BSides SF - Contact Center Authentication
•
1 like•382 views
You've built login for your application—maybe you even have 2FA—but what happens when a customer calls the support number listed on your website or product? Security teams and app developers have thought a lot about online authentication, but we haven't applied the same rigor to designing systems for authenticating over the phone.
Report
Share
Report
Share
Download to read offline
Recommended
Contact Center Authentication
You've built login for your application—maybe you even have 2FA—but what happens when a customer calls the support number listed on your website or product?
Security teams and app developers have thought a lot about online authentication, but we haven't applied the same rigor to designing systems for authenticating over the phone. At Twilio, product and engineering teams have spent the last year thinking about this problem and how to make the experience better for both the customer and the call center agent. In that time, I've called dozens of contact centers to learn about how everyone from startups to Fortune 50 companies attempt to identify and authenticate the end user. This talk will take a look at that research and outline best practices you can use in your own call centers. You'll leave the session understanding what information should be made available to the agent and what kind of product features you can build into your web or mobile application that can facilitate phone authentication.
Authentication Beyond SMS
Passwords get pwned. SMS 2FA gets compromised. We spend time clicking stop signs just to convince computers we're human. All of this in an attempt to identify a user we will probably never personally know. It's a fascinating challenge and we're up to the task!
This talk will walk through new channels for identity management beyond email and SMS. Encrypted messaging apps like WhatsApp broaden our options for delivering tokens and secure communications but lack the seamless user experience of Push Authentication or the offline benefits of TOTP. We'll dive into the tradeoffs for these approaches and help you choose the approach that will best protect you and your customers from signup to account recovery.
Identity thefts
Identity theft involves someone stealing personal information such as names, addresses, social insurance numbers, credit card information, and other details to pretend to be someone else, often to access bank accounts, apply for loans or credit cards, make purchases, or hide criminal activities. Common signs of identity theft include unfamiliar accounts or transactions, credit denials, or missing money. If identity theft is suspected, one should report it to the police, notify banks and credit agencies, and monitor credit reports for fraud. Preventative measures include keeping information private, using passwords, not sharing devices on public WiFi, and reporting theft promptly. Identity theft increased 13% in 2011 compared to 2010, likely due to increased smartphone and social media use providing more opportunities for
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
Online Privacy… I would imagine that most everyone has something they would not like to have shared with the entire Internet. For some, this may be because of their job; for others it is so they can hide from their previous life. Still others may do it as a way to limit their exposure to attack. During this talk we will discuss techniques of how to hide your personal data from the Internet by the creation of alternate online identities (a.k.a. Sock puppets).
Identity Theft-How to Reduce Your Risk-03-16
This document provides information on identity theft risks and prevention strategies. It begins with a quiz to assess identity theft risk based on personal security habits. It then discusses common ways identity thieves steal information, such as through stolen mail, online data breaches, and improper disposal of personal documents. Specific identity theft risks like medical, tax, and child identity theft are covered. The document recommends numerous strategies to reduce identity theft risk, including shredding documents, minimizing carried personal information, monitoring credit reports, and being wary of phishing scams. Resources for responding to identity theft are also provided.
Common Consumer Frauds & How to Avoid Them
Dr. Barbara O'Neill of Rutgers University and Carol Kando-Pineda of the Federal Trade Commission will present this 90-minute session on behalf of the Military Families Learning Network on March 20 at 11 a.m. ET. More info: https://learn.extension.org/events/1500/
Common Consumer Frauds and How to Avoid Them-03-14
The document provides information on common consumer frauds and how to avoid them. It discusses identity theft in detail, including what it is, common forms of it, and how to reduce the risk. It also covers phishing scams, how to spot them, and examples. The document concludes by discussing investment fraud and provides tips to avoid schemes like cold calls, pump and dumps, pyramids, Ponzi schemes, and affinity fraud.
Not "If" but "When"
This document discusses identity theft, including:
1) A brief history of data breaches at Equifax, highlighting failures to install security patches that led to the theft of personal information of over 145 million consumers.
2) The challenges identity theft victims face in recovering, including stressful processes to stop damage, report crimes, and repair credit, which can cause emotional distress.
3) Tips for businesses to protect customer information, know applicable laws regarding data breaches and identity theft, and respond appropriately to security incidents by notifying affected individuals and credit bureaus.
Recommended
Contact Center Authentication
You've built login for your application—maybe you even have 2FA—but what happens when a customer calls the support number listed on your website or product?
Security teams and app developers have thought a lot about online authentication, but we haven't applied the same rigor to designing systems for authenticating over the phone. At Twilio, product and engineering teams have spent the last year thinking about this problem and how to make the experience better for both the customer and the call center agent. In that time, I've called dozens of contact centers to learn about how everyone from startups to Fortune 50 companies attempt to identify and authenticate the end user. This talk will take a look at that research and outline best practices you can use in your own call centers. You'll leave the session understanding what information should be made available to the agent and what kind of product features you can build into your web or mobile application that can facilitate phone authentication.
