GDS International - Strong Authentication Fraud Detection Solution


Published on

As global financial institutions seek to grow their customer base and the bottom line,
each must increasingly combat sophisticated cybersecurity threats while navigating
the growing challenge of compliance risk related to adhering with in-country laws.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

GDS International - Strong Authentication Fraud Detection Solution

  1. 1. Layered Security for Financial InstitutionsEnterprise-Wide Authentication & Fraud Detection FrameworkAs global financial institutions seek to grow their customer base and the bottom line, Solution Benefitseach must increasingly combat sophisticated cybersecurity threats while navigating • Layered security that spans global needsthe growing challenge of compliance risk related to adhering with in-country laws. for strong authentication and real-time fraud detection — all in a single securityCompounding the problem, siloed line-of-business applications and complex frameworkIT networks have mushroomed with “islands” of authentication and fraud detection • Unmatched deployment flexibility acrosssolutions throughout the enterprise. user groups, channels, geographies and varied IT network constraintsTo effectively improve security and compliance controls, total cost of ownershipand the end-customer experience, the world’s top financial institutions are adopting • Includes comprehensive migration capabilities to co-exist with current systems,identity-based security and fraud detection platforms that span enterprise-wide needs. streamline transition and reduce overall costsFrom wholesale, retail and investment banking, to the needs of internal employees, • Empowers FIs to defend against advancedFIs seek to decouple authentication and fraud detection from applications. Implementing fraud threats and comply with today’scross‑channel and cross-application frameworks not only meets varied needs, but provides global compliance regulations (e.g., Redthe agility and flexibility to react to new fraud vectors and compliance regulations. Flag (FACTA), FFIEC, Faster Payments) • Provides out-of-band authentication and transaction verification to stop advancedEnterprise-Wide Security Framework malware, including ZeuS, SpyEye and Ice IXEntrust’s layered, identity-based security solutions are specifically tailored to protect • Unmatched innovation, breadth offinancial institutions and the identities of their customers. The seamless deployment authentication and fraud detectionof strong authentication, real-time fraud detection and comprehensive transaction capabilitiesmonitoring are cornerstones to a real solution FIs can deploy — today.This is achieved on a proven authentication and policy framework that spans userneeds across lines of business, geographies and internal employee controls, helpingsecure multi-channel transactions, internal systems and applications.Multilayer Security ApproachEntrust provides more than a simple one-step means of protecting the world’slargest and most respected financial institutions.This unique layered strategy enables financial institutions to quickly deploy and builda security framework that not only provides strong protection for customers acrossvaried lines of business but also evolves across multiple access channels (e.g., mobileand online) to provide end-users with a seamless, powerful solution that helpsenhance an FI’s market position.
  2. 2. Entrust Multilayered Security Approach Entrust’s multilayered approach leverages advanced security technology that are already successful for today’s top financial institutions. Strong Authentication Fraud Detection Transaction Verification One of the pillars of the Entrust Real-time fraud detection monitors Leverage out-of-band channels, solution, risk-based authentication both user behavior and Web-access including mobile devices, to increase identifies situational risks and behavior for 360-degree insight security during online transactions. adapts in real time. And Entrust’s to advanced fraud attack vectors. Asking customers to verify transactions comprehensive line of authenticators This visibility also provides the data — either all or those that meet a certain may be managed on a single platform, necessary for step-up authentication risk threshold — greatly reduces the providing the versatility to adapt as to increase security during risky or success of fraud attacks. This technique threat vectors evolve. suspicious transactions. is particularly adept at stopping man‑in‑the-browser malware attacks.ENTRUST IDENTITYGUARDENTERPRISE-WIDE AUTHENTICATION FRAMEWORKThe Entrust IdentityGuard software authentication platform is a comprehensive security framework that serves as the foundationof a complete layered security environment. The solution enables organizations to deploy strong, risk-based authentication toproperly secure banking customers. Self-Service Module Federation Module Physical/Logical Access Seamless Co-Deployment SOFTWARE AUTHENTICATION PLATFORM Mobile Security Advanced APIs Policy-Driven Server Comprehensive Integration EXTENSIBLE FRAMEWORK Password Mutual IP-Geolocation Device SMS Knowledge Scratch Pad Grid Mobile Transaction Digital OTP Tokens USB and Biometrics Authentication Authentication Based Verification Certificates SmartcardsEntrust’s management framework is unique in the market and drives significant value for financial institutions. This approach notonly helps manage all authentication needs, but also provides capabilities unique to the market.• Deploys to a single server • Federate internal and cloud-based applications• Co-deployment with existing authentication measures (e.g.,, Microsoft 365)• Simple integration and easy-to-use APIs • Reduce cost and maximize staff efficiency with an intuitive self-service module• Mobile, physical and logical authentication
