SlideShare a Scribd company logo

Multi-factor Authentication for dummies part 2: Adaptive Risk-Based MFA

Download as PPTX, PDF
TransUnion
TransUnion

Webinar explores how Risk-Based Authentication works and how it's redefining the way consumers interact with your business. View the recording at https://www.iovation.com/news/events/adaptive-risk-based-mfa

Technology
1 of 35
MFA FOR DUMMIES SESSION #2: ADAPTIVE, RISK-BASED MFA MFA FOR DUMMIES SESSION 2 of 3 MICHAEL THELANDER / SR DIRECTOR OF PRODUCT MARKETING
2
3 1. Understand new concepts 2. Learn without pressure 3. Apply new ideas to old and persistent problems A way to….NO!
4 1 Go to https://www.iovation.com/resources/webinars
5 3 Register for the January 23rd Live Webinar
6 2
AGENDA 7 “DECENTRALIZATION” AND RISK?? THE “THREE CS” OF MFA CUSTOMIZING AROUND RISK TAKEAWAYS (AND YOUR FREE BOOK)
“DECENTRALIZATION” AND RISK? (IS “DECENTRALIZATION” A WORD? OR DID YOU MAKE IT UP? )
9 WHAT’S DECENTRALIZAZTION ABOUT? A D E F I N I T I O N
10 WHAT’S DECENTRALIZAZTION ABOUT? A N O T H E R W A Y O F L O O K I N G A T “ D E F E N S E I N D E P T H ”
11 WHAT’S DECENTRALIZATION ABOUT? R E P L A C I N G T H E C U R R E N T P A R A D I G M  Difficult to deliver “true” MFA  Compromising one authentication process compromises all processes  One data store exists for all credentials or tokens  Credentials and tokens exist uniquely for each user  Not accessible through a centralized data store  Not susceptible to massive breach and exploitation DARK WEB
12 Where criminals buy credentials and tokens Yahoo! lost data from 500 million accounts in 2014…. To add to the 1 billion accounts compromised in 2013…. And later admitted that all 3 billion accounts may be affected. Last May, 560 million records were discovered in a cleartext online database Not just passwords: medical info, addresses, email, Netflix info http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
13 WHAT’S DECENTRALIZAZTION ABOUT? S T O P P I N G A T T A C K S L I K E M I T M A N D A T O Mobile App 1 Site 2Attacker THE PROBLEM IN A MOBILE APP CONTEXT
THE THREE CS OF MFA ONE OF THE MOST IMPORTANT CONCEPTS IN THE BOOK
15 DEFINING MULTIFACTOR AUTHENTICATION S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N Something you KNOW
16 DEFINING MULTIFACTOR AUTHENTICATION S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N Something you KNOW Something you ARE Identity verified
17 DEFINING MULTIFACTOR AUTHENTICATION S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N Something you KNOW Something you ARE Something you HAVE
18 DEFINING MULTIFACTOR AUTHENTICATION S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N Identity verified + +
19 DEFINING MULTIFACTOR AUTHENTICATION S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N
20  Contextual  Continuous  Complementary THE THREE Cs O F T R U E M U L T I F A C T O R A U T H E N T I C A T I O N LOGIN CHANGE ACCOUNTDETAILSCHECKBALANCES TRANSFER MONEY ACCOUNTCREATION / LOAN ORIGINATION MAKE OR SCHEDULE DEPOSITS PAY BILLS IOVATION FRAUDFORCE FRAUDFORCE FRAUDFORCE ANTI-FRAUD USERNAME / PWD (or TOKEN Backup) MOBILE MFA + +
21 KEY CONCEPTS “CONTINUOUS ADAPTIVE RISK AND TRUST ASSESSMENT”
CUSTOMIZING AROUND RISK (“YES, YOU HAVE THE RIGHT PIN CODE. BUT NO, YOU CAN’T GET IN.”)
23 THE DNA OF A DEVICE HUNDREDS OF DEVICE ATTRIBUTES COMBINE TO CREATE A DIGITAL FINGERPRINT
24  WiFi (or Bluetooth) MAC Address  Network configuration  iOS Device Model  Battery level / AC mode  Device orientation  File system size  Physical memory  Number attached accessories  Has proximity sensor?  Screen brightness and resolution  System uptime  iOS Device Name (MD5 Hash)  OS Name and/or version  Device advertising UUID  Kernel version  iCloud Ubiquity Token  Application Vendor UUID /name/vers  Is Simulator? THE DNA OF A DEVICE HUNDREDS OF DEVICE ATTRIBUTES COMBINE TO CREATE A DIGITAL FINGERPRINT  Locale language / currency code  WiFi MAC Address  Bluetooth MAC Address  Network configuration  Is plugged in?  Device orientation  File system size  Physical memory  CPU Type  CPU count  CPU Speed  Screen brightness  Screen resolution  System uptime  iOS Device Name (MD5 Hash)  Device advertising UUID  Current latitude  Current longitude  Current altitude  Application Vendor UUID  Bundle ID  Application Version  Application name  Process name  Executable name  Application orientation  Locale language code  Locale currency code  Are location services enabled?  Time zone  Currently registered radio technology  Carrier name  Carrier ISO country code  Carrier mobile country code  Carrier mobile network code  Does carrier allow VOIP?The attributes that let us recognize a device also allow us to see and respond to risk
25 RISK INSIGHT FROM THE USER’S DEVICE EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch POSITIVE RULES TRIGGERED NEGATIVE RULES TRIGGERED
26 RISK INSIGHT FROM THE USER’S DEVICE EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch +1000 POSITIVE RULES TRIGGERED NEGATIVE RULES TRIGGERED
27 RISK INSIGHT FROM THE USER’S DEVICE EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch POSITIVE RULES TRIGGERED NEGATIVE RULES TRIGGERED +200 Watch ListsVelocity ISP Watch List Transactions per Account IP Address Range List Global Trans Device Velocity Email Domain List Countries Per Acct or Device Browser Language Trans per IP/Device/Acct ISP Organization List $S Value per Device or Acct Device Type List Devices per Account
28 RISK INSIGHT FROM THE USER’S DEVICE EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch POSITIVE RULES TRIGGERED NEGATIVE RULES TRIGGERED 0 Watch ListsVelocity ISP Watch List Transactions per Account IP Address Range List Global Trans Device Velocity Email Domain List Countries Per Acct or Device Browser Language Trans per IP/Device/Acct ISP Organization List $S Value per Device or Acct Device Type List Devices per Account Watch Lists ISP Watch List IP Address Range List Email Domain List Browser Language ISP Organization List Device Type List PIN +
29 RISK INSIGHT FROM THE USER’S DEVICE EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch POSITIVE RULES TRIGGERED NEGATIVE RULES TRIGGERED -1000 Watch ListsVelocity ISP Watch List Transactions per Account IP Address Range List Global Trans Device Velocity Email Domain List Countries Per Acct or Device Browser Language Trans per IP/Device/Acct ISP Organization List $S Value per Device or Acct Device Type List Devices per Account Watch Lists ISP Watch List IP Address Range List Email Domain List Browser Language ISP Organization List Device Type List Watch Lists Device Type List Call Customer Service
30 HOW DO I CUSTOMIZE ALL THIS IN MY APPS? H O W D O W E C R E A T E A L L T H O S E F A N C Y M E T H O D S ? LaunchKey Developer’s Guides
31 HOW DO I CUSTOMIZE ALL THIS IN MY APPS? H O W D O W E B U I L D A L L T H O S E F A N C Y A U T H M E T H O D S ? BRING IN YOUR MOBILE APP DEVELOPERS AND YOUR INFOSEC EXPERTS
TAKEAWAYS AND YOUR FREE BOOK
33 MFA For Dummies can help your teams understand the value of decentralizing the auth process Dynamic adaptation is key to creating strong but user-friendly workflows Risk-based mobile multifactor authentication is accessible possible … when teams align Personalizing the user’s authentication experience is easy and delivers tremendous benefits How do I get my book?!
34 iovation.com/dummie s Go to to request a free copy! SESSION #3 • January 23 • Live webinar • “Top 10 MFA Buying Criteria”
QUESTIONS ? www.iovation.com @TheOtherMichael SENIOR DIRECTOR OF PRODUCT MARKETING MICHAEL THELANDER michael.thelander@iovation.com 503.943.6700

