A Review of the Best News of the Week on Identity Mgt & Web Fraud
FIDO Alliance Addresses PSD2 Screen Scraping Debate in Letter to European Commission and European Parliament (FIDO Alliance, Sep 07 2017)
“Should screen scraping be allowed, even as a fallback option, under Payment Services Directive 2 (PSD2)? The FIDO Alliance has been closely observing the discussions on this topic between the European Commission (EC) and European Banking Authority (EBA)…”
ForgeRock Lands $88M In Funding To Expand R&D, Sales Of Identity, IoT Security Solutions (CRN, Sep 07 2017)
“ForgeRock has raised an $88 million in Series D funding round, which the company says it will put towards sales and product development as the market for Internet of Things security and identity heats up.”
Security Flaw in Estonian National ID Card (Schneier on Security, Sep 05 2017)
“On 30 August, an international team of researchers informed the Estonian Information System Authority (RIA) of a vulnerability potentially affecting the digital use of Estonian ID cards. The possible vulnerability affects a total of almost 750,000 ID-cards issued starting from October 2014, including cards issued to e-residents.”
Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report
A brief history of passwords (Thales, Sep 01 2017)
“Passwords themselves are much older than any computer, dating back to ancient times, when a password, or watchword, was used to indicate membership of a select group. Indeed, secret societies were known in cultures as far back as ancient Egypt, but it was the Roman military – who else? – that took passwords to a new level of sophistication.”
Cumbersome task ahead of Aadhaar authentication (The Hindu, Sep 03 2017)
In India, “the authentication of bank accounts with Aadhaar numbers before December 31 seems to be an uphill task in Telangana given that it has been completed in just about 15 per cent of the total four crore plus accounts.”
How Intel Core chips could take over two-factor authentication from your phone (PCWorld, Sep 01 2017)
“Intel’s 8th-gen Core architecture and its associated software cut out the need for a phone, simply requiring you to click a software “button” to authenticate the 2FA transaction.”
Lawyer suggests tying access to encryption to verified ID (Naked Security – Sophos, Sep 04 2017)
Max Hill QC, who is leading the Independent Review of Terrorist Legislation (IRTL) starts a debatable thread: “Social media accounts are used for direct communication and to spread terrorist propaganda, much of which uses encryption and is therefore difficult to monitor. The solution is to force all users to prove who they are before they get access to accounts with encryption privacy turned on.”
Cloud Identity-Aware Proxy: a simple and more secure way to manage application access (Google Cloud Platform Blog, Sep 01 2017)
Google Cloud launches Cloud Identity-Aware Proxy. “Cloud IAP provides granular access controls and is easy to use so that companies can quickly and more securely host their internal apps in the cloud.”
Best Practices for Multi-factor Authentication (MFA) (Secure Thinking by Centrify, Sep 07 2017)
“It’s not difficult to implement, but some up-front planning can further enhance security and save a lot of time and effort. MFA is one of the best ways to prevent unauthorized users from accessing corporate data.”
Identity fraud is everywhere: here’s how to improve market fraud scoring systems (Gemalto blog, Sep 04 2017)
“But what is SIM swap fraud? A fraudster gathers data on a bank customer through “phishing” or “social engineering” to gain access to their online/mobile banking portal. With this data, the fraudster contacts their mobile operator to get their SIM card replaced and/or change Mobile Network Operator while keeping the same mobile number.”
Signifyd’s Meetups: Effective Fraud Prevention and a Chance to Talk Shop (Signifyd, Sep 06 2017)
“Online fraud fighter Noam Naveh had a succinct message for the group of e-commerce and payment security professionals who gathered for Signifyd’s first meetup to share and discuss fraud-prevention techniques.”