HDFC Bank selects RSA's FraudAction to monitor online attacks
By siliconindia   |    7 Comments
Printer Print Email Email
Bangalore: As the number if people using internet in India grew at more than expected rate, it also exposed this population to threats such as phishing. A recent report brought out by the Anti-Phishing Working Group estimates that India witnessed 107 unique phishing attacks in the first six months of 2009, reports InformationWeek. This increasing number of attacks forced the RBI (Reserve Bank of India) to issue a circular to all member banks for cautioning their respective users on the growing number of fraudulent transactions. Understanding the needs of hour, HDFC Bank was among the first few banks to take a relook at the way it could tackle online attacks. Vishal Salvi, Senior Vice President and CISO, HDFC Bank said, "Today attacks can emerge from any part of the world and target unsuspecting users. As a bank, we needed a method to proactively fight these threats and stop fraudsters from impersonating us." To protect its customers from online attacks, HDFC Bank chose RSA's FraudAction Service, which gives the bank real-time monitoring and protection against trojan, phishing and other online attacks. For example, if the service detects a suspicious e-mail or Trojan emerging from a server, it can initiate steps to take down the server, and prevent it from further propagating messages. The bank also implemented RSA Adaptive Authentication to provide customers with a convenient online protection through the use of a personal security image and caption to verify the legitimacy of HDFC Bank's website. "To further protect our customers, we have split the user id and password screen into two different pages. This significantly reduces the chances of users being directed to a fake website," said Salvi. The important fact of RSA's Adaptive Authentication is that it has self-learning risk indicators such as device identification and user behavior profiling, which helps the solution to tackle both existing and emerging threats. In the current situation every transaction is assigned a risk store. Salvi said, "If a transaction is above a certain threshold, it gets flagged off and is subject to another authentication." With the help of intelligent self-learning risk engine, phishing attacks have come down by close to 60 percent while there have been no incidents of frauds. Further, response time to phishing attacks has also been reduced to as little as five hours.

siliconindia