  3. 3. SIMPLIFYING ARCHITECTUREBased on geographic location, customer type, transaction amounts, or even national and global regulatory mandates, financialinstitutions have unique requirements for authentication frameworks.Unfortunately, in many cases, these frameworks are tied to a specific application, location or even user-group. Entrust helpsfinancial institutions consolidate authentication technology across an entire enterprise. This smart approach helps solve thebiggest challenges of today’s security-conscious FIs.Compliance — Adapt to various international regulatory Empowering Global Workforce — Integrate a singlerequirements like FFIEC, Red Flags, etc. authentication management platform to provide physical and logical access for global enterprise security.End-User Needs — Meet authentication needs of diverseend-user groups (e.g., retail, wholesale, high net‑worth). Simplify Risk Management — Platform versatility enables quick migration to different authenticators.Multichannel Requirements — Meet authentication needsof various channels, particularly emerging platforms like Reduce Costs — Consolidating platforms and working frommobile and cloud. a common security policy framework streamlines security management and reduces the total cost of ownership.EMERGING PARADIGMS: MOBILE DEVICES, TABLETS & CLOUDWith financial institutions placing great emphasis on the security of customer identities and transactions, they’re also purposelycautious when leveraging new platforms or technology like mobile devices, tablets and cloud services. Entrust helps eliminatessecurity risks on emerging platforms by delivering proven capabilities that embrace innovative technology and provide enhancedconvenience to end-users — all without sacrificing security.Federation Capabilities — Provide secure single sign-on Mobile Technology — Leverage mobile devices and tablets(SSO) to cloud services and applications. as a strong authenticator to secure transactions and defeat advance malware.Real-Time Transaction Safeguards — Approve large-valuepayments or set up sweeps for a superior client experience. Application Security — Provide strong authentication for both internal and cloud-based applications.FLEXIBLE DEPLOYMENT & MIGRATIONOne of the most critical challenges of bank security is upgrading or migrating to new solutions to help address evolving attackvectors and defending against sophisticated malware trends. It’s important that a new authentication framework easily integratesinto existing application infrastructure.Entrust’s complete solution is offered in an on-premise model Understanding that FIs can’t realistically remove an existingand provides customers with a range of deployment options security solution, Entrust streamlines migration with a provento meet the needs of the most complex IT architecture. co-deployment model that helps reduce challenges during transition.In fact, both Entrust TransactionGuard and Entrust IdentityGuardincorporate native server-redundancy and disaster-recovery This rich deployment flexibility is built into a solutioncapabilities, and meet the most demanding scalability platform over time. Entrust’s integration expertise is bornrequirements across a range of disparate user groups, from collaborating with the world’s most trusted FIs for years,business applications and geographic locations. then defining the capabilities that enable proper deployment.
  4. 4. TRUE RISK-BASED AUTHENTICATIONAs online fraud increases in sophistication, organizations need to deploy proven solutions that help manage identity credentials —at both the initial login and throughout the session. As the risk of a transaction elevates, so should the strength of authentication.It’s important to remember, however, that a one‑size-fits-all approach to authentication is not appropriate for most customer orbusiness-banking environments.The Layered Approach Custom AuthenticationEntrust enables organizations to layer security — according The use of specific authenticators may be defined viato access requirements or the risk in a given transaction back-end policies that can be tailored per applications— across diverse users and applications. Entrust’s software and/or groups. A simple policy change may seamlessly adjustauthentication platform does not impact normal user the authentication behavior of all applications — instantly withbehavior or back-end applications, speeding deployment no front-end changes. Financial institutions may even mix andand helping to save money. match authenticators depending on specific customer needs. Scratch Pad Mobile Transaction SMS Verification Device Digital Authentication Certificates Knowledge Grid Based IP-Geolocation OTP Tokens Password USB and Smartcards Mutual SOFTWARE AUTHENTICATION PLATFORM Authentication BiometricsFigure 1: Entrust IdentityGuard provides one of the widest ranges of authentication capabilities on the market today.DEFENDING AGAINST MAN-IN-THE-BROWSER MALWAREEntrust’s comprehensive identity-based approach leverages the Entrust IdentityGuard software authentication platform and theEntrust TransactionGuard fraud detection solution to deliver multiple proven methods for defending against man-in-the-browserattacks, including such variants as ZeuS, SpyEye and Ice IX.Leveraging Secure Channels In cases where the transaction is legitimate, a transactionEntrust helps defeat man-in-the-browser attacks by signature is generated by Entrust’s mobile application. This tiesleveraging a different channel than the one being the transaction to the user’s identity, ensuring the bank thecompromised. Online- or mobile-banking applications processing transaction is acknowledged by the user.integrated with Entrust IdentityGuard can notify a user’ssmartphone to retrieve transaction details from their bank. Real-Time Fraud DetectionThe user may then verify the actual transaction details and An integrated zero-touch, risk-based approach, Entrust’sdecide whether or not to acknowledge. fraud detection platform helps defeat man-in-the-browser by analyzing transaction behavior and blocking transactionsIf the transaction is being tampered because of a or stepping-up authentication if such behavior is consideredcompromised desktop, the user may see it and immediately slightly abnormal — all in real time.stop the transaction, defeating the man-in-the-browser attack.
