Do you know who I am?
You may think so, but what if someone has hijacked my account, my identity, my computer, my web browser, my session, etc. With high impact/value transactions, this “What if?” can have major consequences.
Richard M. Nixon famously said “I know you believe you understand what you think I said, but I am not sure you realize that what you heard is not what I meant.”
The point here being, even when you believe you know the user you may not? In an era where accounts, machines, and identities are taken hostage there is a need for a technology that can verify that you are who you say you are.
When do I need this?
Someone is trying to open a new bank or credit card account - stolen identities can be translated into thousands of dollars in lost merchandise, hurt your brand, and increase insurance or credit card rates.
Bank Transfers – Hijacked accounts from malware/viruses can leverage existing legitimate sessions to transfer money out of customer accounts.
Car Lease/purchase – Imagine someone walks off the lot with a car, but under a false identity. The retailers is unlikely to ever see the vehicle again.
Cell Phone – Using stolen identities or credit cards, thieves can rack up thousands in international phone bills
Medical Records – Employers could leverage inside information on potential employees to make hiring decisions based on potential health insurance cost from pre-existing conditions
Customer Data – Sales person walks away from their desk and a soon-to-be-leaving employee downloads current pipeline information or customer data to bring to their future employer.
The list of examples is endless and applies across all types of organizations, from public sector to higher education, from Fortune 500 enterprises to financial services and health care.
So how does this work?
Based on policy, type of transaction, or probability of Fraud calculated by OAAM's risk scoring engine in real time, users can be promoted to join an “Authentication Session”.
Users will be asked a series of questions such as “Which one of these is a street you grew up on?” or “What is the make/model of your first car?
Unlike traditional Knowledge Based Authentication (KBA) with IDology questions and answers are generated dynamically based on a combination of public/private data sources. This is called Dynamic KBA.
Based on the users answers IDology creates a fraud score, and OAAM determines, based on the organizations defined policy, if it will allow the user to continue with the transaction.
OAAM can also used other context information such as Geo Location data, or require secondary or step-up authentication from something like StrikeForce SMS, ActivIdentity, or Verisign VIP.
You want to see it in action:
No comments:
Post a Comment