Recommended

[Webinar] Does that device smell fishy? Why device risk is an essential eleme...
[Webinar] Does that device smell fishy? Why device risk is an essential eleme...[Webinar] Does that device smell fishy? Why device risk is an essential eleme...
[Webinar] Does that device smell fishy? Why device risk is an essential eleme...TransUnion
 
Gartner IAM Summit 2017 | Critical Insight: How Device Insight Drives Dynami...
Gartner IAM Summit 2017 | Critical Insight: How Device Insight Drives Dynami...Gartner IAM Summit 2017 | Critical Insight: How Device Insight Drives Dynami...
Gartner IAM Summit 2017 | Critical Insight: How Device Insight Drives Dynami...Michael Thelander
 
Authentifusion: Clarifying the Future of User Authentication
Authentifusion: Clarifying the Future of User AuthenticationAuthentifusion: Clarifying the Future of User Authentication
Authentifusion: Clarifying the Future of User AuthenticationKelly Colbert
 
The When, Why and How of Mobile Fraud Prevention
The When, Why and How of Mobile Fraud Prevention The When, Why and How of Mobile Fraud Prevention
The When, Why and How of Mobile Fraud Prevention TransUnion
 
The Consumerization of Authentication with iovation
The Consumerization of Authentication with iovationThe Consumerization of Authentication with iovation
The Consumerization of Authentication with iovationTransUnion
 
