September 11, 2014
As victimized celebs vowed to take legal action on these hackers, the photo hacks might just convince all users on the necessity to employ strong security measures to protect their data and persuade mass-market deployment of stronger authentication tools like two-factor authentication in the cloud, said John Zurawski
September 11, 2014
“Now that Jennifer Lawrence, Kate Upton, and others have become the poster children for hacked cloud storage, more users are beginning to understand that a little more inconvenience may be better than the alternative,” says John Zurawski.
September 9, 2014
Consider using the end user’s same mobile device, but instead of an upfront OTP for login purposes, one might use the voice channel post-login. The voice channel represents a completely different communication band from the SMS or data channel on a phone. It represents a way to do an out-of-band two-factor authentication.
September 4, 2014
Peter Tapling says many retail breaches start with a network intrusion that is typically traced back to weak credentials. “Any merchant that does not have two-factor authentication in place for employees and suppliers is gambling that they won’t be next.”
September 3, 2014
Security response teams at some of the card-issuing banks have already started buying back credit card numbers believed stolen in the suspected breach at Home Depot, according to John Zurawski, vice president of marketing for Authentify.
September 3, 2014
The consensus, Peter Tapling added, is that there’s a possibility the perpetrators of this apparent breach may be the same group of Russian and Ukrainian hackers responsible for the recent data breaches at JPMorgan and other banks.
September 3, 2014
"Consumers are starting to accept them as a collateral damage to the e-commerce economy. This is rather unfortunate as the costs involved in the data breaches are in the end paid for by the consumers."
September 3, 2014
"The number of compromised cards could rival the Target breach if indeed this breach affected all 2,200 Home Depot stores and the breach goes back to April 2014. The ‘American Sanctions’ name for the card batches for sale are an interesting twist. Is this just a group that sympathizes with Russia? Or is it a state actor involved directly?"
According to Aland Dundas, “The problem lies with the practice of delivering a one-time password to the end user via SMS. In general, OTP approaches of this type were fine several years ago. They’re just not as secure as they once were. The cybercriminals have developed their own countermeasures.”
August 25, 2014
"xFA can add multifactor security to any web service with a few lines of code. We tested xFA on a small network in August 2014. It has cloud-based components to manage multifactor security, along with apps for iOS and Android."
August 25, 2014
"Bankers should also watch for a wave of fraud tied to identity theft and credit scams, and thoroughly authenticate every request for a credit card replacement, new credit card or loan as well as unusual electronic funds transfers," said John Zurawski
August 22, 2014
Add shipping giant United Parcel Service (UPS) to the list of merchants that have suffered a data breach that compromised its customers' credit and debit card information.
August 21, 2014
Community Health Systems runs a network of 206 hospitals and hundreds of satellite doctors' offices across 29 states. The breach at the company is potentially worse than the one at Target Stores that compromised 110 million customer account records last year, according to John Zurawski, vice president of security software company Authentify.
August 21, 2014
"The Heartbleed vulnerability was disclosed April 7," says Alan Dundas, a security architect and vice president at Authentify, an authentication provider. "Community Health has indicated they were breached in April and June. If one were to read those tea leaves, it's entirely possible Heartbleed was the culprit."
August 15, 2014
All of these vulnerabilities and breaches stem from two things: Failures in network security thinking to understand and counter emerging threats, and following the old adage: I don’t need more security until something happens,” said Ken Balich, Chief Information Security Officer at Authentify"
August 8, 2014
Overall, the true cost of data breaches is significantly higher than one would think, according to multi-factor authentication provider Authentify. The firm estimates each breach costs about $5.4 million for the affected companies.
August 7, 2014
"Using hard-coded username and passwords from hardware manufacturers without another layer of protection is security suicide," says Ken Balich, CISO at Authentify."
August 4, 2014
One company that has an interesting approach to using smartphones for authentication is Authentify. Authentify’s xFA is a cloud-based voice biometric approach that promises app authentication that would be very difficult to hack.
August 4, 2014
"What we have done is make that experience as simple, automated and friction-free for mobile users as SSL or HTTPS is on the Web."
