust IdentityGuard Mobile ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Entrust IdentityGuard Mobile H. Chen
Multiple Identities, one device Mix of Soft token only and Transaction Notification Independent activation and control Customizable branding per identity Multiple Identities
Entrust Mobile - Soft Token only OATH compliant Time-based soft token 30 second time window Brandable interface
IDG Mobile - with Transaction Verification (TVS) OATH Time-based Soft Token Transaction details confirmed out of band on mobile device No data entry OATH signature of transaction contents User confirms transaction or acts on suspect details
IDG Mobile – 1 product, 2 functions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How Transaction Verification Works User attempts to undertake a risky transaction (ex: Wire Transfer) 1 2 Banking application requests OOB Transaction Verification from on-premise IDG User opens Entrust Mobile Application 3 IDG Mobile retrieves transaction details from bank’s IDG & displays to user 4 5 User confirms details and enters OTP in web browser OR reads how to deal with a suspect transaction Customer Banking Application Self Service Module IdentityGuard
How the Optional Notification Service Works Transaction Notification Service Transaction Notification Request Transaction Notification Request Apple Notification Service User attempts to undertake a risky transaction (ex: Wire Transfer) 1 2 Banking application requests OOB Transaction Verification from on-premise IDG 3 IDG sends notification message to Entrust cloud service 4 Entrust cloud service sends notification to appropriate provider Provider sends message to device & wakes up IDG Mobile 5 IDG Mobile retrieves transaction details from bank’s IDG & displays to user 6 7 User reads details and enters OTP in web browser OR reads how to deal with a suspect transaction Q4, 2010 Customer Banking Application Self Service Module IdentityGuard
CONFIDENTIAL Time-based OTP Transaction Confirm & Sign August 2010 August 2010 Q4/2010 Early 2011 TBD Early 2011 Early 2011
Thank you! ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Empfohlen

v 1.0
v 1.0v 1.0
v 1.0Vinod Amarathunga
 
INTERNET BANKING PPT
INTERNET BANKING PPTINTERNET BANKING PPT
INTERNET BANKING PPTAnchit Rajawat
 
Online banking||
Online banking||Online banking||
Online banking||hemanth sanju
 
Online banking
Online bankingOnline banking
Online bankingPreet Raj
 
Internet Banking
Internet BankingInternet Banking
Internet Bankingguestf9788dc7
 
Internet Banking
Internet BankingInternet Banking
Internet BankingKamlesh Thakur
 
Internet Banking PPT
Internet Banking PPTInternet Banking PPT
Internet Banking PPTayush goyal
 
Mobile Banking
Mobile BankingMobile Banking
Mobile BankingAjitesh Srivastava
 

Empfohlen

v 1.0
v 1.0v 1.0
v 1.0Vinod Amarathunga
 
INTERNET BANKING PPT
INTERNET BANKING PPTINTERNET BANKING PPT
INTERNET BANKING PPTAnchit Rajawat
 
Online banking||
Online banking||Online banking||
Online banking||hemanth sanju
 
Online banking
Online bankingOnline banking
Online bankingPreet Raj
 
Internet Banking
Internet BankingInternet Banking
Internet Bankingguestf9788dc7
 
Internet Banking
Internet BankingInternet Banking
Internet BankingKamlesh Thakur
 
Internet Banking PPT
Internet Banking PPTInternet Banking PPT
Internet Banking PPTayush goyal
 
Mobile Banking
Mobile BankingMobile Banking
Mobile BankingAjitesh Srivastava
 
Internet Banking
Internet BankingInternet Banking
Internet BankingAjilal
 
Asto card into
Asto card intoAsto card into
Asto card intoIB Kang
 
Internet banking
Internet bankingInternet banking
Internet bankingAYUSH PANDEY
 
FinTech, Internet of Things & Patents
FinTech, Internet of Things & PatentsFinTech, Internet of Things & Patents
FinTech, Internet of Things & PatentsAlex G. Lee, Ph.D. Esq. CLP
 
online banking
online bankingonline banking
online bankingRajat Goyal
 
Financial-IT buzzwords and trends 2014
Financial-IT buzzwords and trends 2014Financial-IT buzzwords and trends 2014
Financial-IT buzzwords and trends 2014Sandeep Gupta
 