Authentication Beyond SMS
Passwords get pwned. SMS 2FA gets compromised. We spend time clicking stop signs just to convince computers we're human. All of this in an attempt to identify a user we will probably never personally know. It's a fascinating challenge and we're up to the task!
This talk will walk through new channels for identity management beyond email and SMS. Encrypted messaging apps like WhatsApp broaden our options for delivering tokens and secure communications but lack the seamless user experience of Push Authentication or the offline benefits of TOTP. We'll dive into the tradeoffs for these approaches and help you choose the approach that will best protect you and your customers from signup to account recovery.
Identity thefts
Identity theft involves someone stealing personal information such as names, addresses, social insurance numbers, credit card information, and other details to pretend to be someone else, often to access bank accounts, apply for loans or credit cards, make purchases, or hide criminal activities. Common signs of identity theft include unfamiliar accounts or transactions, credit denials, or missing money. If identity theft is suspected, one should report it to the police, notify banks and credit agencies, and monitor credit reports for fraud. Preventative measures include keeping information private, using passwords, not sharing devices on public WiFi, and reporting theft promptly. Identity theft increased 13% in 2011 compared to 2010, likely due to increased smartphone and social media use providing more opportunities for
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
Online Privacy… I would imagine that most everyone has something they would not like to have shared with the entire Internet. For some, this may be because of their job; for others it is so they can hide from their previous life. Still others may do it as a way to limit their exposure to attack. During this talk we will discuss techniques of how to hide your personal data from the Internet by the creation of alternate online identities (a.k.a. Sock puppets).
Identity Theft-How to Reduce Your Risk-03-16
This document provides information on identity theft risks and prevention strategies. It begins with a quiz to assess identity theft risk based on personal security habits. It then discusses common ways identity thieves steal information, such as through stolen mail, online data breaches, and improper disposal of personal documents. Specific identity theft risks like medical, tax, and child identity theft are covered. The document recommends numerous strategies to reduce identity theft risk, including shredding documents, minimizing carried personal information, monitoring credit reports, and being wary of phishing scams. Resources for responding to identity theft are also provided.
Common Consumer Frauds & How to Avoid Them
Dr. Barbara O'Neill of Rutgers University and Carol Kando-Pineda of the Federal Trade Commission will present this 90-minute session on behalf of the Military Families Learning Network on March 20 at 11 a.m. ET. More info: https://learn.extension.org/events/1500/
Common Consumer Frauds and How to Avoid Them-03-14
The document provides information on common consumer frauds and how to avoid them. It discusses identity theft in detail, including what it is, common forms of it, and how to reduce the risk. It also covers phishing scams, how to spot them, and examples. The document concludes by discussing investment fraud and provides tips to avoid schemes like cold calls, pump and dumps, pyramids, Ponzi schemes, and affinity fraud.
Not "If" but "When"
This document discusses identity theft, including:
1) A brief history of data breaches at Equifax, highlighting failures to install security patches that led to the theft of personal information of over 145 million consumers.
2) The challenges identity theft victims face in recovering, including stressful processes to stop damage, report crimes, and repair credit, which can cause emotional distress.
3) Tips for businesses to protect customer information, know applicable laws regarding data breaches and identity theft, and respond appropriately to security incidents by notifying affected individuals and credit bureaus.
ISSA - Security Awareness 2016-1
This document provides tips for improving personal security awareness. It discusses how individuals are targeted through malicious emails, attachments, and links. It emphasizes the importance of secure password management, vigilance when using public WiFi networks, and careful review of bank statements and credit reports. Proper handling of personal information and shredding documents is also covered to help protect against identity theft. The overall message is that security starts with the individual and being aware of potential risks.
Clio for Family Law Firms
The document discusses features of the legal practice management software Clio and how it can be customized for family law firms. It outlines how Clio can be integrated with other tools like FreshLegal and Zapier to create automated workflows for client intake and document generation. Key Clio features that help family law firms include client portals, matter budgets, campaign tracking, and tools to help with communications, calendaring, storage, and phones. Customization options involve custom fields, activity descriptions, task lists, and document automation templates.
Common Fraud Schemes - Presentation
A recent presentation I conducted on common Fraud Schemes, at the municipal level. Some great content within, however keep in mind these are just the overarching themes.
Fraud Identity Theft Skimming Police Law Enforcement
Identity Theft and How to Prevent Them in the Digital Age
Mr. Jamshed Masood who is a telecom sector executive provided information about how to identity thefts and how to prevent them in the digital age. He discussed the real definition of identity theft, its impact. Not only limited to this, respected speaker also gave the complete information of different types of identity thefts and their methods such as hacking, shoulder surfing. While discussing these thefts, light on prevention methodology to treat these kind of thefts was also given to the audience.
ASSET & ENCUMBRANCE INVESTIGATIONS
This document summarizes Jim Cronin's presentation on asset and encumbrance investigations to the Whatcom County Bar Association. Cronin has over 20 years of experience in law enforcement and private investigations. He outlined the steps of an asset investigation, including identifying the debtor, developing an address history, searching for assets and encumbrances, determining net attachable equity, and assessing feasibility of recovery. Cronin emphasized the importance of experience and provided tips for conducting thorough investigations into various asset types like real property, vehicles, and businesses.