August 4, 2014
“The barrier to mass-market deployment of stronger authentication boils down to the impact on the user experience," said John Zurawski, vice president at Authentify"
July 28, 2014
“Two-factor authentication has been under attack for a long time,” said Zurawski. “It should be no surprise that criminals have found ways to attack one-time passwords sent in SMS.” What’s a more secure alternative than SMS? Zurawski suggested a voice call to the consumer’s smartphone that reports the login attempt and requires confirmation."
July 28, 2014
“Authentify, which has been in the news for its secure and affordable authentication solutions, advocates the use of the Authentify xFA platform, which is an easy-to-use, substantially more secure and affordable authentication solution, capable of competing with SMS.”
July 25, 2014
“As we have said many times, not all two-factor authentication techniques are of equal strength,” says John Zurawski. “An authentication technique that is applied after the transaction has been initiated is required. It must also communicate the actual transaction details to the end user via a separate secure communication channel.”
June 16, 2014
Many business cycles have been spent wrestling with the potential vulnerabilities of mobility and BYOD. The newest generations of mobile devices, however, offer considerable promise for strengthening security. Mobile solutions are currently available that offer ‘no typing’ logins using biometrics and cryptographically strong digital certificates for authentication.
June 11, 2014
The new reality for retailers is that any end point, any interconnected system or any route along a network can become a point of entry for a cybercriminal, and the high value target is the data. Given that sobering reality, retailers, the credit industry and the financial services firms supporting them, must move beyond compliance with the Payment Card Industry Data Security Standard (PCI DSS) and broaden the consideration for safer computing and networking at every level.
June 9, 2014
“This vulnerability shines a light on the increasing need for financial institutions (FI) to involve account holders in the ‘backend’ protection of their own accounts,” said Andy Rolfe in an email. “A ‘deputized’ customer base can help protect an FI and themselves.”
June 3, 2014
"One of the characteristics of being a smaller company is, we can come up with really great ideas and we kind of work really hard to get particular individuals to implement it," Tapling told Benzinga. "There's no replacing Apple making something available to 500 million people in a day. So I think it's going to be a combination."
June 1, 2014
"Whether or not Apple has this in mind is pure speculation, but many of the biometrics that will become common in the future need a wearable device," Tapling told Benzinga. "Apple just acquired a very 'wearable' assortment of devices with the Beats technology. Imagine a heart rate, blood pressure, vein print built into devices millions of folks wear voluntarily already -- headphones."
May 29, 2014
What happens when millions of usernames and password combinations are breached? How bad will it be? IF you're an Authentify customer, you and your end users are still protected employing Authentify's elegantly simple but extremely effective techniques for remote user authentication
May 27, 2014
Mobile authentication provider Authentify is to provide a way for banks, payments networks and other secure service providers to make use of the fingerprint scanner built into the Samsung Galaxy S5 to add an extra layer of security to mobile transactions.
May 22, 2014
"Mobility has added a level of difficulty with regard to knowing your user or customer," says Authentify chief technology officer Andy Rolfe in the release. An end user and a device can be almost anywhere, making biometrics "the most reliable way" to ensure the device is still in the hands of the same user, Rolfe adds. "We are able to handle a wide range of use cases and end-users employing multiple biometrics."
May 7, 2014
Yesterday, Target's CEO Gregg Steinhafel resigned. The recent past has been rough for the top exec, and, although the retailer has had some missteps -- such as its bungled entry into Canada -- it seems likely that its widely publicized and far reaching data breach was the catalyst for this move.
May 2, 2014
Individuals resort to lying about themselves to protect their identities when accessing systems in today's imperfect cyber world, says Peter Tapling, president of Authentify, an out-of-band authentication service.
April 30, 2014
The Heartbleed Bug is so widespread around the Internet, that businesses should simply use caution and assume that they have been impacted.
Read more at http://www.business2community.com/small-business/protect-small-business-heartbleed-bug-0855204#E6Zib38h1EQdMuyx.99
April 18, 2014
The breach of e-commerce retailer LaCie is the latest indicator that more fraudsters are targeting online merchants because card-not-present transactions are particularly vulnerable...
