Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/28/2011
02:42 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Experian, Symantec Collaborate In ID Proofing And Authentication Technology

Combined solution supports National Institute of Standards and Technology requirements

Costa Mesa, Calif., April 28, 2011 - Experian' today announced that it is working with Symantec to provide a comprehensive suite of identity proofing and authentication services that supports the National Institute of Standards and Technology's (NIST) Electronic Authentication Guideline (Special Publication 800-63), which provides technical requirements for each of four authentication levels of assurance that are intended to parallel the levels of transactional risk.

The two companies have created a solution that supports NIST Levels 1 through 3 requirements and is available now for government agencies, health care and financial services organizations. To minimize the risk of fraud when users conduct personal and sensitive transactions online, the solution combines Experian's risk-based identity proofing capabilities with the strong authentication capabilities of Symantec's VeriSign Identity Protection (VIP) Authentication Service.

Utilizing Experian's Precise IDSM platform, risk-based identity proofing encompasses highly predictive risk assessments through a combination of identity element verification, authentication, risk scoring and progressive out-of-wallet questioning to refine decisions about which identities should be allowed to enter a system and which identities should be denied access or further verified via alternate processes.

Symantec's VIP service is the leading cloud-based authentication service that enables enterprises to secure online access and transactions to help obtain compliance and reduce fraud risk. A fully hosted strong authentication Security as a Service (SaaS) solution, VIP offers a cost-effective way to give legitimate users access to business resources, enterprise applications and websites while protecting against cybercriminals. VIP provides an additional layer of protection beyond standard username and password by requiring a dynamic one-time use, six digit security code generated by a user's VIP credential.

"Experian is committed to security, and by working with Symantec we are able to leverage our combined expertise and provide our clients with an additional layer of security that will help them combat cyber security threats such as identity fraud, data breaches and unauthorized access to accounts while at the same time allowing well-intentioned users seamless access to online services," said Kerry Williams, group president of Experian Credit Services and Decision Analytics. "We are excited to be working with an industry leader such as Symantec that has a rich history of protecting its customers through its award-winning products and services."

By combining our authentication capabilities with Experian's identity proofing services, we will provide our customers with a trusted level of online transaction protection," said Atri Chatterjee, vice president of User Authentication at Symantec. "Government agencies, health care and financial services organizations that are looking to reduce costs and improve efficiency by transitioning manual processes online now have a compliant and comprehensive solution that will enable them to securely move sensitive transactions and data to the Web."

Key credentials The Experian and Symantec solution will further protect transactions and work seamlessly with existing business processes through the use of new credentialing capabilities that include the combination of online identity proofing and strong authentication. This feature ensures that the right person with the correct credentials is making a transaction. The solution also provides constituents within the government sector with the ability to self-register for an online account that makes online enrollment part of the credentialing process and ensures that the user's identity is properly validated.

How it works Once their identity is verified, users are able to create a login and password account that will require them to bind a Symantec strong authentication credential to the newly created account. For subsequent logins, users are required to submit their login account, password and VIP credential to gain access to their account. This process ensures that all of the necessary steps have been are taken to protect users' online transactions.

Meeting government needs For government agencies, the joint solution will enable secure access to a variety of online services, including e-government services that incorporate all digital interactions between government agencies and their constituents. In addition to authenticating users, protecting identities and securing transactions, the technology will secure agency data and improve customer satisfaction levels among constituents.

Experian and Symantec also will co-present on identity proofing and NIST 800-63 at the Safeguarding Health Information event that is being hosted by the HHS Office for Civil Rights (OCR) and the NIST at the Ronald Reagan Building and International Trade Center in Washington, D.C., on Tuesday, May 10, at 4:00 p.m. Eastern time. To learn more about the event, go to http://www.nist.gov/itl/csd/upload/HIPAA_Agenda.pdf.

About Experian Experian is the leading global information services company, providing data and analytical tools to clients in more than 65 countries. The company helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score and protect against identity theft.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27218
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.