2016 Secure World Expo - Security Awareness
The document provides tips for employees on security best practices. It discusses how individuals are targeted through phishing emails and malicious files. It recommends using strong, unique passwords and two-factor authentication. It also suggests being cautious of public Wi-Fi networks, checking bank statements regularly for fraudulent activity, and shredding documents with personal information. The presentation emphasizes that security starts with each individual and raising awareness of common social engineering techniques.
Identity Theft Presentation
The document discusses what identity theft is, how thieves can use stolen identities, and provides tips on how to prevent identity theft such as shredding documents, using strong passwords, monitoring credit reports, and filing a police report if your identity is stolen. It outlines common identity theft scams like dumpster diving, phishing, and social engineering and advises on protecting personal information.
Identity Theft: How to Reduce Your Risk
Dr. Barbara O'Neill and Carol Kando-Pineda, of the Federal Trade Commission, will present this 90-minute webinar on behalf of the Military Families Learning Network. This 90-minute webinar will include two sections: a general overview of identity theft and discussion about military-specific scams. Topics covered during the first section, presented by Dr. O’Neill, include a definition of identity theft, signs of identity theft, an identity theft risk assessment quiz, types of identity theft, how identity theft occurs, ways to reduce identity theft risk, phishing scams, proactive and reactive identity theft actions, and identity theft resources. Ms. Kando-Pineda plans to discuss getting help for identity theft victims, including the steps they need to take immediately, walking through the new features for consumers on Identitytheft.gov and how they help victims develop a recovery plan, get a heads-up on the latest “imposter” scams, and an update on the Military Consumer campaign and new resources on the way for the military community.
Cybersecurity for the non-technical
A set of security awareness raising slides you are free to use in your efforts to increase general public understanding of the subject.
Staying Secure Electronically
Presented to NALS Philadelphia in September, 2017. This presentation explores common data security risks and discusses basic steps you can take to protect yourself. Includes a quick review of Equifax, Experian, and TransUnion recent breaches.
Essay On Problems Of Load Shedding In Karachi
The disengagement theory of aging proposes that withdrawal from social roles is a natural part of aging. It suggests that as people get older, they gradually disengage from social relationships and activities and engage less with people and the world. This allows elderly people to retire from work roles and social responsibilities and prepares them psychologically for impending death. Critics argue that disengagement is not inevitable and is often a response to the barriers faced by elderly people rather than a natural part of aging.
Identity Theft nigerian fraud cyberbullying
This document provides a summary of an presentation on identity theft, Nigerian fraud, and cyberbullying. It discusses what identity theft is, how criminals obtain personal information, and steps to take if identity theft occurs. Nigerian fraud and some common variants like lottery and reshipping scams are described. Statistics on cyberbullying are presented, such as the most common forms and locations. Throughout, examples are given to illustrate the topics.
Identity Theft It's Devasting Impact
During this workshop, Mr. Taylor will be discussing
how this growing crime is affecting individuals, families and small businesses.
Never before has there been a greater need for understanding identity theft and its impact.
In the workshop you will:
• Learn what ID Theft is and how to minimize the devastating effects
• Be introduced to the major types of identity theft
• Learn how to better protect personal and small business information
• Learn about restoration services and credit monitoring plans
Cyber security and fl data breach
This document provides an overview of cyber security risks and Florida's data breach law. It discusses how cyber security is an oxymoron since data can never be 100% safe online. It outlines common cyber attack types like phishing, ransomware, and DDoS attacks. The document reviews incident response plans and legal requirements if a data breach occurs, including notifying authorities, preserving evidence, and disclosure obligations. It details provisions of Florida's data breach law, including requirements to notify impacted individuals and the Department of Legal Affairs for breaches over 500 people. Organizations are advised to have cyber security policies, training, backups, and insurance to help prevent and respond to potential data breaches.
Identity Theft: How to Avoid It
This was a presentation by Hewie Poplock on Tuesday, November 15th, 2016 in the Goodwill Manasota (FL) Ranch Lake Community Room, "How to Avoid Identity Theft".
A victim of identity theft himself, Hewie will provide examples of how ID theft can happen as well as suggestions and precautions on how to prevent you and your family from becoming victims of identity theft yourselves. Topics covered included:
• What is Identity Theft
• How ID Theft Happens
• How to Protect Yourself
• Phishing
• Data Breaches
• Facebook Spoofing
• Skimmers
• Security Freeze
• On Line Shopping Safety
• Credit Card Chips
• What to Do If You are a Victim
Hewie is a former teacher, college instructor, business owner and manager, IT Manager, and web designer. He is currently semi-retired, but is active in technology user groups and frequently speaks to and teaches groups who are mostly seniors. He holds a monthly Windows Special Interest Group for a group in Orlando and has several videos on YouTube. He is an active member of The Sarasota Technology User Group.