Secure Online Banking
Secure Online BankingSecure Online Banking
Secure Online BankingVASCO Data Security
 
Electronic fund transfer
Electronic fund transferElectronic fund transfer
Electronic fund transferPaulpandi Veerachamy, CMA
 
Qafis, Regular smartcards 150313001
Qafis, Regular smartcards 150313001Qafis, Regular smartcards 150313001
Qafis, Regular smartcards 150313001Qafis
 
Internet Banking by Chethan Raju
Internet Banking by Chethan RajuInternet Banking by Chethan Raju
Internet Banking by Chethan Rajuchethu6391
 
Online banking
Online bankingOnline banking
Online bankingRanvirSingh133
 
Online banking
Online bankingOnline banking
Online bankingpurva kudalkar
 
E banking
E bankingE banking
E bankingPriyanka Shinde
 
Pakistan e services portal project
Pakistan e services portal projectPakistan e services portal project
Pakistan e services portal projectSyed Raza
 
Fintech en
Fintech enFintech en
Fintech enKyrylo Manakhov
 
Internet banking
Internet bankingInternet banking
Internet bankingmsarifff
 
Upi training
Upi trainingUpi training
Upi trainingSaurabh Madan
 
E banking security
E banking securityE banking security
E banking securityIman Rahmanian
 
E banking and M-banking
E banking and M-bankingE banking and M-banking
E banking and M-bankingKishan Dholakiya
 
An Improvement To The Set Protocol Based On Signcryption
An Improvement To The Set Protocol Based On SigncryptionAn Improvement To The Set Protocol Based On Signcryption
An Improvement To The Set Protocol Based On Signcryptionijcisjournal
 
FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO Alliance
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 

Weitere ähnliche Inhalte

Was ist angesagt?

Internet Banking
Internet BankingInternet Banking
Internet BankingAjilal
 
Asto card into
Asto card intoAsto card into
Asto card intoIB Kang
 
Financial-IT buzzwords and trends 2014
Financial-IT buzzwords and trends 2014Financial-IT buzzwords and trends 2014
Financial-IT buzzwords and trends 2014Sandeep Gupta
 
Qafis, Regular smartcards 150313001
Qafis, Regular smartcards 150313001Qafis, Regular smartcards 150313001
Qafis, Regular smartcards 150313001Qafis
 
Internet Banking by Chethan Raju
Internet Banking by Chethan RajuInternet Banking by Chethan Raju
Internet Banking by Chethan Rajuchethu6391
 
Pakistan e services portal project
Pakistan e services portal projectPakistan e services portal project
Pakistan e services portal projectSyed Raza
 
Internet banking
Internet bankingInternet banking
Internet bankingmsarifff
 
An Improvement To The Set Protocol Based On Signcryption
An Improvement To The Set Protocol Based On SigncryptionAn Improvement To The Set Protocol Based On Signcryption
An Improvement To The Set Protocol Based On Signcryptionijcisjournal
 

Was ist angesagt? (20)

Internet Banking
Internet BankingInternet Banking
Internet Banking
 
Asto card into
Asto card intoAsto card into
Asto card into
 
Internet banking
Internet bankingInternet banking
Internet banking
 
FinTech, Internet of Things & Patents
FinTech, Internet of Things & PatentsFinTech, Internet of Things & Patents
FinTech, Internet of Things & Patents
 
online banking
online bankingonline banking
online banking
 
Financial-IT buzzwords and trends 2014
Financial-IT buzzwords and trends 2014Financial-IT buzzwords and trends 2014
Financial-IT buzzwords and trends 2014
 
Secure Online Banking
Secure Online BankingSecure Online Banking
Secure Online Banking
 
Electronic fund transfer
Electronic fund transferElectronic fund transfer
Electronic fund transfer
 
Qafis, Regular smartcards 150313001
Qafis, Regular smartcards 150313001Qafis, Regular smartcards 150313001
Qafis, Regular smartcards 150313001
 
Internet Banking by Chethan Raju
Internet Banking by Chethan RajuInternet Banking by Chethan Raju
Internet Banking by Chethan Raju
 
Online banking
Online bankingOnline banking
Online banking
 
Online banking
Online bankingOnline banking
Online banking
 
E banking
E bankingE banking
E banking
 
Pakistan e services portal project
Pakistan e services portal projectPakistan e services portal project
Pakistan e services portal project
 
