Location, Location, Location!!!

Why IP Intelligence (Geo Location Data) is important for Authentication?

In the growing area of risk based authentication where organizations from banks to governmental departments are looking to share more information and services with people there is a much greater risk/fear of fraud.

Information Security vendors such as Oracle, RSA, Verisign, and others have complimented their existing Web Access Control technologies like Oracle Access Manager (OAM) with Risk Based Authentication solutions such as Oracle Adaptive Access Manager (OAAM) which assess the risk of fraud at the moment of a transaction and, based on policy, respond by allowing/denying the transaction or requiring secondary or “Step-up Authentication”.

In these scenarios, the more context available to the transaction the better risk analysis. Knowing that a banking customer who lives in Oslo, Norway is trying to send a wire transfer out of the account is actually logging in from Seattle, WA gives makes it simple to understand the potential risk.

IP data enables core risk assessments made within OAAM including; website visitor location (i.e. block high risk locations), network characteristice (i.e. is the visitor connected through an anonymzing proxy—intentionally masking their location), IP data provides an “IP fingerprint” of a visitor.

To help deliver this intelligence to customers Oracle partners with Quova as the preferred IP provider for OAAM. They provide specific ROI advantages over competitors.. Quova’s unmatched accuracy and depth of proxy intelligence data result in increased fraud catch and lower false positive escalations.

And Quova is the only provider that subjects its research process and data quality to annual independent audit by PricewaterhouseCoopers. Quova is widely recognized as the market leader and is in use throughout the anti-fraud marketplace. Quova for OAAM customers include; Monster.com, DFCU, ICICI Bank, National City Corporation.

To Learn more about Quova:
Contact Jon Heintschel
650-528-3739 or jheintschel@quova.com

To Learn more about OAAM
http://www.oracle.com/technology/products/id_mgmt/oaam/index.html

Or to learn about the Oracle Access Suite:
http://www.oracle.com/products/middleware/identity-management/access-management-suite.html

Why the Public Sector needs Bio-Metric Solutions and how ORCL + Daon can help

Combing Oracle IDM Products with Best-of-Breed Biometric Infrastructure from Daon enables successful deployments across the Public Sector



Why are government organizations looking for this?

• Stronger security to mitigate fraud & ID theft (more details below)
• Strong Authentication without tokens (more details below)
  

Why has it not been adopted already?

• Requirements for end-points to capture & verify biometrics
• Complexity of provisioning & sharing biometrics across platforms and regions
  

So how can we be successful now?

• Provisioning credentials & enabling cross platform SSO
• Managing roles and fine grain entitlements
  

What is the real scoop on Fraud:

• eCommerce Fraud Losses Projected to Grow to $3.6 Billion in 2008
• Merchants estimate that 1.4% of their online sales will line the pockets of fraudsters
  Source: CyberSource eCommerce Fraud Survey, 2007
• Société Générale €5 billion in trading loss due to unauthorized trades
• Trader executed €50 billion of unauthorized trades and attempted to cover over his losses. When the bank discovered the fraud it had to unwind the position in 3 days, resulting in €5 billion in loss and triggering a world wide financial market sell-off.
  Source: CNN, January 2008
• $17 Million remediation cost for 45 million stolen credit card numbers
  Breach of TJ Maxx’s IT systems led to the lost of 45 million credit and debit card numbers over a period of 18 months. Estimated revenue impact from negative press coverage was $4.5 billion.
  Source: Information Week, May 2007

So why is Strong Authentication not enough?

• Tokens & Smart Cards require the device to be present, credentials still can be stolen and subject to man in the middle attacks and other Phishing or Virus/Malware breaches
• Conversly, Biometric Credentials can not be stolen or replicated, user does not have to carry/track additional tools.
• They can be verified for uniqueness against state, local, federal & international databases
  Rapidly identify potential threats or risky persons.
  

This is where it gets tricky

• Capturing & Storing Credentials
• High cost of having devices at the end-points to capture data
• Tremendous disparity in capture/read devices & algorithms
• It is difficult to future proof your deployment when devices, algorithms, and infrastructure continuously evolving
• Risk of being out of date by the time of production deployment
• Challenging to provisioning credentials and synchronize biometrics with apps & infrastructure
• Challenge for using single biometric authentication for SSO
  

So how do you maximize the ROI?

• Govt. & Ent. require solutions that compliment & enhance entire IT IDM infrastructure to justify investment.
• Oracle IDM Solutions Provisioning Credentials
• Oracle Identity Manager (OIM) enables automated provisioning or revocation of accounts based on biometric auth/enrolment
• Oracle Role Manager (ORM) ties biometric attributes to user roles
• Oracle Entitlements Server (OES) richly defines fine-grain applications entitlements to grant/limit access to specific functions, data sets, or transactions based on level of authentication, roles, and credentials.
• Gain seamless authentication across applications with Oracle eSSO (OESSO)
• Replaces name/pwd with a a single biometric authentication to increase security level & create single sign-on across web & desktop applications.
• Oracle Adaptive Access Manager (OAAM) Ties biometric authentication with broader authentication context (like device identification and location) to validate the entire transaction and identify anomalies or malicious behavior over time.
  

Here is how the Daon solution fits in...

For more information on Daon please visit their website.