Fraud Awareness
Fraud awareness for companies and their employees covering legal aspects of securing confidential information, social engineering techiniques and what to look for in suspect emails.
Cyber security - Trend Micro
Cyber security is defending people, data, systems, programs, networks and mobiles from digital attacks. The document discusses why cyber security is important for both personal and business reasons. Cybercrime resulted in $1.5 trillion in revenues in 2018 according to FBI stats. For businesses, cyber attacks can result in costs from business interruption, loss of reputation, non-compliance penalties and changing privacy laws. Both businesses and individuals are encouraged to practice cyber safety by using protection solutions, avoiding clicking on suspicious links, and regularly changing passwords.
How to Prevent Identity Theft and Fraud
This workshop covers identity theft prevention. It defines identity theft and fraud, explains how personal information is commonly stolen through dumpster diving, mail theft, car break-ins, or financial institution fraud. Participants learn to protect themselves by shredding documents, monitoring records, and being wary of sharing information over the phone. Case studies demonstrate mistakes like improper document disposal, carrying all account numbers, and lending cards/PINs. Participants discuss prevention steps and what to do if identity theft occurs, such as checking credit reports for unusual activity.
How to Prevent ID Theft
The document discusses identity theft and ways that thieves steal personal information. It begins with defining identity theft and the common types, including child identity theft, tax identity theft, medical identity theft, and senior identity theft. It then discusses how identity theft can occur through stealing wallets and mail, rummaging through trash, online methods like phishing and social media, and using stolen information to make purchases or apply for loans in the victim's name. The document provides tips on protecting yourself such as being wary of emails asking for personal information, not sharing sensitive data over email, and monitoring accounts regularly for unauthorized activity.
A delightful way to teach kids about computers
Cybercrime is criminal activity carried out using computers or the internet, with the object of crimes including hacking, phishing, and spamming. In 2016, over 2 billion records were stolen or lost, and in 2015 100 million Americans lost health insurance cards. Most cybercrime, around 80%, originates from sophisticated criminal gangs, with the illegal cybercrime economy valued at $445 billion and larger than the GDP of 160 nations. Cybercriminals access users' data through Trojans in phishing emails, pop-up windows prompting calls to fake support numbers, and operating like legitimate online marketplaces selling malware and fake IDs. To curb cybercrime, organizations must share attack information rather than keeping it secret for competitive advantage
Protecting your phone verification flow from fraud & abuse
The document discusses SMS pumping fraud and how to prevent it. SMS pumping involves abusing phone verification systems to trigger a large number of SMS messages to generate revenue from mobile carriers. Attackers enroll phone numbers from different carriers, have one-time passwords sent to each number, and carriers share the resulting SMS revenue with the attackers. The document recommends ways for websites to protect against this fraud, such as adding CAPTCHAs, setting rate limits on messages to numbers, implementing delays between verification attempts, restricting destination countries, and monitoring OTP conversion rates.
Preventing phone verification fraud (SMS pumping)
In the last year we've seen a new type of fraud become more common where fraudsters attack phone verification forms with thousands of requests. This type of attack, known as SMS pumping, causes inflated traffic to your app with the intent to make money and not to steal information. Unfortunately this means you might be hit with higher than expected bills from your telecom provider if your application isn't designed to prevent it.
This talk will describe SMS pumping in more detail, including how it compares to similar attacks like IRSF and how fraudsters profit from this tactic. You'll learn strategies to prevent the attack and improve your phone verification workflow in the process, ensuring all of the benefits of phone number verification without unintended expenses.
More Related Content
Similar to BSides SF - Contact Center Authentication
ISSA - Security Awareness 2016-1
This document provides tips for improving personal security awareness. It discusses how individuals are targeted through malicious emails, attachments, and links. It emphasizes the importance of secure password management, vigilance when using public WiFi networks, and careful review of bank statements and credit reports. Proper handling of personal information and shredding documents is also covered to help protect against identity theft. The overall message is that security starts with the individual and being aware of potential risks.
Clio for Family Law Firms
The document discusses features of the legal practice management software Clio and how it can be customized for family law firms. It outlines how Clio can be integrated with other tools like FreshLegal and Zapier to create automated workflows for client intake and document generation. Key Clio features that help family law firms include client portals, matter budgets, campaign tracking, and tools to help with communications, calendaring, storage, and phones. Customization options involve custom fields, activity descriptions, task lists, and document automation templates.
Common Fraud Schemes - Presentation
A recent presentation I conducted on common Fraud Schemes, at the municipal level. Some great content within, however keep in mind these are just the overarching themes.
Fraud Identity Theft Skimming Police Law Enforcement
Identity Theft and How to Prevent Them in the Digital Age
Mr. Jamshed Masood who is a telecom sector executive provided information about how to identity thefts and how to prevent them in the digital age. He discussed the real definition of identity theft, its impact. Not only limited to this, respected speaker also gave the complete information of different types of identity thefts and their methods such as hacking, shoulder surfing. While discussing these thefts, light on prevention methodology to treat these kind of thefts was also given to the audience.