Fintech en
Fintech enFintech en
Fintech en
 
Internet banking
Internet bankingInternet banking
Internet banking
 
Upi training
Upi trainingUpi training
Upi training
 
E banking security
E banking securityE banking security
E banking security
 
E banking and M-banking
E banking and M-bankingE banking and M-banking
E banking and M-banking
 
An Improvement To The Set Protocol Based On Signcryption
An Improvement To The Set Protocol Based On SigncryptionAn Improvement To The Set Protocol Based On Signcryption
An Improvement To The Set Protocol Based On Signcryption
 

Ähnlich wie ISS SA le presenta IdentityGuard Mobile de Entrust

FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO Alliance
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 
Mobile Wallet security
Mobile Wallet securityMobile Wallet security
Mobile Wallet securitySuraj Pratap
 
Zoliao Visitor Management System
Zoliao Visitor Management SystemZoliao Visitor Management System
Zoliao Visitor Management SystemSunny Tan
 
Revolutionizing digital authentication with gsma mobile connect
Revolutionizing digital authentication with gsma mobile connectRevolutionizing digital authentication with gsma mobile connect
Revolutionizing digital authentication with gsma mobile connectKeet Sugathadasa
 
Explaining Multi Cryptocurrency Payment Gateways!
Explaining Multi Cryptocurrency Payment Gateways!Explaining Multi Cryptocurrency Payment Gateways!
Explaining Multi Cryptocurrency Payment Gateways!GDC Coin
 
whitelabel mobile payments system 230551927
whitelabel mobile payments system 230551927whitelabel mobile payments system 230551927
whitelabel mobile payments system 230551927Velmie
 
Wallet mobile-ui-presentation
Wallet mobile-ui-presentationWallet mobile-ui-presentation
Wallet mobile-ui-presentationVelmie
 
Citcall : Real-Time User Verification with Missed-Call Based OTP
Citcall : Real-Time User Verification with Missed-Call Based OTPCitcall : Real-Time User Verification with Missed-Call Based OTP
Citcall : Real-Time User Verification with Missed-Call Based OTPTech in Asia ID
 
apidays London 2023 - Building Multi-Factor Authentication into your applicat...
apidays London 2023 - Building Multi-Factor Authentication into your applicat...apidays London 2023 - Building Multi-Factor Authentication into your applicat...
apidays London 2023 - Building Multi-Factor Authentication into your applicat...apidays
 
Cidway Securing POS Transactions
Cidway Securing POS TransactionsCidway Securing POS Transactions
Cidway Securing POS Transactionslfilliat
 
Two Factor Authentication Using Smartphone Generated One Time Password
Two Factor Authentication Using Smartphone Generated One Time PasswordTwo Factor Authentication Using Smartphone Generated One Time Password
Two Factor Authentication Using Smartphone Generated One Time PasswordIOSR Journals
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxITIO Innovex
 
Sentegra MobileBeat 2010 Startup Competition Presentation
Sentegra MobileBeat 2010 Startup Competition PresentationSentegra MobileBeat 2010 Startup Competition Presentation
Sentegra MobileBeat 2010 Startup Competition PresentationVentureBeat
 
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengManaging & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengKnowledge Group
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
Tim sloane preparing for rapid payments innovation
Tim sloane preparing for rapid payments innovationTim sloane preparing for rapid payments innovation
Tim sloane preparing for rapid payments innovationCO-OPFinancialServices
 

Ähnlich wie ISS SA le presenta IdentityGuard Mobile de Entrust (20)

FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
 
SECURED BANKING TRANSACTION USING VIRTUAL PASSWORD
SECURED BANKING TRANSACTION USING VIRTUAL PASSWORDSECURED BANKING TRANSACTION USING VIRTUAL PASSWORD
SECURED BANKING TRANSACTION USING VIRTUAL PASSWORD
 
Mobile Wallet security
Mobile Wallet securityMobile Wallet security
Mobile Wallet security
 
Zoliao Visitor Management System
Zoliao Visitor Management SystemZoliao Visitor Management System
Zoliao Visitor Management System
 
Access management
Access managementAccess management
Access management
 
Revolutionizing digital authentication with gsma mobile connect
Revolutionizing digital authentication with gsma mobile connectRevolutionizing digital authentication with gsma mobile connect
Revolutionizing digital authentication with gsma mobile connect
 