April 21, 2014
Attention on cyber security has skyrocketed since the end of last year thanks to the data breaches that hit several of the nation's biggest retailers.
April 21, 2014
A recent malware attack targeting bank customers in the Middle East offers some tips on how such attacks can be prevented.
March 17, 2014
We get a lot of questions about what banks should do to protect themselves against online fraud. There seems to be a lot of confusion which only gets worse as dozens and dozens of vendors start to fight different pieces of online fraud.
March 10, 2014
The coming of Europay-MasterCard-Visa (EMV) chip cards to the U.S. has many American merchants worried about the inevitable shift of credit and debit card fraud from the point of sale to online channels.
March 10, 2014
The bad guys are taking full advantage of the squishy parts of the Internet's DNA. The result: massive DDoS attacks are disrupting Internet commerce, and slowing down the speed of the web.
March 4, 2014
Your e-commerce website is riddled and bounded by password barriers. From your main administrative password that allows access to your web hosting control panel to your FTP login access, passwords are deeply important from a digital security point of view.
February 25, 2014
Authentify announced that it has been selected to support the American Association of Motor Vehicle Administrator's pilot project for raising the level of trust in online identities.
February 25, 2014
A new set of specifications that could strengthen security for websites and mobile apps is receiving strong support from payments and technology heavyweights.
January 31, 2014
Leaked screenshots from @evleaks about Samsung's next Galaxy device, the S5, suggest Samsung is jumping head first into the biometricification ofmobile.
January 29, 2014
Here are three keys trends that departments are facing in their efforts to keep company assets under control and minimize potential sources of ...
January 28, 2014
In the decades following the tragedy of 9/11, air travelers around the globe became accustomed to heightened security levels for access to air travel. High security at airports became 'normal.' A similar shift for electronic commerce is inevitable.
November 14, 2013
Political hacktivists have once again hijacked a prominent website. The attack vector, however, is surprising. They did it by fax. Yes – you read that correctly.
November 12, 2013
The "Internet of things" is here, with tiny devices talking to other tiny devices, and to not-so-tiny computers, and to the not-even-close-to-tiny corporations that own them, and maybe even to us.
November 7, 2013
Best Multifactor Solution: Products here provide enhanced security to end-users or devices by offering credentials for access to an authenticator or authentication server.
November 5, 2013
Will the consortium's approach prove practical? Only time will tell. "Until the standards are released, and implementations actually appear, it is anyone's guess as to what the adoption rate might be," says Peter Tapling, president and CEO of Authentify, an out-of-band authentication provider. Although his firm is a FIDO Alliance member, Tapling is not speaking on the alliance's behalf.
October 14, 2013
Two-factor authentication, or TFA for short, is a fairly simple and straightforward process in principle. It essentially consists of two separate and distinct factors which you use to gain access into a restricted area such as a digital data lockup, an online account, an electronic device or even a physical space of some kind.
October 7, 2013
KBA technology is no longer sufficient and secure when it comes to validating the online identities based on data breaches experienced by LexisNexis (News - Alert), Dun & Bradstreet and Kroll Background America, all knowledge-based authentication (KBA) information providers.
July 12, 2013
Every time I log on to a financial services or e-commerce website I get nervous as hell. My hands hesitate over the keyboard when it comes time to enter my site password. There's always a set of nagging questions in the back of my mind: Will my account credentials be compromised in some way? Will they be leaked, or stolen? Will someone use my account logon information to rob me blind?
July 9, 2013
Authentify is offering banks a way to build security into their mobile apps. Authentify xFA, introduced Tuesday, is a mobile app that replaces a customer's password with a digital image and a spoken passphrase.
July 1, 2013
There are lots of ways to do SSO, but most of them are costly – either in real money or in human resources – to deploy, provision and support. And that issue of "secure"? That usually, in today's systems, means multifactor. Of course, that drives the cost up a bit. So, we need a better way, apparently. What's the solution? An interesting company called Authentify has a good solution to the problem, called xFA, that addresses security and simplicity of management.