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...TransUnion
 
Creating a Winning Experience While Battling Online Fraud
Creating a Winning Experience While Battling Online FraudCreating a Winning Experience While Battling Online Fraud
Creating a Winning Experience While Battling Online FraudTransUnion
 
Lunch and Learn: MFA vs 2FA Just A Numbers Game, or Real Value?
Lunch and Learn: MFA vs 2FA Just A Numbers Game, or Real Value?Lunch and Learn: MFA vs 2FA Just A Numbers Game, or Real Value?
Lunch and Learn: MFA vs 2FA Just A Numbers Game, or Real Value?TransUnion
 

Recommended

[Webinar] Does that device smell fishy? Why device risk is an essential eleme...
[Webinar] Does that device smell fishy? Why device risk is an essential eleme...[Webinar] Does that device smell fishy? Why device risk is an essential eleme...
[Webinar] Does that device smell fishy? Why device risk is an essential eleme...TransUnion
 
Gartner IAM Summit 2017 | Critical Insight: How Device Insight Drives Dynami...
Gartner IAM Summit 2017 | Critical Insight: How Device Insight Drives Dynami...Gartner IAM Summit 2017 | Critical Insight: How Device Insight Drives Dynami...
Gartner IAM Summit 2017 | Critical Insight: How Device Insight Drives Dynami...Michael Thelander
 
Authentifusion: Clarifying the Future of User Authentication
Authentifusion: Clarifying the Future of User AuthenticationAuthentifusion: Clarifying the Future of User Authentication
Authentifusion: Clarifying the Future of User AuthenticationKelly Colbert
 
The When, Why and How of Mobile Fraud Prevention
The When, Why and How of Mobile Fraud Prevention The When, Why and How of Mobile Fraud Prevention
The When, Why and How of Mobile Fraud Prevention TransUnion
 
The Consumerization of Authentication with iovation
The Consumerization of Authentication with iovationThe Consumerization of Authentication with iovation
The Consumerization of Authentication with iovationTransUnion
 
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...TransUnion
 
Creating a Winning Experience While Battling Online Fraud
Creating a Winning Experience While Battling Online FraudCreating a Winning Experience While Battling Online Fraud
Creating a Winning Experience While Battling Online FraudTransUnion
 
Lunch and Learn: MFA vs 2FA Just A Numbers Game, or Real Value?
Lunch and Learn: MFA vs 2FA Just A Numbers Game, or Real Value?Lunch and Learn: MFA vs 2FA Just A Numbers Game, or Real Value?
Lunch and Learn: MFA vs 2FA Just A Numbers Game, or Real Value?TransUnion
 
Critical Insight: How Device Risk Delivers Dynamic MFACharlotte 20
Critical Insight: How Device Risk Delivers Dynamic MFACharlotte 20Critical Insight: How Device Risk Delivers Dynamic MFACharlotte 20
Critical Insight: How Device Risk Delivers Dynamic MFACharlotte 20Michael Thelander
 
Lunch and Learn: Recognising the Good Guys
Lunch and Learn: Recognising the Good GuysLunch and Learn: Recognising the Good Guys
Lunch and Learn: Recognising the Good GuysTransUnion
 
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...TransUnion
 
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...TransUnion
 
Authentifusion: Clarifying the Future of User Authentication
Authentifusion: Clarifying the Future of User AuthenticationAuthentifusion: Clarifying the Future of User Authentication
Authentifusion: Clarifying the Future of User AuthenticationTransUnion
 
Authentifusion: Clarifying the Future of Customer Authentication
Authentifusion: Clarifying the Future of Customer AuthenticationAuthentifusion: Clarifying the Future of Customer Authentication
Authentifusion: Clarifying the Future of Customer AuthenticationMichael Thelander
 
Dynamic authentication rollin'
Dynamic authentication rollin'Dynamic authentication rollin'
Dynamic authentication rollin'TransUnion
 
Working at the Margins: Change Agents in the Converged World (Gartner Report ...
Working at the Margins: Change Agents in the Converged World (Gartner Report ...Working at the Margins: Change Agents in the Converged World (Gartner Report ...
Working at the Margins: Change Agents in the Converged World (Gartner Report ...TransUnion
 
Lunch and Learn: Fraud Trends in Financial Services
Lunch and Learn: Fraud Trends in Financial ServicesLunch and Learn: Fraud Trends in Financial Services
Lunch and Learn: Fraud Trends in Financial ServicesTransUnion
 
iovation's Dynamic Authentication Suite
iovation's Dynamic Authentication Suiteiovation's Dynamic Authentication Suite
iovation's Dynamic Authentication SuiteMichael Thelander
 
Lunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to PreventionLunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to PreventionTransUnion
 
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Denis Gorchakov
 
Risk-Based Approach to Deployment of Omnichannel Biometrics in Sberbank
Risk-Based Approach to Deployment of Omnichannel Biometrics in SberbankRisk-Based Approach to Deployment of Omnichannel Biometrics in Sberbank
Risk-Based Approach to Deployment of Omnichannel Biometrics in SberbankPriyanka Aash
 