Explaining Multi Cryptocurrency Payment Gateways!
Explaining Multi Cryptocurrency Payment Gateways!Explaining Multi Cryptocurrency Payment Gateways!
Explaining Multi Cryptocurrency Payment Gateways!
 
whitelabel mobile payments system 230551927
whitelabel mobile payments system 230551927whitelabel mobile payments system 230551927
whitelabel mobile payments system 230551927
 
Wallet mobile-ui-presentation
Wallet mobile-ui-presentationWallet mobile-ui-presentation
Wallet mobile-ui-presentation
 
Citcall : Real-Time User Verification with Missed-Call Based OTP
Citcall : Real-Time User Verification with Missed-Call Based OTPCitcall : Real-Time User Verification with Missed-Call Based OTP
Citcall : Real-Time User Verification with Missed-Call Based OTP
 
apidays London 2023 - Building Multi-Factor Authentication into your applicat...
apidays London 2023 - Building Multi-Factor Authentication into your applicat...apidays London 2023 - Building Multi-Factor Authentication into your applicat...
apidays London 2023 - Building Multi-Factor Authentication into your applicat...
 
Cidway Securing POS Transactions
Cidway Securing POS TransactionsCidway Securing POS Transactions
Cidway Securing POS Transactions
 
Digital wallet
Digital walletDigital wallet
Digital wallet
 
Two Factor Authentication Using Smartphone Generated One Time Password
Two Factor Authentication Using Smartphone Generated One Time PasswordTwo Factor Authentication Using Smartphone Generated One Time Password
Two Factor Authentication Using Smartphone Generated One Time Password
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptx
 
Sentegra MobileBeat 2010 Startup Competition Presentation
Sentegra MobileBeat 2010 Startup Competition PresentationSentegra MobileBeat 2010 Startup Competition Presentation
Sentegra MobileBeat 2010 Startup Competition Presentation
 
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengManaging & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee Seng
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
 
Tim sloane preparing for rapid payments innovation
Tim sloane preparing for rapid payments innovationTim sloane preparing for rapid payments innovation
Tim sloane preparing for rapid payments innovation
 

Mehr von Information Security Services SA

ISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustInformation Security Services SA
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustInformation Security Services SA
 
ISS SA: Spector360 Funcionalidad para Mantener la privacidad
ISS SA: Spector360 Funcionalidad para Mantener la privacidadISS SA: Spector360 Funcionalidad para Mantener la privacidad
ISS SA: Spector360 Funcionalidad para Mantener la privacidadInformation Security Services SA
 

Mehr von Information Security Services SA (14)

Catalogo DMS
Catalogo DMSCatalogo DMS
Catalogo DMS
 
ISS SA Protección de la Información e Identidad
ISS SA Protección de la Información e IdentidadISS SA Protección de la Información e Identidad
ISS SA Protección de la Información e Identidad
 
ISS SA Comunicado de Prensa sobre Entrust
ISS SA Comunicado de Prensa sobre EntrustISS SA Comunicado de Prensa sobre Entrust
ISS SA Comunicado de Prensa sobre Entrust
 
ISS SA Reseña de sus Soluciones Julio 2011
ISS SA Reseña de sus Soluciones Julio 2011ISS SA Reseña de sus Soluciones Julio 2011
ISS SA Reseña de sus Soluciones Julio 2011
 
ISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de Entrust
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
 
ISS S.A: le presenta Spector Pro de SpectorSoft
ISS S.A: le presenta Spector Pro de SpectorSoftISS S.A: le presenta Spector Pro de SpectorSoft
ISS S.A: le presenta Spector Pro de SpectorSoft
 
ISS S.A. le presenta Spector 360 de SpectorSoft
ISS S.A. le presenta Spector 360 de SpectorSoftISS S.A. le presenta Spector 360 de SpectorSoft
ISS S.A. le presenta Spector 360 de SpectorSoft
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
ISS SA: Autenticación de dos Factores para Consumidores
ISS SA: Autenticación de dos Factores para ConsumidoresISS SA: Autenticación de dos Factores para Consumidores
ISS SA: Autenticación de dos Factores para Consumidores
 