ASSET & ENCUMBRANCE INVESTIGATIONS
This document summarizes Jim Cronin's presentation on asset and encumbrance investigations to the Whatcom County Bar Association. Cronin has over 20 years of experience in law enforcement and private investigations. He outlined the steps of an asset investigation, including identifying the debtor, developing an address history, searching for assets and encumbrances, determining net attachable equity, and assessing feasibility of recovery. Cronin emphasized the importance of experience and provided tips for conducting thorough investigations into various asset types like real property, vehicles, and businesses.
2016 Secure World Expo - Security Awareness
The document provides tips for employees on security best practices. It discusses how individuals are targeted through phishing emails and malicious files. It recommends using strong, unique passwords and two-factor authentication. It also suggests being cautious of public Wi-Fi networks, checking bank statements regularly for fraudulent activity, and shredding documents with personal information. The presentation emphasizes that security starts with each individual and raising awareness of common social engineering techniques.
Identity Theft Presentation
The document discusses what identity theft is, how thieves can use stolen identities, and provides tips on how to prevent identity theft such as shredding documents, using strong passwords, monitoring credit reports, and filing a police report if your identity is stolen. It outlines common identity theft scams like dumpster diving, phishing, and social engineering and advises on protecting personal information.
Identity Theft: How to Reduce Your Risk
Dr. Barbara O'Neill and Carol Kando-Pineda, of the Federal Trade Commission, will present this 90-minute webinar on behalf of the Military Families Learning Network. This 90-minute webinar will include two sections: a general overview of identity theft and discussion about military-specific scams. Topics covered during the first section, presented by Dr. O’Neill, include a definition of identity theft, signs of identity theft, an identity theft risk assessment quiz, types of identity theft, how identity theft occurs, ways to reduce identity theft risk, phishing scams, proactive and reactive identity theft actions, and identity theft resources. Ms. Kando-Pineda plans to discuss getting help for identity theft victims, including the steps they need to take immediately, walking through the new features for consumers on Identitytheft.gov and how they help victims develop a recovery plan, get a heads-up on the latest “imposter” scams, and an update on the Military Consumer campaign and new resources on the way for the military community.
Cybersecurity for the non-technical
A set of security awareness raising slides you are free to use in your efforts to increase general public understanding of the subject.
Staying Secure Electronically
Presented to NALS Philadelphia in September, 2017. This presentation explores common data security risks and discusses basic steps you can take to protect yourself. Includes a quick review of Equifax, Experian, and TransUnion recent breaches.
Essay On Problems Of Load Shedding In Karachi
The disengagement theory of aging proposes that withdrawal from social roles is a natural part of aging. It suggests that as people get older, they gradually disengage from social relationships and activities and engage less with people and the world. This allows elderly people to retire from work roles and social responsibilities and prepares them psychologically for impending death. Critics argue that disengagement is not inevitable and is often a response to the barriers faced by elderly people rather than a natural part of aging.
Identity Theft nigerian fraud cyberbullying
This document provides a summary of an presentation on identity theft, Nigerian fraud, and cyberbullying. It discusses what identity theft is, how criminals obtain personal information, and steps to take if identity theft occurs. Nigerian fraud and some common variants like lottery and reshipping scams are described. Statistics on cyberbullying are presented, such as the most common forms and locations. Throughout, examples are given to illustrate the topics.
Identity Theft It's Devasting Impact
During this workshop, Mr. Taylor will be discussing
how this growing crime is affecting individuals, families and small businesses.
Never before has there been a greater need for understanding identity theft and its impact.
In the workshop you will:
• Learn what ID Theft is and how to minimize the devastating effects
• Be introduced to the major types of identity theft
• Learn how to better protect personal and small business information
• Learn about restoration services and credit monitoring plans
Cyber security and fl data breach
This document provides an overview of cyber security risks and Florida's data breach law. It discusses how cyber security is an oxymoron since data can never be 100% safe online. It outlines common cyber attack types like phishing, ransomware, and DDoS attacks. The document reviews incident response plans and legal requirements if a data breach occurs, including notifying authorities, preserving evidence, and disclosure obligations. It details provisions of Florida's data breach law, including requirements to notify impacted individuals and the Department of Legal Affairs for breaches over 500 people. Organizations are advised to have cyber security policies, training, backups, and insurance to help prevent and respond to potential data breaches.
Identity Theft: How to Avoid It
This was a presentation by Hewie Poplock on Tuesday, November 15th, 2016 in the Goodwill Manasota (FL) Ranch Lake Community Room, "How to Avoid Identity Theft".
A victim of identity theft himself, Hewie will provide examples of how ID theft can happen as well as suggestions and precautions on how to prevent you and your family from becoming victims of identity theft yourselves. Topics covered included:
• What is Identity Theft
• How ID Theft Happens
• How to Protect Yourself
• Phishing
• Data Breaches
• Facebook Spoofing
• Skimmers
• Security Freeze
• On Line Shopping Safety
• Credit Card Chips
• What to Do If You are a Victim
Hewie is a former teacher, college instructor, business owner and manager, IT Manager, and web designer. He is currently semi-retired, but is active in technology user groups and frequently speaks to and teaches groups who are mostly seniors. He holds a monthly Windows Special Interest Group for a group in Orlando and has several videos on YouTube. He is an active member of The Sarasota Technology User Group.