  5. 5. ENTRUST TRANSACTIONGUARDINTEGRATING REAL-TIME FRAUD DETECTIONEntrust TransactionGuard has evolved from a real-time, transaction-monitoring system to a state-of-the-art platform that blendsa number of approaches to form a true fraud model. This helps financial institutions detect fraud without invasive integration withexisting online applications, empowering organizations to quickly bring new applications to market without concern over theimpact of fraud monitoring.Unlike competitive offerings limited to transaction-based fraud detection, Entrust TransactionGuard analyzes all points ofinteraction across multiple channels, allowing organizations to gain a complete picture of potentially fraudulent behavior.Comprehensive Fraud Monitoring Step-Up SecurityThis proven solution provides detailed “front-door” Entrust provides real-time protection by transparentlymonitoring from the moment a user interacts with a specific monitoring user behavior to identify anomalies, thenchannel to full “in-session” analysis with the ability to monitor calculating the risk associated with a particular transaction.both transactional data and underlying HTTP(S) access data. If a risk is identified, step-up authentication can be required —This information includes navigation speeds and patterns, leveraging Entrust IdentityGuard — to complete the transaction.IP address anomalies, and even detection of user-agentstrings and HTML-injection attacks. Proactive Safeguards High-risk transactions are managed according to businessZero-Touch Integration procedure and the level of risk in real time. Alert generation,Quickly introduce new applications and start monitoring case reporting and workflow tools enable an organization tofraud rapidly. With a proven zero-touch approach, there’s investigate and stop fraudulent transactions before they clearno software to deploy and direct integration to banking or approve legitimate business, without impacting the user —applications is unnecessary. all necessary tools to help stop man-in-the-browser attacks.Rich API AbilitiesFor organizations with challenging data center requirements,application nuances or a need to integrate external systemdata, Entrust TransactionGuard supports rich fraud APIs thatenable transactional data, external feeds or third-party fraudalerts to be injected into the fraud model. SOLUTION ARCHITECTURE DIAGRAMFigure 2: Entrust provides a proven architecture that delivers real-time fraud detection, risk-based authentication and critical information-sharing capabilities.
  6. 6. MOBILE SECURITYEntrust IdentityGuard enables financial institutions to leverage mobile devices to achieve greater efficiency in all environments.Entrust provides mobile security capabilities via distinct solution areas — mobile device authentication, transaction verification,mobile smart credentials, and transparent authentication technology with an advanced software development kit.These Entrust IdentityGuard capabilities help organizations and financial institutions strongly authenticate consumer and businesscustomers without requiring specialized security hardware such as one-time-passcode (OTP) hardware tokens.Broad Platform & Integration Support Easy-To-Use SDKEntrust IdentityGuard features software-based, Entrust’s easy-to-use software development kit (SDK) helpsone‑time‑passcode authentication, as well as out-of-band you create customized mobile authentication applicationstransaction verification, on today’s leading mobile platforms, tailored to the requirements of your specific environment.including Apple iOS, RIM BlackBerry, Google Android andMicrosoft Windows Mobile (6.0-6.5). SECURES ACCESS TO CORPORATE RESOURCES Tablets Laptops Smartphones PROVIDES AUTHENTICATION VIA MOBILE DEVICES Soft Token OTP Digital Certificates Mobile SMS EMBEDS SECURITY WITHIN FOR MOBILE SECURITY MOBILE APPS/DEVICES Tablets SmartphonesFigure 3: Entrust IdentityGuard helps financial institutions leverage the convenience of mobile devices in a manner that is safe, secure and reduces opportunity for attack.More InformationThe smart choice for properly securing digital identities and information, Entrust solutions represent the right balancebetween affordability, expertise and service. Discover how this will benefit you by contacting us at 888.690.2424 orvia email at EntrustA trusted provider of identity-based security solutions, Entrust empowers governments, enterprises and financial institutions in more than 5,000 organizationsspanning 85 countries. Entrust’s award-winning software authentication platforms manage today’s most secure identity credentials, addressing customer pain pointsfor cloud and mobile security, physical and logical access, citizen eID initiatives, certificate management and SSL. For more information about Entrust products andservices, call 888-690-2424, email or visit is a registered trademark of Entrust, Inc. in the United States and certain other countries. In Canada, Entrust is a registered trademark of Entrust Limited. All other Entrust product names and servicenames are trademarks or registered trademarks of Entrust, Inc. or Entrust Limited in certain countries. All other company names, product names and logos are trademarks or registered trademarks of theirrespective owners. © 2012 Entrust. All rights reserved. 22605/5-12