(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013STO STRATEGY
 
Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)
Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)
Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)TransUnion
 
2016-09-14 IT Security What You Need to Know
2016-09-14 IT Security What You Need to Know2016-09-14 IT Security What You Need to Know
2016-09-14 IT Security What You Need to KnowRaffa Learning Community
 
2015-03-24 IT Security - What You Need to Know
2015-03-24 IT Security - What You Need to Know2015-03-24 IT Security - What You Need to Know
2015-03-24 IT Security - What You Need to KnowRaffa Learning Community
 
2017-03-30 IT Security - What You Need To Know
2017-03-30 IT Security - What You Need To Know2017-03-30 IT Security - What You Need To Know
2017-03-30 IT Security - What You Need To KnowRaffa Learning Community
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101OneLogin
 
Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldCyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldUniversity of Hertfordshire
 
Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...
Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...
Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...TransUnion
 
A New Imperative: Global Privacy and Data Strategies
A New Imperative: Global Privacy and Data StrategiesA New Imperative: Global Privacy and Data Strategies
A New Imperative: Global Privacy and Data StrategiesTransUnion
 

More Related Content

Similar to Multi-factor Authentication for dummies part 2: Adaptive Risk-Based MFA

Critical Insight: How Device Risk Delivers Dynamic MFACharlotte 20
Critical Insight: How Device Risk Delivers Dynamic MFACharlotte 20Critical Insight: How Device Risk Delivers Dynamic MFACharlotte 20
Critical Insight: How Device Risk Delivers Dynamic MFACharlotte 20Michael Thelander
 
Lunch and Learn: Recognising the Good Guys
Lunch and Learn: Recognising the Good GuysLunch and Learn: Recognising the Good Guys
Lunch and Learn: Recognising the Good GuysTransUnion
 
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...TransUnion
 
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...TransUnion
 
Authentifusion: Clarifying the Future of User Authentication
Authentifusion: Clarifying the Future of User AuthenticationAuthentifusion: Clarifying the Future of User Authentication
Authentifusion: Clarifying the Future of User AuthenticationTransUnion
 
Authentifusion: Clarifying the Future of Customer Authentication
Authentifusion: Clarifying the Future of Customer AuthenticationAuthentifusion: Clarifying the Future of Customer Authentication
Authentifusion: Clarifying the Future of Customer AuthenticationMichael Thelander
 
Dynamic authentication rollin'
Dynamic authentication rollin'Dynamic authentication rollin'
Dynamic authentication rollin'TransUnion
 
Working at the Margins: Change Agents in the Converged World (Gartner Report ...
Working at the Margins: Change Agents in the Converged World (Gartner Report ...Working at the Margins: Change Agents in the Converged World (Gartner Report ...
Working at the Margins: Change Agents in the Converged World (Gartner Report ...TransUnion
 
Lunch and Learn: Fraud Trends in Financial Services
Lunch and Learn: Fraud Trends in Financial ServicesLunch and Learn: Fraud Trends in Financial Services
Lunch and Learn: Fraud Trends in Financial ServicesTransUnion
 
iovation's Dynamic Authentication Suite
iovation's Dynamic Authentication Suiteiovation's Dynamic Authentication Suite
iovation's Dynamic Authentication SuiteMichael Thelander
 
Lunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to PreventionLunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to PreventionTransUnion
 
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Denis Gorchakov
 
Risk-Based Approach to Deployment of Omnichannel Biometrics in Sberbank
Risk-Based Approach to Deployment of Omnichannel Biometrics in SberbankRisk-Based Approach to Deployment of Omnichannel Biometrics in Sberbank
Risk-Based Approach to Deployment of Omnichannel Biometrics in SberbankPriyanka Aash
 
(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013STO STRATEGY
 
Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)
Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)
Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)TransUnion
 
2016-09-14 IT Security What You Need to Know
2016-09-14 IT Security What You Need to Know2016-09-14 IT Security What You Need to Know
2016-09-14 IT Security What You Need to KnowRaffa Learning Community
 
2015-03-24 IT Security - What You Need to Know
2015-03-24 IT Security - What You Need to Know2015-03-24 IT Security - What You Need to Know
2015-03-24 IT Security - What You Need to KnowRaffa Learning Community
 
2017-03-30 IT Security - What You Need To Know
2017-03-30 IT Security - What You Need To Know2017-03-30 IT Security - What You Need To Know
2017-03-30 IT Security - What You Need To KnowRaffa Learning Community
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101OneLogin
 

Similar to Multi-factor Authentication for dummies part 2: Adaptive Risk-Based MFA (20)

Critical Insight: How Device Risk Delivers Dynamic MFACharlotte 20
Critical Insight: How Device Risk Delivers Dynamic MFACharlotte 20Critical Insight: How Device Risk Delivers Dynamic MFACharlotte 20
Critical Insight: How Device Risk Delivers Dynamic MFACharlotte 20
 
Lunch and Learn: Recognising the Good Guys
Lunch and Learn: Recognising the Good GuysLunch and Learn: Recognising the Good Guys
Lunch and Learn: Recognising the Good Guys
 
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
 
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...
 