Fraud Awareness
Fraud awareness for companies and their employees covering legal aspects of securing confidential information, social engineering techiniques and what to look for in suspect emails.
Cyber security - Trend Micro
Cyber security is defending people, data, systems, programs, networks and mobiles from digital attacks. The document discusses why cyber security is important for both personal and business reasons. Cybercrime resulted in $1.5 trillion in revenues in 2018 according to FBI stats. For businesses, cyber attacks can result in costs from business interruption, loss of reputation, non-compliance penalties and changing privacy laws. Both businesses and individuals are encouraged to practice cyber safety by using protection solutions, avoiding clicking on suspicious links, and regularly changing passwords.
How to Prevent Identity Theft and Fraud
This workshop covers identity theft prevention. It defines identity theft and fraud, explains how personal information is commonly stolen through dumpster diving, mail theft, car break-ins, or financial institution fraud. Participants learn to protect themselves by shredding documents, monitoring records, and being wary of sharing information over the phone. Case studies demonstrate mistakes like improper document disposal, carrying all account numbers, and lending cards/PINs. Participants discuss prevention steps and what to do if identity theft occurs, such as checking credit reports for unusual activity.
How to Prevent ID Theft
The document discusses identity theft and ways that thieves steal personal information. It begins with defining identity theft and the common types, including child identity theft, tax identity theft, medical identity theft, and senior identity theft. It then discusses how identity theft can occur through stealing wallets and mail, rummaging through trash, online methods like phishing and social media, and using stolen information to make purchases or apply for loans in the victim's name. The document provides tips on protecting yourself such as being wary of emails asking for personal information, not sharing sensitive data over email, and monitoring accounts regularly for unauthorized activity.
A delightful way to teach kids about computers
Cybercrime is criminal activity carried out using computers or the internet, with the object of crimes including hacking, phishing, and spamming. In 2016, over 2 billion records were stolen or lost, and in 2015 100 million Americans lost health insurance cards. Most cybercrime, around 80%, originates from sophisticated criminal gangs, with the illegal cybercrime economy valued at $445 billion and larger than the GDP of 160 nations. Cybercriminals access users' data through Trojans in phishing emails, pop-up windows prompting calls to fake support numbers, and operating like legitimate online marketplaces selling malware and fake IDs. To curb cybercrime, organizations must share attack information rather than keeping it secret for competitive advantage
Similar to BSides SF - Contact Center Authentication (20)
Identity Theft and How to Prevent Them in the Digital Age
Identity Theft and How to Prevent Them in the Digital Age
More from Kelley Robinson
Protecting your phone verification flow from fraud & abuse
The document discusses SMS pumping fraud and how to prevent it. SMS pumping involves abusing phone verification systems to trigger a large number of SMS messages to generate revenue from mobile carriers. Attackers enroll phone numbers from different carriers, have one-time passwords sent to each number, and carriers share the resulting SMS revenue with the attackers. The document recommends ways for websites to protect against this fraud, such as adding CAPTCHAs, setting rate limits on messages to numbers, implementing delays between verification attempts, restricting destination countries, and monitoring OTP conversion rates.
Preventing phone verification fraud (SMS pumping)
In the last year we've seen a new type of fraud become more common where fraudsters attack phone verification forms with thousands of requests. This type of attack, known as SMS pumping, causes inflated traffic to your app with the intent to make money and not to steal information. Unfortunately this means you might be hit with higher than expected bills from your telecom provider if your application isn't designed to prevent it.
This talk will describe SMS pumping in more detail, including how it compares to similar attacks like IRSF and how fraudsters profit from this tactic. You'll learn strategies to prevent the attack and improve your phone verification workflow in the process, ensuring all of the benefits of phone number verification without unintended expenses.
Auth on the web: better authentication
The document discusses improving authentication on the web while reducing friction for users. It covers using biometric authentication, background signals from devices, and turning devices into authentication keys. The presenter recommends limiting stored data, using contextual data for step-up authentication, offering device authentication where possible, and planning for fallback options in case primary authentication fails. Overall, the goal is to make authentication secure yet easy for users.
WebAuthn
Authentication is a sneaky problem - the most secure options don't usually have widespread adoption, especially among consumer applications. But what if we could fix that? Narrator: we can. WebAuthn is a somewhat new authentication standard that uses our everyday devices like phones and computers and turns them into phishing-resistant security keys. It almost sounds too good to be true. This talk will dig into how the technology works, when you can and should use it, and how to get started. We'll dig into why this isn't widely adopted yet and if or when we can expect it to be. You'll walk away with a better understanding of a new authentication channel and possibly some hope for a more secure future.
