theDocumentId => 1135611 Experian, Symantec Collaborate In ID Proofing And ...

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/28/2011
02:42 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Experian, Symantec Collaborate In ID Proofing And Authentication Technology

Combined solution supports National Institute of Standards and Technology requirements

Costa Mesa, Calif., April 28, 2011 - Experian' today announced that it is working with Symantec to provide a comprehensive suite of identity proofing and authentication services that supports the National Institute of Standards and Technology's (NIST) Electronic Authentication Guideline (Special Publication 800-63), which provides technical requirements for each of four authentication levels of assurance that are intended to parallel the levels of transactional risk.

The two companies have created a solution that supports NIST Levels 1 through 3 requirements and is available now for government agencies, health care and financial services organizations. To minimize the risk of fraud when users conduct personal and sensitive transactions online, the solution combines Experian's risk-based identity proofing capabilities with the strong authentication capabilities of Symantec's VeriSign Identity Protection (VIP) Authentication Service.

Utilizing Experian's Precise IDSM platform, risk-based identity proofing encompasses highly predictive risk assessments through a combination of identity element verification, authentication, risk scoring and progressive out-of-wallet questioning to refine decisions about which identities should be allowed to enter a system and which identities should be denied access or further verified via alternate processes.

Symantec's VIP service is the leading cloud-based authentication service that enables enterprises to secure online access and transactions to help obtain compliance and reduce fraud risk. A fully hosted strong authentication Security as a Service (SaaS) solution, VIP offers a cost-effective way to give legitimate users access to business resources, enterprise applications and websites while protecting against cybercriminals. VIP provides an additional layer of protection beyond standard username and password by requiring a dynamic one-time use, six digit security code generated by a user's VIP credential.

"Experian is committed to security, and by working with Symantec we are able to leverage our combined expertise and provide our clients with an additional layer of security that will help them combat cyber security threats such as identity fraud, data breaches and unauthorized access to accounts while at the same time allowing well-intentioned users seamless access to online services," said Kerry Williams, group president of Experian Credit Services and Decision Analytics. "We are excited to be working with an industry leader such as Symantec that has a rich history of protecting its customers through its award-winning products and services."

By combining our authentication capabilities with Experian's identity proofing services, we will provide our customers with a trusted level of online transaction protection," said Atri Chatterjee, vice president of User Authentication at Symantec. "Government agencies, health care and financial services organizations that are looking to reduce costs and improve efficiency by transitioning manual processes online now have a compliant and comprehensive solution that will enable them to securely move sensitive transactions and data to the Web."

Key credentials The Experian and Symantec solution will further protect transactions and work seamlessly with existing business processes through the use of new credentialing capabilities that include the combination of online identity proofing and strong authentication. This feature ensures that the right person with the correct credentials is making a transaction. The solution also provides constituents within the government sector with the ability to self-register for an online account that makes online enrollment part of the credentialing process and ensures that the user's identity is properly validated.

How it works Once their identity is verified, users are able to create a login and password account that will require them to bind a Symantec strong authentication credential to the newly created account. For subsequent logins, users are required to submit their login account, password and VIP credential to gain access to their account. This process ensures that all of the necessary steps have been are taken to protect users' online transactions.

Meeting government needs For government agencies, the joint solution will enable secure access to a variety of online services, including e-government services that incorporate all digital interactions between government agencies and their constituents. In addition to authenticating users, protecting identities and securing transactions, the technology will secure agency data and improve customer satisfaction levels among constituents.

Experian and Symantec also will co-present on identity proofing and NIST 800-63 at the Safeguarding Health Information event that is being hosted by the HHS Office for Civil Rights (OCR) and the NIST at the Ronald Reagan Building and International Trade Center in Washington, D.C., on Tuesday, May 10, at 4:00 p.m. Eastern time. To learn more about the event, go to http://www.nist.gov/itl/csd/upload/HIPAA_Agenda.pdf.

About Experian Experian is the leading global information services company, providing data and analytical tools to clients in more than 65 countries. The company helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score and protect against identity theft.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4974
PUBLISHED: 2021-07-28
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
CVE-2020-5004
PUBLISHED: 2021-07-28
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.
CVE-2021-32001
PUBLISHED: 2021-07-28
A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration p...
CVE-2021-32000
PUBLISHED: 2021-07-28
A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterp...
CVE-2021-23414
PUBLISHED: 2021-07-28
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.