Authentifusion: Clarifying the Future of User Authentication
Authentifusion: Clarifying the Future of User AuthenticationAuthentifusion: Clarifying the Future of User Authentication
Authentifusion: Clarifying the Future of User Authentication
 
Authentifusion: Clarifying the Future of Customer Authentication
Authentifusion: Clarifying the Future of Customer AuthenticationAuthentifusion: Clarifying the Future of Customer Authentication
Authentifusion: Clarifying the Future of Customer Authentication
 
Dynamic authentication rollin'
Dynamic authentication rollin'Dynamic authentication rollin'
Dynamic authentication rollin'
 
Working at the Margins: Change Agents in the Converged World (Gartner Report ...
Working at the Margins: Change Agents in the Converged World (Gartner Report ...Working at the Margins: Change Agents in the Converged World (Gartner Report ...
Working at the Margins: Change Agents in the Converged World (Gartner Report ...
 
Lunch and Learn: Fraud Trends in Financial Services
Lunch and Learn: Fraud Trends in Financial ServicesLunch and Learn: Fraud Trends in Financial Services
Lunch and Learn: Fraud Trends in Financial Services
 
iovation's Dynamic Authentication Suite
iovation's Dynamic Authentication Suiteiovation's Dynamic Authentication Suite
iovation's Dynamic Authentication Suite
 
Lunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to PreventionLunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
Lunch and Learn: Patterns of Fraud - Your Blueprint to Prevention
 
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
 
Risk-Based Approach to Deployment of Omnichannel Biometrics in Sberbank
Risk-Based Approach to Deployment of Omnichannel Biometrics in SberbankRisk-Based Approach to Deployment of Omnichannel Biometrics in Sberbank
Risk-Based Approach to Deployment of Omnichannel Biometrics in Sberbank
 
(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013
 
Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)
Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)
Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)
 
2016-09-14 IT Security What You Need to Know
2016-09-14 IT Security What You Need to Know2016-09-14 IT Security What You Need to Know
2016-09-14 IT Security What You Need to Know
 
2015-03-24 IT Security - What You Need to Know
2015-03-24 IT Security - What You Need to Know2015-03-24 IT Security - What You Need to Know
2015-03-24 IT Security - What You Need to Know
 
2017-03-30 IT Security - What You Need To Know
2017-03-30 IT Security - What You Need To Know2017-03-30 IT Security - What You Need To Know
2017-03-30 IT Security - What You Need To Know
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
 
Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldCyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile World
 

More from TransUnion

Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...
Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...
Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...TransUnion
 
A New Imperative: Global Privacy and Data Strategies
A New Imperative: Global Privacy and Data StrategiesA New Imperative: Global Privacy and Data Strategies
A New Imperative: Global Privacy and Data StrategiesTransUnion
 
The Business Imperative for Identity, Trust and Data Stewardship
The Business Imperative for Identity, Trust and Data StewardshipThe Business Imperative for Identity, Trust and Data Stewardship
The Business Imperative for Identity, Trust and Data StewardshipTransUnion
 
2020 i gaming report webinar
2020 i gaming report webinar 2020 i gaming report webinar
2020 i gaming report webinar TransUnion
 
Financial services report webinar v4
Financial services report webinar v4Financial services report webinar v4
Financial services report webinar v4TransUnion
 
Webinar: Roll Out the VIP Path to Play
Webinar: Roll Out the VIP Path to PlayWebinar: Roll Out the VIP Path to Play
Webinar: Roll Out the VIP Path to PlayTransUnion
 
PSD2, SCA and the EBA’s Opinion on SCA – Decoded
PSD2, SCA and the EBA’s Opinion on SCA – DecodedPSD2, SCA and the EBA’s Opinion on SCA – Decoded
PSD2, SCA and the EBA’s Opinion on SCA – DecodedTransUnion
 
Combating Social Engineering and Account Takeover by a Former U.S. Cybercriminal
Combating Social Engineering and Account Takeover by a Former U.S. CybercriminalCombating Social Engineering and Account Takeover by a Former U.S. Cybercriminal
Combating Social Engineering and Account Takeover by a Former U.S. CybercriminalTransUnion
 
How Confused.com and iovation Fight Ghost Broking
How Confused.com and iovation Fight Ghost BrokingHow Confused.com and iovation Fight Ghost Broking
How Confused.com and iovation Fight Ghost BrokingTransUnion
 
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...TransUnion
 
The Insurance Digital Revolution Has a Fraud Problem
The Insurance Digital Revolution Has a Fraud ProblemThe Insurance Digital Revolution Has a Fraud Problem
The Insurance Digital Revolution Has a Fraud ProblemTransUnion
 
PSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in EuropePSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in EuropeTransUnion
 
How E-Commerce Providers Can Remove ATO from Their Carts
How E-Commerce Providers Can Remove ATO from Their CartsHow E-Commerce Providers Can Remove ATO from Their Carts
How E-Commerce Providers Can Remove ATO from Their CartsTransUnion
 
2019 iovation Gambling Industry Report Highlights
2019 iovation Gambling Industry Report Highlights2019 iovation Gambling Industry Report Highlights
2019 iovation Gambling Industry Report HighlightsTransUnion
 
Nice Try, ATO: Use Customers’ Devices to Transparently Enhance Account Security
Nice Try, ATO: Use Customers’ Devices to Transparently Enhance Account SecurityNice Try, ATO: Use Customers’ Devices to Transparently Enhance Account Security
Nice Try, ATO: Use Customers’ Devices to Transparently Enhance Account SecurityTransUnion
 
Definitive Guide to Next-generation Fraud Prevention: Techniques for the Mobi...
Definitive Guide to Next-generation Fraud Prevention: Techniques for the Mobi...Definitive Guide to Next-generation Fraud Prevention: Techniques for the Mobi...
Definitive Guide to Next-generation Fraud Prevention: Techniques for the Mobi...TransUnion
 
Battling Credit Write-Offs by Identifying Synthetic Identity (Gartner Report ...
Battling Credit Write-Offs by Identifying Synthetic Identity (Gartner Report ...Battling Credit Write-Offs by Identifying Synthetic Identity (Gartner Report ...
Battling Credit Write-Offs by Identifying Synthetic Identity (Gartner Report ...TransUnion
 
4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPR4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPRTransUnion
 
Achieving both GDPR Compliance and a Positive Customer Experience
Achieving both GDPR Compliance and a Positive Customer ExperienceAchieving both GDPR Compliance and a Positive Customer Experience
Achieving both GDPR Compliance and a Positive Customer ExperienceTransUnion
 
Webinar Slides: 2018 iovation Gambling Industry Report
Webinar Slides: 2018 iovation Gambling Industry ReportWebinar Slides: 2018 iovation Gambling Industry Report
Webinar Slides: 2018 iovation Gambling Industry ReportTransUnion
 

More from TransUnion (20)

Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...
Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...
Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...
 
A New Imperative: Global Privacy and Data Strategies
A New Imperative: Global Privacy and Data StrategiesA New Imperative: Global Privacy and Data Strategies
A New Imperative: Global Privacy and Data Strategies
 
The Business Imperative for Identity, Trust and Data Stewardship
The Business Imperative for Identity, Trust and Data StewardshipThe Business Imperative for Identity, Trust and Data Stewardship
The Business Imperative for Identity, Trust and Data Stewardship
 
2020 i gaming report webinar
2020 i gaming report webinar 2020 i gaming report webinar
2020 i gaming report webinar
 
Financial services report webinar v4
Financial services report webinar v4Financial services report webinar v4
Financial services report webinar v4
 
Webinar: Roll Out the VIP Path to Play
Webinar: Roll Out the VIP Path to PlayWebinar: Roll Out the VIP Path to Play
Webinar: Roll Out the VIP Path to Play
 
PSD2, SCA and the EBA’s Opinion on SCA – Decoded
PSD2, SCA and the EBA’s Opinion on SCA – DecodedPSD2, SCA and the EBA’s Opinion on SCA – Decoded
PSD2, SCA and the EBA’s Opinion on SCA – Decoded
 
Combating Social Engineering and Account Takeover by a Former U.S. Cybercriminal
Combating Social Engineering and Account Takeover by a Former U.S. CybercriminalCombating Social Engineering and Account Takeover by a Former U.S. Cybercriminal
Combating Social Engineering and Account Takeover by a Former U.S. Cybercriminal
 
How Confused.com and iovation Fight Ghost Broking
How Confused.com and iovation Fight Ghost BrokingHow Confused.com and iovation Fight Ghost Broking
How Confused.com and iovation Fight Ghost Broking
 
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...
 
The Insurance Digital Revolution Has a Fraud Problem
The Insurance Digital Revolution Has a Fraud ProblemThe Insurance Digital Revolution Has a Fraud Problem
The Insurance Digital Revolution Has a Fraud Problem
 
PSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in EuropePSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in Europe
 
How E-Commerce Providers Can Remove ATO from Their Carts
How E-Commerce Providers Can Remove ATO from Their CartsHow E-Commerce Providers Can Remove ATO from Their Carts
How E-Commerce Providers Can Remove ATO from Their Carts
 
2019 iovation Gambling Industry Report Highlights
2019 iovation Gambling Industry Report Highlights2019 iovation Gambling Industry Report Highlights
2019 iovation Gambling Industry Report Highlights
 
Nice Try, ATO: Use Customers’ Devices to Transparently Enhance Account Security
Nice Try, ATO: Use Customers’ Devices to Transparently Enhance Account SecurityNice Try, ATO: Use Customers’ Devices to Transparently Enhance Account Security
Nice Try, ATO: Use Customers’ Devices to Transparently Enhance Account Security
 
Definitive Guide to Next-generation Fraud Prevention: Techniques for the Mobi...
Definitive Guide to Next-generation Fraud Prevention: Techniques for the Mobi...Definitive Guide to Next-generation Fraud Prevention: Techniques for the Mobi...
Definitive Guide to Next-generation Fraud Prevention: Techniques for the Mobi...
 