Introduction to Public Key Cryptography
This document provides an introduction to public key cryptography. It explains that public key crypto uses two keys - a public key that can be shared and a private key that is kept secret. The document discusses how public key crypto works using RSA encryption as an example. It also covers other common public key crypto algorithms like Diffie-Hellman key exchange and elliptic curve cryptography. The document discusses key sizes and their relationship to security strength and provides examples of public key crypto implementations in Python.
2FA in 2020 and Beyond
Security professionals agree: SMS based Two-factor Authentication (2FA) is insecure, yet thousands of companies still employ this method to secure their customer-facing applications. This talk will look at the evolution of authentication and provide a data-driven analysis of the tradeoffs between the different types of factors available.
Identiverse 2020 - Account Recovery with 2FA
You've built login for your application—and even added 2FA—but what happens when a customer upgrades their phone, loses their device, or otherwise gets locked out of their account? This session will show how to accommodate account recovery when the user has 2FA enabled while minimizing account takeover and support overhead.
Designing customer account recovery in a 2FA world
You've built login for your application—and even added 2FA—but what happens when a customer upgrades their phone, loses their device, or otherwise gets locked out of their account? This session will show how to accommodate account recovery when the user has 2FA enabled while minimizing account takeover and support overhead.
Introduction to SHAKEN/STIR
This talk will discuss the latest advancements with STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs), new tech standards that use well accepted public key cryptography methods to validate caller identification. We’ll discuss the path and challenges to getting this implemented industry wide, where this tech will fall short, and what we can do to limit exposure to call spam and fraud in the meantime.
Intro to SHAKEN/STIR
This talk will discuss the latest advancements with STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs), new tech standards that use well accepted public key cryptography methods to validate caller identification. We’ll discuss the path and challenges to getting this implemented industry wide, where this tech will fall short, and what we can do to limit exposure to call spam and fraud in the meantime.
PSD2, SCA, WTF?
A look at the Payment Services Directive 2 regulations and the Strong Customer Authentication requirements
Building a Better Scala Community
The document discusses how to build a better Scala community. It recommends practicing empathy by understanding others' perspectives, building trust through thoughtful questions and admitting mistakes, and empowering others by teaching, answering questions, and making space for new people. The key ideas are that community is important, should be inclusive of people from various backgrounds, and improved by experienced members helping and learning from others.
Communication @ Startups
This document provides tips for communication at startups. It recommends knowing your audience and building relationships by sharing context and being concise. It also suggests asking thoughtful "why" questions to understand priorities and decisions. Finally, it advises documenting work through diagrams and written explanations to make "glue work" visible and help future communications.
BSides PDX - Threat Modeling Authentication
Passwords get pwned. SMS 2FA gets compromised. We spend time clicking stop signs to convince computers we’re human. Is there a better way?
SIGNAL - Practical Cryptography
This document provides an introduction to public key cryptography. It discusses how public key cryptography works using asymmetric key pairs with a public key and private key. The document explains how the RSA algorithm can be used for encrypting messages with a public key and signing with a private key. It also briefly covers other common public key algorithms like Diffie-Hellman key exchange and Elliptic Curve Cryptography. Key sizes and security strengths are discussed. Python implementations and everyday uses of public key cryptography are also mentioned.
2FA Best Practices
The document discusses best practices for implementing two-factor authentication (2FA) using Authy. It covers why 2FA is important for security, different 2FA methods like SMS, push notifications, and time-based one-time passwords. The document also discusses potential issues with SMS 2FA, alternatives to SMS, onboarding users for 2FA, user experience with 2FA, and practical cryptography techniques used in 2FA apps like Authy. Several Twilio engineers provide insights into building phone verification at scale and preventing social engineering attacks using Twilio Flex.
Practical Cryptography
Crypto is used for a lot more than just currencies. This talk will dive into modern cryptography, the math behind how it works, and its everyday use cases. By looking at the origins of cryptography we’ll follow the progression of methods and algorithms as humans and computers evolved.
2FA, WTF!?
You may recognize Two-factor Authentication (2FA) as an additional safeguard for protecting accounts, but do you really know how it works? This talk will show you how to implement One Time Passwords (including what's happening under the hood of those expiring tokens) and even provide a legitimate use case for QR codes! You'll come away recognizing the different approaches to implementing a 2FA solution and have a better understanding of the solution that's right for your application.
2FA WTF
Breaking down the problems with password-only authentication and some of the different options you have for 2FA
Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018
The document discusses analyzing pwned passwords using Apache Spark. It provides an overview of Spark, including its evolution from RDDs to DataFrames. It also discusses the state of passwords, how Spark can be used to analyze large datasets of pwned passwords, and both the benefits and challenges of using Spark for this type of analysis. The document encourages securing authentication while providing a seamless user experience and notes that developers have a responsibility to secure authentication.