May 9, 2013
Unless you are running a computer-based trading firm in which computer controlled accounts are trading with other computer controlled accounts, your digital business is more likely at the intersection of carbon and silicon, that is, the intersection of people and computers. The computer, a silicon based entity, will attempt a task as many times as it takes to succeed unless told otherwise.
May 6, 2013
This week's ITA Members Only Spotlight shines on companies who are keeping our data and property safe! See how they are using technology to transform their industry.
February 19, 2013
After a year punctuated by innovation and collaboration, the Illinois technology community is excited to honor the businesses and individuals contributing to its success. The Illinois Technology Association (ITA) is now accepting nominations for the 14th annual CityLIGHTS Awards that celebrate the growth and vitality of the Illinois technology community. Nominations close March 15, 2013.
January 7, 2013
If you think people have too many passwords, you're right. The 2012 Online Registration and Password study, conducted by Harris Interactive, found that 58% of online adults have five or more unique passwords for varied logins - and 30% have more than 10 unique passwords they need to remember. How annoying is that? The survey also found that 38% of people would rather fold laundry and scrub toilets than come up with new passwords.
October 17, 2012
The recent distributed denial of service (DDoS) attacks against Bank of America, Chase, PNC and U.S. Bancorp, recently attributed to Iran by unnamed U.S. government officials, should come as no surprise to the financial services industry or the IT security organizations that support their online services.
August 28, 2012
Experts Say Trust Overshadowed Due Diligence
August 26, 2012
In a new twist, cyber-robbers are using ginned-up e-mail messages in attempts to con financial advisers into wiring cash out of their clients' online investment accounts.
August 17, 2012
Passwords are potentially the weakest link in your organization's information security systems. Biometric authentication technologies promise a more secure alternative.
August 2, 2012
Yesterday, I wrote that, in my opinion, we reached the saturation point in what we can remember when it comes to passwords. In response, I got an email telling me about mSeven Software's survey on password management habits, which indicated that I was pretty spot on about my assessment. The survey revealed that 70 percent of users rely on their brain power to retain all the passwords they must use, while 75 percent indicate they access at least 10 secured websites.
June 18, 2012
To fight fraud, Authentify Inc. CEO Peter Tapling picks up the phone—or rather, he has programmed a computer to do the calling.
June 7, 2012
What does a breach at business networking site LinkedIn have to do with you?
May 15, 2012
Banks and cybercriminals are engaged in a "war of escalation", warned Peter Tapling, Authentify president and chief executive officer.
April 20, 2012
Bank customers are responsible for detecting fraud 82% of the time, according to Information Security Media Group's 2012 Faces of Fraud Survey.
April 23, 2012
Standing next to the ATM on Tuesday, I stared at the receipt in my hand and tried to make the numbers add up. My wife and I had both been paid only a few days before, but our bank account now had less than $200 in it. Since we share our expenses, we each sometimes discover little surprises when she pays for a car repair or I cover a veterinary bill, but this was a big surprise -- and not a pleasant one.
April 19, 2012
Banks should be putting fraud monitoring tools in the hands of consumers for the highest levels of security, Authentify determined when analyzing the results of the 2012 Faces of Fraud Survey. The annual study of banks, conducted by Information Security Media Group (ISMG) and sponsored by Authentify and others, seeks to discover the latest fraud trends, how institutions are fighting back, and how they are progressing with creating and maintaining layered security controls in conformance with the FFIEC Authentication Guidance.
April 19, 2012
A conclusion reached by Chicago-based telephonic authorization technology firm Authentify Inc. may surprise payments industry security professionals. When Authentify analyzed the results of its 2012 Faces of Fraud Survey, the company found that only when banks supply consumers with fraud monitoring tools will data security reach its highest level of protection.
April 15, 2012
Authentify, a Chicago-based software company, has introduced a free app that people activate on their computers and smartphones to link to their online bank accounts.
April 13, 2012
Chicago's tech community is helping develop solutions to protect online and mobile banking customers from hackers, phishers, cyberthieves, QR code fraudsters and a seemingly endless supply of criminals looking to steal people's identities.
April 12, 2012
More than half of banks and credit unions expect an increase in fraud-fighting budgets and staffing this year. But where are they investing those resources?