Battling Credit Write-Offs by Identifying Synthetic Identity (Gartner Report ...
Battling Credit Write-Offs by Identifying Synthetic Identity (Gartner Report ...Battling Credit Write-Offs by Identifying Synthetic Identity (Gartner Report ...
Battling Credit Write-Offs by Identifying Synthetic Identity (Gartner Report ...
 
4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPR4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPR
 
Achieving both GDPR Compliance and a Positive Customer Experience
Achieving both GDPR Compliance and a Positive Customer ExperienceAchieving both GDPR Compliance and a Positive Customer Experience
Achieving both GDPR Compliance and a Positive Customer Experience
 
Webinar Slides: 2018 iovation Gambling Industry Report
Webinar Slides: 2018 iovation Gambling Industry ReportWebinar Slides: 2018 iovation Gambling Industry Report
Webinar Slides: 2018 iovation Gambling Industry Report
 

Recently uploaded

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 

Recently uploaded (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 

Multi-factor Authentication for dummies part 2: Adaptive Risk-Based MFA

  • 1. MFA FOR DUMMIES SESSION #2: ADAPTIVE, RISK-BASED MFA MFA FOR DUMMIES SESSION 2 of 3 MICHAEL THELANDER / SR DIRECTOR OF PRODUCT MARKETING
  • 2. 2
  • 3. 3 1. Understand new concepts 2. Learn without pressure 3. Apply new ideas to old and persistent problems A way to….NO!
  • 5. 5 3 Register for the January 23rd Live Webinar
  • 6. 6 2
  • 7. AGENDA 7 “DECENTRALIZATION” AND RISK?? THE “THREE CS” OF MFA CUSTOMIZING AROUND RISK TAKEAWAYS (AND YOUR FREE BOOK)
  • 10. 10 WHAT’S DECENTRALIZAZTION ABOUT? A N O T H E R W A Y O F L O O K I N G A T “ D E F E N S E I N D E P T H ”
  • 11. 11 WHAT’S DECENTRALIZATION ABOUT? R E P L A C I N G T H E C U R R E N T P A R A D I G M  Difficult to deliver “true” MFA  Compromising one authentication process compromises all processes  One data store exists for all credentials or tokens  Credentials and tokens exist uniquely for each user  Not accessible through a centralized data store  Not susceptible to massive breach and exploitation DARK WEB
  • 12. 12 Where criminals buy credentials and tokens Yahoo! lost data from 500 million accounts in 2014…. To add to the 1 billion accounts compromised in 2013…. And later admitted that all 3 billion accounts may be affected. Last May, 560 million records were discovered in a cleartext online database Not just passwords: medical info, addresses, email, Netflix info http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
  • 13. 13 WHAT’S DECENTRALIZAZTION ABOUT? S T O P P I N G A T T A C K S L I K E M I T M A N D A T O Mobile App 1 Site 2Attacker THE PROBLEM IN A MOBILE APP CONTEXT
  • 14. THE THREE CS OF MFA ONE OF THE MOST IMPORTANT CONCEPTS IN THE BOOK
  • 15. 15 DEFINING MULTIFACTOR AUTHENTICATION S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N Something you KNOW
  • 16. 16 DEFINING MULTIFACTOR AUTHENTICATION S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N Something you KNOW Something you ARE Identity verified
  • 17. 17 DEFINING MULTIFACTOR AUTHENTICATION S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N Something you KNOW Something you ARE Something you HAVE
  • 18. 18 DEFINING MULTIFACTOR AUTHENTICATION S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N Identity verified + +
  • 19. 19 DEFINING MULTIFACTOR AUTHENTICATION S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N
  • 20. 20  Contextual  Continuous  Complementary THE THREE Cs O F T R U E M U L T I F A C T O R A U T H E N T I C A T I O N LOGIN CHANGE ACCOUNTDETAILSCHECKBALANCES TRANSFER MONEY ACCOUNTCREATION / LOAN ORIGINATION MAKE OR SCHEDULE DEPOSITS PAY BILLS IOVATION FRAUDFORCE FRAUDFORCE FRAUDFORCE ANTI-FRAUD USERNAME / PWD (or TOKEN Backup) MOBILE MFA + +
  • 21. 21 KEY CONCEPTS “CONTINUOUS ADAPTIVE RISK AND TRUST ASSESSMENT”
  • 22. CUSTOMIZING AROUND RISK (“YES, YOU HAVE THE RIGHT PIN CODE. BUT NO, YOU CAN’T GET IN.”)
  • 23. 23 THE DNA OF A DEVICE HUNDREDS OF DEVICE ATTRIBUTES COMBINE TO CREATE A DIGITAL FINGERPRINT
