Digital Resolve introduces 'Smart Cookie' for online fraud prevention; meets FFIEC guidelines

Source: Digital Resolve

Digital Resolve, the leading provider of transparent, multi-layered risk-based authentication solutions, has introduced the Smart Cookie, which adds a new layer of protection to its Fraud Analyst product for online fraud and identity theft prevention for the financial services industry.

Fraud Analyst's multi-layered approach to online fraud and identity theft prevention provides protection for the online channel above and beyond other approaches in the market today and is a an excellent way for banks to comply with the recent authentication guidelines issued by The Federal Financial Institutions Examination Council.

This new Smart Cookie, which leverages Fraud Analyst's behavioral analysis engine, cannot be passed along by fraudsters to a financial institution in an attempt to impersonate a legitimate customer. The cookies currently being used in other authentication solutions are susceptible to this type of exploitation because they are not tied to backend analysis systems and can be easily spoofed.

Unlike the cookies currently in use in other authentication solutions that gather information gleaned from an online user's computer to create "Device IDs" for fraud prevention, Digital Resolve's Smart Cookie pulls in additional factors. These factors leverage information from Fraud Analyst's patent-pending behavioral access profiles to create non-spoofable Unique Online IDs, offering a level of security that far surpasses that of cookies currently used in most online authentication systems. "Secure cookies", which were never intended to be used in an authentication system, can be easily moved from machine to machine and passed along to a financial institution by a man-in-the-middle, thus fooling authentication systems into believing that they are dealing with a valid customer when, in fact, they are not. Another valuable feature of the Smart Cookie is its built-in "expiration system" that renders it useless should a fraudster attempt to use a stolen cookie.

"The addition of the Smart Cookie to our Fraud Analyst product further fortifies our multi-layered approach to online fraud prevention. No other multi-factor solution provides the front- and back-end capabilities, multi-layered functionality, or the comprehensive fraud protection of Fraud Analyst, which is seamless to end users," said Bill Calpin, President and Chief Executive Officer of Digital Envoy, the parent company of Digital Resolve. "Many other approaches today try to stop fraudsters after they have already accessed a user's account and attempted to make a fraudulent transaction, which I find to be a dangerous and questionable approach. The entire goal for Digital Resolve is to use the most sophisticated and foolproof methods to stop would-be thieves from ever getting in the bank's front door. Honestly, I wouldn't want to stop a thief after he's in my house – I would want to prevent him from ever entering."

Digital Envoy's Fraud Analyst, which is the only risk-based authentication solution today deployed by a top-ten North American bank, was introduced in the spring of 2004 and was the first transparent multi-factor authentication solution. It was also the first solution developed specifically for the financial services industry to prevent online banking fraud in real time. Unlike other multi-factor authentication solutions currently available, Digital Resolve's patent-pending Fraud Analyst does not rely on privacy-invasive computer monitoring techniques or expensive and cumbersome handheld alternatives. Using an online customer's unique, non-spoofable identifier – an IP address – Fraud Analyst non-invasively uncovers more than a dozen data elements including location, anonymous proxies, domain name and other identifiable attributes referred to as "IP Intelligence". It then automatically analyzes this information against multiple data sources, patent-pending calculated risk factors and behavioral access profiles, and other risk-based factors to prevent new account fraud and to stop account hijackings in real time. It also allows end customers to authenticate a bank's Web site in real time.

Seperately, The Federal Financial Institutions Examination Council (FFIEC) has just issued online authentication guidance for banks offering Internet-based financial services. Digital Resolve is proud to announce its Fraud Analyst product already provides viable, consumer-friendly methods to comply with this guidance on a number of different levels.

Founded on "IP Intelligence" technology, Fraud Analyst's multi-layered approach to online fraud and identity theft prevention provides protection for the online channel above and beyond other approaches in the market today and is an excellent way for banks to comply with the recent authentication guidelines, titled "Authentication in an Internet Banking Environment", issued by the FFIEC.

"We appreciate the Council's and the Federal Deposit Insurance Corporation's efforts in providing an authentication compliance platform from which banks can easily evaluate strategies and tools to enhance the security of their Internet-based products and services," said Bill Calpin, president and chief executive officer of Digital Envoy. "We do believe, however, banks need to ensure the authentication process is a seamless and painless experience for the banking customer, recognizing the potential for consumers to have multiple financial relationships that will be impacted – a key recommendation not addressed in the FFIEC Guidance."

Banks have always built trust by presenting a sense of safety and security in subtle ways. For example, banks do not locate their vaults in the middle of their lobbies and they discreetly position security guards in non-threatening ways for customers. Calpin says, "The online experience should mirror that subtle approach: a non-invasive, privacy-sensitive, behind-the-scenes approach that provides maximum safety with minimal change to how users interact online."

Banks also need to consider their customers’ reactions to being contacted by several of their banking institutions, perhaps offering the same or similar solutions. "Does this really make them feel more secure or does it scare the heck out of them with such visible approaches that involve them in deployment?" asks Calpin.

Digital Resolve's solutions offer exactly what Calpin advocates. "Obviously, our solutions reflect the approach we advocate because we carefully considered both the bank AND consumer impact in our design. That approach has worked for our banking customers in making the online channel an attractive choice for consumers."

Comments: (0)