Covelight upgrades online fraud protection technology

Source: Covelight Systems

Covelight Systems, an innovator of solutions for real-time online fraud protection, today announced the availability of Covelight Percept 3.0.

Percept is the industry's first and only fraud monitoring product line that combines real-time traffic capture, identity-based fraud detection, analytics, forensics and reporting for a completely transparent solution to manage online fraud while not interfering with the application performance or the user experience.

"We're very excited about this new offering," said Spencer Snedecor, Covelight's CEO. "Percept is already protecting online banking and brokerage applications at numerous financial institutions representing a combined $1.5 trillion in assets. This latest version will continue delivering value to our customers and strengthens Covelight's technology leadership position in online fraud management."

With the December 2006 FFIEC deadline looming, financial services institutions can quickly and painlessly deploy Percept to exceed the recommended guidance while protecting their reputations and online users from fraud, including man-in-the-middle and man-in-the-browser attacks. As evidenced by a recent well-publicized incident at Citibank, these new attacks are part of an emerging session hijacking trend designed to circumvent improved authentication controls. Additionally, Percept 3.0 can run in combination with any multi-factor authentication solution to invoke strong authentication only when needed, so the end user is not unnecessarily aggravated with burdensome challenges.

Percept 3.0 features include:

  • Complete application independence. Deployed as a passive network sensor, the traffic capture, SSL decryption, transaction logging, session and login identification and user behavior and transaction anomaly detection are all performed without any integration into the online application or servers while maintaining complete transparency to the online users. No agents, cookies, JavaScript, code changes or server log files are required. This saves money by eliminating the fraud and risk teams' reliance on application development or operations to install or maintain the system and because it does not negatively impact the application
  • The only online fraud architecture for detecting emerging session hijacking attacks, such as man-in-the-middle and man-in-the-browser. Network-based transaction flow monitoring inspects not just a few selected transactions, but ALL traffic between the users and the applications. By doing so, Percept can detect subtle differences in an individual user's behavior - from obvious changes in IP address and geolocation, down to infinitesimal shifts at the lowest protocol layers - that are indicative of a hijacked session
  • Two-dimensional real-time risk calculations. For each user and session, Percept calculates and maintains two scores: The first score quantifies the threat level represented by the user, based on over 80 built-in customizable rules. The second score quantifies the user's exposure to high-risk transactions and sensitive data patterns. These two dimensions give a complete picture of the risk posed by each user and each online visit. The scoring starts from the moment the user accesses the site and is updated in real-time up to login and throughout the entire session
  • New API for publishing Percept risk score to any authentication system. The API is used to provide the Percept two-dimensional risk score to authentication solutions, including our partners Digital Resolve, TriCipher, StrikeForce and PhishCops. The authentication solution evaluates this score and invokes the appropriate level of authentication at anytime during the user's session. This risk-based authentication insures that users are not asked to supply additional credentials unless absolutely necessary
  • Built-in user compliance audit and fraud investigation console. With built-in analytics and detailed forensic logs, Percept arms compliance and fraud investigation teams with the tools to respond to an incident, and to prosecute if necessary. To simplify the job of the fraud and compliance investigators, the user records now provide customized information about the online user, such as account number and privileges
  • New appliance options, including the enterprise-class Percept 5000. With flexible network interface options and high availability components, this high-performance, 3-rack unit appliance meets the needs of even the most demanding enterprise.

Starting with the initial access, through login and during the entire session, Percept monitors each user's online activity and automatically builds a behavioral profile that is used to detect suspicious or high-risk activity in real-time to trigger alerts and generate a two-dimensional session risk score. In addition, Percept maintains detailed session and transaction logs supported by the guided analytics of an incident investigation console to support fraud case management and on-demand user audits.

"We continue to be impressed with Percept and its capabilities. What they can capture - in an easy-to-install and maintain passive monitoring solution that does not adversely affect our applications or our users - is remarkable," said longtime Percept customer Chip Wentz, Senior VP of Information Security at First Citizens Bank. "Our operational risk, compliance and information security teams all rely on the real-time detection and fraud analytics that Percept provides us."

Brian Ellis, senior director of application assurance at Answerthink, agrees: "SunTrust Bank was looking for a solution to protect a group of their outward-facing applications. They wanted to deploy transparent fraud detection and user-focused analytics without making any changes to the applications. They concluded that Covelight Percept would give them strong and comprehensive protection for their applications and online users."

Comments: (0)