More from Kelley Robinson (20)
Protecting your phone verification flow from fraud & abuse
Protecting your phone verification flow from fraud & abuse
Designing customer account recovery in a 2FA world
Designing customer account recovery in a 2FA world
Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018
Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018
Recently uploaded
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Leveraging the Graph for Clinical Trials and Standards
Katja Glaß
OpenStudyBuilder Community Manager - Katja Glaß Consulting
Marius Conjeaud
Principal Consultant - Neo4j
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Pitangent Analytics & Technology Solutions Pvt. Ltd
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.Essentials of Automations: Exploring Attributes & Automation Parameters
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
Fueling AI with Great Data with Airbyte Webinar
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
JavaLand 2024: Application Development Green Masterplan
My presentation slides I used at JavaLand 2024
5th LF Energy Power Grid Model Meet-up Slides
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
"Choosing proper type of scaling", Olena Syrota
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Skybuffer SAM4U tool for SAP license adoption
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
AppSec PNW: Android and iOS Application Security with MobSF
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Taking AI to the Next Level in Manufacturing.pdf
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Mutation Testing for Task-Oriented Chatbots
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Generating privacy-protected synthetic data using Secludy and Milvus
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...Edge AI and Vision Alliance
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/
Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit.
As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies.
In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Gursev Pirge, PhD
Senior Data Scientist - JohnSnowLabs
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Northern Engraving | Nameplate Manufacturing Process - 2024
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfarePapadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
AI & Electronic WarfareRecently uploaded (20)
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
BSides SF - Contact Center Authentication
- 1. Contact Center Authentication Kelley Robinson | BSidesSF 2019 @kelleyrobinson
- 2. This talk has everything • My social security number • My mother's maiden name • The email I briefly used 11 years ago • Accidental phishing
- 5. 1. I have an existing account 2. There is personal info tied to my account (i.e. orders, data) 3. Company has a customer support phone number 4. USA phone number 5. Inbound calls @kelleyrobinson 🔍 Research Parameters
- 7. @kelleyrobinson ☎ Getting in touch
- 8. ☎ Getting in touch over the phone @kelleyrobinson 1. Customer support number 2. "Call me" 3. No phone number i.e. Home Depot, Comcast, State Farm i.e. Walmart, Amazon, Verizon i.e. Facebook, Lyft
- 9. @kelleyrobinson 📲 On the phone
- 10. 1. Automated with the phone number you're calling from 2. Automated with provided info like account number 3. Manual with an agent @kelleyrobinson (identification)📲 On the phone
- 11. @kelleyrobinson Identity Authentication Personal information (i.e. date of birth) Google-able, probably doesn't change Proof of identity, usually with a secret (i.e. one time password)
- 15. @kelleyrobinson 🙌 The Good 👍 The OK 👎 The Bad 😰 The. . . oh. . . oh no
- 16. @kelleyrobinson 🙌 The Good Actually authenticating users • One time codes for authentication • Refusing to disclose personal information Random Bonus Delight: • Apple lets you choose your hold music 🎵
- 17. @kelleyrobinson 🙌 Automated intro: “Welcome to Netflix. For faster service, log in to netflix.com and find the 6 digit service code located at the bottom of any web page. ”
- 21. @kelleyrobinson 👍 The OK Room for improvement but still positive • Recognizing the phone number you're calling from • Verifying multiple forms of personal information • Prompting with relevant account actions
- 22. @kelleyrobinson 👍 Automated intro: “Welcome back, Kelley. I see you're flying from San Francisco to Newark Liberty today, are you calling about that trip? ”
- 23. @kelleyrobinson 👎 The Bad Phishing risk with minimal effort • Only asking for one form of identity • Identity is easily accessible public information • Requiring a Social Security Number
- 24. @kelleyrobinson 😰 The. . . oh. . . oh no Wait. What just happened? This is problematic. • Giving out identity information • Allowing account changes without authentication
- 25. @kelleyrobinson 😬 How I accidentally phished a major hotel chain
- 28. @kelleyrobinson 🤖 Match the Rigor of Web Authentication
- 29. @kelleyrobinson • Remember the user experience • Take advantage of the voice platform • Honor user settings for things like 2FA 🤖 Match the Rigor of Web Authentication
- 32. @kelleyrobinson ☎ Strong Authentication Options • One-time passcodes • Voice recognition and verbal passcodes • Hybrid platform security
- 34. @kelleyrobinson 💁 Build guardrails for agents
- 35. @kelleyrobinson • Limit caller information available to agents • Only expose information after a caller is authenticated • Have a small subset of agents that have access to do the most sensitive actions • Perform silent authentication 💁 Build guardrails for agents
- 36. @kelleyrobinson 💁 Build guardrails for agents Verify caller email address before continuing: grace.hopper@gmail.com Verify caller email address before continuing: VerifyEnter email here vs. ✅ Agent Dashboard 1 Agent Dashboard 2
- 37. @kelleyrobinson 🔐 Consider your Threat Model
- 38. @kelleyrobinson • What are you allowing people to do over the phone? • Limit sensitive actions if you can't implement true authentication 🔐 Consider your Threat Model
- 39. What next?
- 41. @kelleyrobinson ✅ Actually authenticate users 📵 Don't share personal information 🤖 Match the rigor of your web authentication 💁 Build guardrails for your agents 🔐 Consider your threat model Takeaways