Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/28/2011
02:42 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Experian, Symantec Collaborate In ID Proofing And Authentication Technology

Combined solution supports National Institute of Standards and Technology requirements

Costa Mesa, Calif., April 28, 2011 - Experian' today announced that it is working with Symantec to provide a comprehensive suite of identity proofing and authentication services that supports the National Institute of Standards and Technology's (NIST) Electronic Authentication Guideline (Special Publication 800-63), which provides technical requirements for each of four authentication levels of assurance that are intended to parallel the levels of transactional risk.

The two companies have created a solution that supports NIST Levels 1 through 3 requirements and is available now for government agencies, health care and financial services organizations. To minimize the risk of fraud when users conduct personal and sensitive transactions online, the solution combines Experian's risk-based identity proofing capabilities with the strong authentication capabilities of Symantec's VeriSign Identity Protection (VIP) Authentication Service.

Utilizing Experian's Precise IDSM platform, risk-based identity proofing encompasses highly predictive risk assessments through a combination of identity element verification, authentication, risk scoring and progressive out-of-wallet questioning to refine decisions about which identities should be allowed to enter a system and which identities should be denied access or further verified via alternate processes.

Symantec's VIP service is the leading cloud-based authentication service that enables enterprises to secure online access and transactions to help obtain compliance and reduce fraud risk. A fully hosted strong authentication Security as a Service (SaaS) solution, VIP offers a cost-effective way to give legitimate users access to business resources, enterprise applications and websites while protecting against cybercriminals. VIP provides an additional layer of protection beyond standard username and password by requiring a dynamic one-time use, six digit security code generated by a user's VIP credential.

"Experian is committed to security, and by working with Symantec we are able to leverage our combined expertise and provide our clients with an additional layer of security that will help them combat cyber security threats such as identity fraud, data breaches and unauthorized access to accounts while at the same time allowing well-intentioned users seamless access to online services," said Kerry Williams, group president of Experian Credit Services and Decision Analytics. "We are excited to be working with an industry leader such as Symantec that has a rich history of protecting its customers through its award-winning products and services."

By combining our authentication capabilities with Experian's identity proofing services, we will provide our customers with a trusted level of online transaction protection," said Atri Chatterjee, vice president of User Authentication at Symantec. "Government agencies, health care and financial services organizations that are looking to reduce costs and improve efficiency by transitioning manual processes online now have a compliant and comprehensive solution that will enable them to securely move sensitive transactions and data to the Web."

Key credentials The Experian and Symantec solution will further protect transactions and work seamlessly with existing business processes through the use of new credentialing capabilities that include the combination of online identity proofing and strong authentication. This feature ensures that the right person with the correct credentials is making a transaction. The solution also provides constituents within the government sector with the ability to self-register for an online account that makes online enrollment part of the credentialing process and ensures that the user's identity is properly validated.

How it works Once their identity is verified, users are able to create a login and password account that will require them to bind a Symantec strong authentication credential to the newly created account. For subsequent logins, users are required to submit their login account, password and VIP credential to gain access to their account. This process ensures that all of the necessary steps have been are taken to protect users' online transactions.

Meeting government needs For government agencies, the joint solution will enable secure access to a variety of online services, including e-government services that incorporate all digital interactions between government agencies and their constituents. In addition to authenticating users, protecting identities and securing transactions, the technology will secure agency data and improve customer satisfaction levels among constituents.

Experian and Symantec also will co-present on identity proofing and NIST 800-63 at the Safeguarding Health Information event that is being hosted by the HHS Office for Civil Rights (OCR) and the NIST at the Ronald Reagan Building and International Trade Center in Washington, D.C., on Tuesday, May 10, at 4:00 p.m. Eastern time. To learn more about the event, go to http://www.nist.gov/itl/csd/upload/HIPAA_Agenda.pdf.

About Experian Experian is the leading global information services company, providing data and analytical tools to clients in more than 65 countries. The company helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score and protect against identity theft.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31793
PUBLISHED: 2021-05-06
An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take a snapshot from the doorbell camera via the ...
CVE-2021-31916
PUBLISHED: 2021-05-06
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a syst...
CVE-2021-31918
PUBLISHED: 2021-05-06
A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality.
CVE-2019-25043
PUBLISHED: 2021-05-06
ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.
CVE-2020-18889
PUBLISHED: 2021-05-06
Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php.