  • 24. 24  WiFi (or Bluetooth) MAC Address  Network configuration  iOS Device Model  Battery level / AC mode  Device orientation  File system size  Physical memory  Number attached accessories  Has proximity sensor?  Screen brightness and resolution  System uptime  iOS Device Name (MD5 Hash)  OS Name and/or version  Device advertising UUID  Kernel version  iCloud Ubiquity Token  Application Vendor UUID /name/vers  Is Simulator? THE DNA OF A DEVICE HUNDREDS OF DEVICE ATTRIBUTES COMBINE TO CREATE A DIGITAL FINGERPRINT  Locale language / currency code  WiFi MAC Address  Bluetooth MAC Address  Network configuration  Is plugged in?  Device orientation  File system size  Physical memory  CPU Type  CPU count  CPU Speed  Screen brightness  Screen resolution  System uptime  iOS Device Name (MD5 Hash)  Device advertising UUID  Current latitude  Current longitude  Current altitude  Application Vendor UUID  Bundle ID  Application Version  Application name  Process name  Executable name  Application orientation  Locale language code  Locale currency code  Are location services enabled?  Time zone  Currently registered radio technology  Carrier name  Carrier ISO country code  Carrier mobile country code  Carrier mobile network code  Does carrier allow VOIP?The attributes that let us recognize a device also allow us to see and respond to risk
  • 25. 25 RISK INSIGHT FROM THE USER’S DEVICE EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch POSITIVE RULES TRIGGERED NEGATIVE RULES TRIGGERED
  • 26. 26 RISK INSIGHT FROM THE USER’S DEVICE EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch +1000 POSITIVE RULES TRIGGERED NEGATIVE RULES TRIGGERED
  • 27. 27 RISK INSIGHT FROM THE USER’S DEVICE EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch POSITIVE RULES TRIGGERED NEGATIVE RULES TRIGGERED +200 Watch ListsVelocity ISP Watch List Transactions per Account IP Address Range List Global Trans Device Velocity Email Domain List Countries Per Acct or Device Browser Language Trans per IP/Device/Acct ISP Organization List $S Value per Device or Acct Device Type List Devices per Account
  • 28. 28 RISK INSIGHT FROM THE USER’S DEVICE EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch POSITIVE RULES TRIGGERED NEGATIVE RULES TRIGGERED 0 Watch ListsVelocity ISP Watch List Transactions per Account IP Address Range List Global Trans Device Velocity Email Domain List Countries Per Acct or Device Browser Language Trans per IP/Device/Acct ISP Organization List $S Value per Device or Acct Device Type List Devices per Account Watch Lists ISP Watch List IP Address Range List Email Domain List Browser Language ISP Organization List Device Type List PIN +
  • 29. 29 RISK INSIGHT FROM THE USER’S DEVICE EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch POSITIVE RULES TRIGGERED NEGATIVE RULES TRIGGERED -1000 Watch ListsVelocity ISP Watch List Transactions per Account IP Address Range List Global Trans Device Velocity Email Domain List Countries Per Acct or Device Browser Language Trans per IP/Device/Acct ISP Organization List $S Value per Device or Acct Device Type List Devices per Account Watch Lists ISP Watch List IP Address Range List Email Domain List Browser Language ISP Organization List Device Type List Watch Lists Device Type List Call Customer Service
  • 30. 30 HOW DO I CUSTOMIZE ALL THIS IN MY APPS? H O W D O W E C R E A T E A L L T H O S E F A N C Y M E T H O D S ? LaunchKey Developer’s Guides
  • 31. 31 HOW DO I CUSTOMIZE ALL THIS IN MY APPS? H O W D O W E B U I L D A L L T H O S E F A N C Y A U T H M E T H O D S ? BRING IN YOUR MOBILE APP DEVELOPERS AND YOUR INFOSEC EXPERTS
  • 33. 33 MFA For Dummies can help your teams understand the value of decentralizing the auth process Dynamic adaptation is key to creating strong but user-friendly workflows Risk-based mobile multifactor authentication is accessible possible … when teams align Personalizing the user’s authentication experience is easy and delivers tremendous benefits How do I get my book?!
  • 34. 34 iovation.com/dummie s Go to to request a free copy! SESSION #3 • January 23 • Live webinar • “Top 10 MFA Buying Criteria”
  • 35. QUESTIONS ? www.iovation.com @TheOtherMichael SENIOR DIRECTOR OF PRODUCT MARKETING MICHAEL THELANDER michael.thelander@iovation.com 503.943.6700