Handling Malicious Hackers & Assessing Risk in Real Time
Date: Thursday , April 02, 2009
A hacker creates a look-alike website of a well-known bank. He sends across e-mails to customers requesting for confidential information claiming the bank’s website is undergoing a revamp or reconstruction. The information sought is confidential customer data. The e-mail has a link embedded in it, which, by default, directs the customer to the fake site that the hacker has created. The customer, thinking it to be a genuine communication from the bank, provides the details, which the hacker saves and later uses for fraudulent transactions such as money transfers or procuring critical passwords.
Not a Secure Situation to be in
The rapid growth of online commerce has brought increasing sophistication to Internet fraud. Frauds are executed across multiple access channels. Threats from Phishing (criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication), Pharming (a hacker’s attack aiming to redirect a website’s traffic to another bogus website), Trojans (a type of malicious software), Key Logging (used to retrieve online password entries), and Proxy Attacks, combined with regulations and mandates (HIPAA, PCI) governing online data piracy place online security at a premium. If you take a closer look at the illustration in the beginning of this article, you will realize that a simple login procedure makes it easy for a hacker to access online accounts and transactions. To thwart hackers, banks are adopting stringent levels of login procedures, which are more personalized and secure. Some of them include the introduction of additional levels of passwords, personalized background image for login, virtual keyboards, or even a virtual mouse among others.
Whatever you type on the physical keyboard can be tapped by hacking, through keylogging. Keylogging provides a means to obtain passwords or encryption keys by bypassing security measures. To prevent this, financial transaction sites are installing virtual keypads and virtual mouse. Instead of typing the password on the keyboard the normal way, as part of the login process the user will be able to use the cursor to select his or her password on the virtual keyboard. This process helps circumvent the key locking setup enforced by the hacker.
While user access is established, it is equally important to prevent frauds and enable real time risk assessment. The tools available today profile the historical behavior into a ‘virtual finger print’ of the user, and now with automated rules one can decide the risk and threat associated with the user transactions. Such automation is what we refer to as ‘fraud detection and risk assessment technology’. It enables proactive, real time fraud prevention and strengthens transaction security for enterprise and consumer Web applications. It makes it safer for businesses – any business – to interact with partners and consumers, expose business functions to remote employees or partners, and also protect them against threats.
Online fraud detection requires the use of multiple IT security tools. It needs to be able to evaluate risk by analyzing data from a variety of sources including profiles, device fingerprints, IP and other network forensics data, geo-location information, and transactional data. By bringing together various risk factors in a single policy, a well-implemented solution can score the relative risk of a transaction, proactively prevent fraud, and instantly alert the organization to threats. Such technology provides real time and offline risk analysis to maximize the efficiency of capturing and analyzing real time transaction data, matching the risk profile of the current transaction against historical patterns.
To define and refine the fraud prevention policy, investigation and forensic tools are also needed to simplify inherently difficult administrative tasks such as policy authoring, risk monitoring, incident investigation, or audit data analysis. Security policy needs to be able to adjust to new threats without having to bring down a production system. Specialized fraud detection technologies give security administrators the ability to experiment with different security policies, assess their usefulness at blocking fraud, determine the potential performance impact on specific rules, and track the difference in system behavior as a result of policy change.
So companies can minimize the chances of letting anyone use a stolen credit card for multiple, fictitious transactions like flight bookings or online purchases or even financial or trading requests. As companies aggressively embrace the Internet for sales, self-service, and information sharing, online security is core to establishing trust between companies and users.
A recent online security survey from a cross section of India’s top forty banks by ReadiMinds ‘State of Online Security in Financial Institutions in India - 2008’ has highlighted the issues pertaining to online identity theft and online financial frauds. According to this survey 30 percent of the banks reported to have been victims of identity theft during the last one year, while 30 percent of the banks reported to have been victims of phishing at the same time, and 10 percent of the banks were victims of man-in-the-middle attack at the same time.
Online security has become a business issue. There seems to be a strong link between the business performance of a financial institution and the online security measures implemented by it. Over 70 percent of banks that reported to have implemented stronger security measures also regularly deliver better business performance compared to their peer group. But the worrying issue was that over 57 percent of banks still do not have a dedicated budget for online security. Online security is still part of the IT budget. But the good part of the finding was that 100 percent of respondents were aware that integrating stronger user authentication, along with fraud detection and risk based transaction verification, is the strongest form of defense against online identity theft and financial frauds.
IDC confirms the Identity and Access Management (IAM) software market as one of the fastest growing security software markets in the Asia Pacific region, growing at a compounded annual growth rate (CAGR) of 17 percent (2008-2012) to reach $524 million by 2012.
The author is Vice President, Oracle Fusion Middleware, Oracle India.