Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Authentication

4/5/2019
11:45 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

iovation Releases New Product Features

Series of updates to online fraud prevention and authentication products increase security for businesses and reduce friction for consumers.

PORTLAND, Ore., Apr 3, 2019 -- iovation, a TransUnion (NYSE:TRU) company, today released a series of updates to its online fraud prevention and authentication products. The additions increase security for businesses and reduce friction for consumers with features like email and phone number verification, botnet detection, streamlined de-registration of a device used for authentication, and more customization and context insight for authentication requests. The enhanced identification and removal of threats, coupled with increased trust of good consumer devices, advances iovation’s capabilities to use a consumer’s laptop or mobile device as their online passport.

“Just as TSA Pre✓® has made flying dramatically easier and safer, the same could be said for online transactions with iovation’s updated products,” said iovation Chief Product Office Bala Krishnamurthy. “With iovation working in the background, consumers aren’t bothered by fraud checks and device confirmations that enhance authentication, they’re completely transparent. They simply get to enjoy the online experience while businesses ensure they are protected against fraud and other cyberattacks.”

The iovation product updates include:

Email and phone number verification: iovation added capabilities to verify the risk associated with email and phone numbers submitted in FraudForce, the company’s fraud detection and prevention solution containing intelligence based on experience with more than 5.9 billion devices. For email, iovation is looking at indicators such as when an email address was created and if it is using special characters with multiple similar emails to trick application forms. These are both significant signs whether an email address should be suspected as potentially fraudulent.

The phone number risk score takes into account several indicators including previous fraudulent activity associated with a phone number, and other attributes such as carrier, SMS capability, phone type and odd traffic problems. For example, if a single phone number requests a passcode in five different languages within the same week, this may indicate that the phone is being shared. Velocities can also flag suspicious behavior, such as a particular number or range of numbers showing up repeatedly on one or more web services within a relatively short time.

Botnet detection: iovation has new functionality to help identify the botnet risk for transactions from a device within FraudForce. The botnet risk score considers several key factors including the severity of previous botnet attacks, the historical presence of phishing or malware, and how long it’s been since any previous botnet activity has been seen on an IP address. Tracking network patterns and botnet activity contributes to a powerful, multi-pronged strategy to combat botnets up front.

De-registering a device used for transparent authentication: iovation ClearKey uses the device as a transparent factor of authentication for customers logging in to a website. The new update to ClearKey makes it simpler to remove a device from a customer account if they, for example, replace a device, log in to their account from a public computer using the “remember me” button or lose or had their device stolen. Now all a business has to do to remove a device from a customer’s account is to pull up the account in their Intelligence Center. They’ll see all the devices registered to that account, and the business will be able to selectively deregister a single device removing it as a known device used to access their account.

More insights and consumer options for authentication requests: iovation has released a number of new features that will enhance communication with consumers and give additional context and insight into their replies to authentication and authorization requests for its multifactor authentication solution, LaunchKey. This includes:

· Providing consumers with custom replies for denying authentication requests

· Enabling companies to find out if an authentication request failed or was denied by a consumer and the reason behind it.

· Allowing businesses to set the amount of time after which an authentication request will expire.

· Empowering companies to customize the title of authorization requests, create custom text for push notifications for authorization requests and choose which authentication factors consumers can select.

“Many people think of fraud prevention and cybersecurity as putting up a wall,” said Shirley Inscoe, Senior Analyst at research and advisory firm Aite Group. “But it should be looked at from the consumer perspective. If you are simply stopping the bad guys without any consideration to customer friction, your business probably won’t thrive. Instead, use appropriate tools to detect and manage fraudsters while providing great service to all your good customers.”

For more details about iovation’s products and new features, go here.

About iovation
iovation, a TransUnion company, was founded with a simple guiding mission: to make the Internet a safer place for people to conduct business. Since 2004, the company has been delivering against that goal, helping brands protect and engage their customers, and keeping them secure in the complex digital world. Armed with the world’s largest and most precise database of reputation insights and cryptographically secure multifactor authentication methods, iovation safeguards tens of millions of digital transactions each day.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
TPM-Fail: What It Means & What to Do About It
Ari Singer, CTO at TrustPhi,  11/19/2019
Ransomware Surge & Living-Off-the-Land Tactics Remain Big Threats
Jai Vijayan, Contributing Writer,  11/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19227
PUBLISHED: 2019-11-22
In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122.
CVE-2019-10203
PUBLISHED: 2019-11-22
PowerDNS Authoritative daemon , all versions pdns 4.1.x before pdns 4.1.10, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
CVE-2019-10206
PUBLISHED: 2019-11-22
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
CVE-2018-10854
PUBLISHED: 2019-11-22
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.
CVE-2019-13157
PUBLISHED: 2019-11-22
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.