Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/9/2019
11:30 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Device as Online Passport; TransUnions iovation Launches Updated Products

Provides new ways to stop fraud without inconveniencing good customers

PORTLAND, Ore., Apr 3, 2019 -- iovation, a TransUnion (NYSE:TRU) company, today released a series of updates to its online fraud prevention and authentication products. The additions increase security for businesses and reduce friction for consumers with features like email and phone number verification, botnet detection, streamlined de-registration of a device used for authentication, and more customization and context insight for authentication requests. The enhanced identification and removal of threats, coupled with increased trust of good consumer devices, advances iovation’s capabilities to use a consumer’s laptop or mobile device as their online passport.

“Just as TSA Pre✓® has made flying dramatically easier and safer, the same could be said for online transactions with iovation’s updated products,” said iovation Chief Product Office Bala Krishnamurthy. “With iovation working in the background, consumers aren’t bothered by fraud checks and device confirmations that enhance authentication, they’re completely transparent. They simply get to enjoy the online experience while businesses ensure they are protected against fraud and other cyberattacks.”

The iovation product updates include:

Email and phone number verification: iovation added capabilities to verify the risk associated with email and phone numbers submitted in FraudForce, the company’s fraud detection and prevention solution containing intelligence based on experience with more than 5.9 billion devices. For email, iovation is looking at indicators such as when an email address was created and if it is using special characters with multiple similar emails to trick application forms. These are both significant signs whether an email address should be suspected as potentially fraudulent.

The phone number risk score takes into account several indicators including previous fraudulent activity associated with a phone number, and other attributes such as carrier, SMS capability, phone type and odd traffic problems. For example, if a single phone number requests a passcode in five different languages within the same week, this may indicate that the phone is being shared. Velocities can also flag suspicious behavior, such as a particular number or range of numbers showing up repeatedly on one or more web services within a relatively short time.

Botnet detection: iovation has new functionality to help identify the botnet risk for transactions from a device within FraudForce. The botnet risk score considers several key factors including the severity of previous botnet attacks, the historical presence of phishing or malware, and how long it’s been since any previous botnet activity has been seen on an IP address. Tracking network patterns and botnet activity contributes to a powerful, multi-pronged strategy to combat botnets up front.

De-registering a device used for transparent authentication: iovation ClearKey uses the device as a transparent factor of authentication for customers logging in to a website. The new update to ClearKey makes it simpler to remove a device from a customer account if they, for example, replace a device, log in to their account from a public computer using the “remember me” button or lose or had their device stolen. Now all a business has to do to remove a device from a customer’s account is to pull up the account in their Intelligence Center. They’ll see all the devices registered to that account, and the business will be able to selectively deregister a single device removing it as a known device used to access their account.

More insights and consumer options for authentication requests: iovation has released a number of new features that will enhance communication with consumers and give additional context and insight into their replies to authentication and authorization requests for its multifactor authentication solution, LaunchKey. This includes:

· Providing consumers with custom replies for denying authentication requests

· Enabling companies to find out if an authentication request failed or was denied by a consumer and the reason behind it.

· Allowing businesses to set the amount of time after which an authentication request will expire.

· Empowering companies to customize the title of authorization requests, create custom text for push notifications for authorization requests and choose which authentication factors consumers can select.

“Many people think of fraud prevention and cybersecurity as putting up a wall,” said Shirley Inscoe, Senior Analyst at research and advisory firm Aite Group. “But it should be looked at from the consumer perspective. If you are simply stopping the bad guys without any consideration to customer friction, your business probably won’t thrive. Instead, use appropriate tools to detect and manage fraudsters while providing great service to all your good customers.”

For more details about iovation’s products and new features, go here.

About iovation

iovation, a TransUnion company, was founded with a simple guiding mission: to make the Internet a safer place for people to conduct business. Since 2004, the company has been delivering against that goal, helping brands protect and engage their customers, and keeping them secure in the complex digital world. Armed with the world’s largest and most precise database of reputation insights and cryptographically secure multifactor authentication methods, iovation safeguards tens of millions of digital transactions each day.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
10 Notable Security Acquisitions of 2019 (So Far)
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12865
PUBLISHED: 2019-06-17
In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.
CVE-2017-10720
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installed o...
CVE-2017-10721
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car ga...
CVE-2017-10722
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi password. This application is install...
CVE-2017-10723
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows it...