Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Authentication

4/5/2019
11:45 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

iovation Releases New Product Features

Series of updates to online fraud prevention and authentication products increase security for businesses and reduce friction for consumers.

PORTLAND, Ore., Apr 3, 2019 -- iovation, a TransUnion (NYSE:TRU) company, today released a series of updates to its online fraud prevention and authentication products. The additions increase security for businesses and reduce friction for consumers with features like email and phone number verification, botnet detection, streamlined de-registration of a device used for authentication, and more customization and context insight for authentication requests. The enhanced identification and removal of threats, coupled with increased trust of good consumer devices, advances iovation’s capabilities to use a consumer’s laptop or mobile device as their online passport.

“Just as TSA Pre✓® has made flying dramatically easier and safer, the same could be said for online transactions with iovation’s updated products,” said iovation Chief Product Office Bala Krishnamurthy. “With iovation working in the background, consumers aren’t bothered by fraud checks and device confirmations that enhance authentication, they’re completely transparent. They simply get to enjoy the online experience while businesses ensure they are protected against fraud and other cyberattacks.”

The iovation product updates include:

Email and phone number verification: iovation added capabilities to verify the risk associated with email and phone numbers submitted in FraudForce, the company’s fraud detection and prevention solution containing intelligence based on experience with more than 5.9 billion devices. For email, iovation is looking at indicators such as when an email address was created and if it is using special characters with multiple similar emails to trick application forms. These are both significant signs whether an email address should be suspected as potentially fraudulent.

The phone number risk score takes into account several indicators including previous fraudulent activity associated with a phone number, and other attributes such as carrier, SMS capability, phone type and odd traffic problems. For example, if a single phone number requests a passcode in five different languages within the same week, this may indicate that the phone is being shared. Velocities can also flag suspicious behavior, such as a particular number or range of numbers showing up repeatedly on one or more web services within a relatively short time.

Botnet detection: iovation has new functionality to help identify the botnet risk for transactions from a device within FraudForce. The botnet risk score considers several key factors including the severity of previous botnet attacks, the historical presence of phishing or malware, and how long it’s been since any previous botnet activity has been seen on an IP address. Tracking network patterns and botnet activity contributes to a powerful, multi-pronged strategy to combat botnets up front.

De-registering a device used for transparent authentication: iovation ClearKey uses the device as a transparent factor of authentication for customers logging in to a website. The new update to ClearKey makes it simpler to remove a device from a customer account if they, for example, replace a device, log in to their account from a public computer using the “remember me” button or lose or had their device stolen. Now all a business has to do to remove a device from a customer’s account is to pull up the account in their Intelligence Center. They’ll see all the devices registered to that account, and the business will be able to selectively deregister a single device removing it as a known device used to access their account.

More insights and consumer options for authentication requests: iovation has released a number of new features that will enhance communication with consumers and give additional context and insight into their replies to authentication and authorization requests for its multifactor authentication solution, LaunchKey. This includes:

· Providing consumers with custom replies for denying authentication requests

· Enabling companies to find out if an authentication request failed or was denied by a consumer and the reason behind it.

· Allowing businesses to set the amount of time after which an authentication request will expire.

· Empowering companies to customize the title of authorization requests, create custom text for push notifications for authorization requests and choose which authentication factors consumers can select.

“Many people think of fraud prevention and cybersecurity as putting up a wall,” said Shirley Inscoe, Senior Analyst at research and advisory firm Aite Group. “But it should be looked at from the consumer perspective. If you are simply stopping the bad guys without any consideration to customer friction, your business probably won’t thrive. Instead, use appropriate tools to detect and manage fraudsters while providing great service to all your good customers.”

For more details about iovation’s products and new features, go here.

About iovation
iovation, a TransUnion company, was founded with a simple guiding mission: to make the Internet a safer place for people to conduct business. Since 2004, the company has been delivering against that goal, helping brands protect and engage their customers, and keeping them secure in the complex digital world. Armed with the world’s largest and most precise database of reputation insights and cryptographically secure multifactor authentication methods, iovation safeguards tens of millions of digital transactions each day.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/1/2020
Attacker Dwell Time: Ransomware's Most Important Metric
Ricardo Villadiego, Founder and CEO of Lumu,  9/30/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8109
PUBLISHED: 2020-10-01
A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior vers...
CVE-2019-20902
PUBLISHED: 2020-10-01
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1.
CVE-2019-20903
PUBLISHED: 2020-10-01
The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.
CVE-2020-25288
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitra...
CVE-2020-25781
PUBLISHED: 2020-09-30
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.