ISS SA: Spector360 Funcionalidad para Mantener la privacidad
ISS SA: Spector360 Funcionalidad para Mantener la privacidadISS SA: Spector360 Funcionalidad para Mantener la privacidad
ISS SA: Spector360 Funcionalidad para Mantener la privacidad
 
ISS SA le Presenta Spector 360 de SpectorSoft
ISS SA le Presenta Spector 360 de SpectorSoftISS SA le Presenta Spector 360 de SpectorSoft
ISS SA le Presenta Spector 360 de SpectorSoft
 
ISS SA: Lo nuevo en la Version 5.5 de UserLock
ISS SA: Lo nuevo en la Version 5.5 de UserLockISS SA: Lo nuevo en la Version 5.5 de UserLock
ISS SA: Lo nuevo en la Version 5.5 de UserLock
 
ISS SA le Presenta UserLock de IS Decisions
ISS SA le Presenta UserLock de IS DecisionsISS SA le Presenta UserLock de IS Decisions
ISS SA le Presenta UserLock de IS Decisions
 

Kürzlich hochgeladen

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Kürzlich hochgeladen (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

ISS SA le presenta IdentityGuard Mobile de Entrust

  • 1. Ganando la batalla contra el Man-in-the-Browser
  • 2. Let’s talk about Man-in-the-Browser
  • 3.  
  • 4. How does it work? 3 User initiates ACH or Wire Transfer 4 Malware intercepts user’s request, substitutes alternate amount and destination Bank receives malware’s request, sends transaction details for review and requests one-time-passcode (OTP) 5 Malware intercepts site’s transaction detail confirmation, modifies them to correspond to user’s initial request 6 7 User views transaction details (which look fine) then enters OTP token code into Web browser Bank receives and validates OTP, transacting the malware-modified transaction without the user ever knowing 8 User visits bank and logs into account 1 Malware ‘wakes up’ based on URL watch list 2
  • 5. Alternative approaches to capturing user information… Malware modifies web pages to prompt for OTP so it can silently execute a wire transfer or send OTP to criminal via Instant Message
  • 6. La Alternativa: la verificación de transacciones fuera de banda mediante una aplicación móvil H. Chen
  • 8.  
  • 9.  
  • 10.  
  • 11.  
  • 12.  
  • 13.  
  • 14.  
  • 15. User phone automatically wakes up and notifies user of transaction
  • 16. Application is PIN protected to ensure security
  • 17. User reviews and confirms transaction details… … or gets instructions if transaction is suspect
  • 18. If transaction details OK, user gets confirmation code to enter on web browser
  • 19.  
  • 20.  
  • 21. Transaction history maintained for future reference
  • 22.
  • 24. Multiple Identities, one device Mix of Soft token only and Transaction Notification Independent activation and control Customizable branding per identity Multiple Identities
  • 25. Entrust Mobile - Soft Token only OATH compliant Time-based soft token 30 second time window Brandable interface
  • 26. IDG Mobile - with Transaction Verification (TVS) OATH Time-based Soft Token Transaction details confirmed out of band on mobile device No data entry OATH signature of transaction contents User confirms transaction or acts on suspect details
  • 27.
  • 28. How Transaction Verification Works User attempts to undertake a risky transaction (ex: Wire Transfer) 1 2 Banking application requests OOB Transaction Verification from on-premise IDG User opens Entrust Mobile Application 3 IDG Mobile retrieves transaction details from bank’s IDG & displays to user 4 5 User confirms details and enters OTP in web browser OR reads how to deal with a suspect transaction Customer Banking Application Self Service Module IdentityGuard
  • 29. How the Optional Notification Service Works Transaction Notification Service Transaction Notification Request Transaction Notification Request Apple Notification Service User attempts to undertake a risky transaction (ex: Wire Transfer) 1 2 Banking application requests OOB Transaction Verification from on-premise IDG 3 IDG sends notification message to Entrust cloud service 4 Entrust cloud service sends notification to appropriate provider Provider sends message to device & wakes up IDG Mobile 5 IDG Mobile retrieves transaction details from bank’s IDG & displays to user 6 7 User reads details and enters OTP in web browser OR reads how to deal with a suspect transaction Q4, 2010 Customer Banking Application Self Service Module IdentityGuard
  • 30. CONFIDENTIAL Time-based OTP Transaction Confirm & Sign August 2010 August 2010 Q4/2010 Early 2011 TBD Early 2011 Early 2011
  • 31.