Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/28/2011
02:42 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Experian, Symantec Collaborate In ID Proofing And Authentication Technology

Combined solution supports National Institute of Standards and Technology requirements

Costa Mesa, Calif., April 28, 2011 - Experian' today announced that it is working with Symantec to provide a comprehensive suite of identity proofing and authentication services that supports the National Institute of Standards and Technology's (NIST) Electronic Authentication Guideline (Special Publication 800-63), which provides technical requirements for each of four authentication levels of assurance that are intended to parallel the levels of transactional risk.

The two companies have created a solution that supports NIST Levels 1 through 3 requirements and is available now for government agencies, health care and financial services organizations. To minimize the risk of fraud when users conduct personal and sensitive transactions online, the solution combines Experian's risk-based identity proofing capabilities with the strong authentication capabilities of Symantec's VeriSign Identity Protection (VIP) Authentication Service.

Utilizing Experian's Precise IDSM platform, risk-based identity proofing encompasses highly predictive risk assessments through a combination of identity element verification, authentication, risk scoring and progressive out-of-wallet questioning to refine decisions about which identities should be allowed to enter a system and which identities should be denied access or further verified via alternate processes.

Symantec's VIP service is the leading cloud-based authentication service that enables enterprises to secure online access and transactions to help obtain compliance and reduce fraud risk. A fully hosted strong authentication Security as a Service (SaaS) solution, VIP offers a cost-effective way to give legitimate users access to business resources, enterprise applications and websites while protecting against cybercriminals. VIP provides an additional layer of protection beyond standard username and password by requiring a dynamic one-time use, six digit security code generated by a user's VIP credential.

"Experian is committed to security, and by working with Symantec we are able to leverage our combined expertise and provide our clients with an additional layer of security that will help them combat cyber security threats such as identity fraud, data breaches and unauthorized access to accounts while at the same time allowing well-intentioned users seamless access to online services," said Kerry Williams, group president of Experian Credit Services and Decision Analytics. "We are excited to be working with an industry leader such as Symantec that has a rich history of protecting its customers through its award-winning products and services."

By combining our authentication capabilities with Experian's identity proofing services, we will provide our customers with a trusted level of online transaction protection," said Atri Chatterjee, vice president of User Authentication at Symantec. "Government agencies, health care and financial services organizations that are looking to reduce costs and improve efficiency by transitioning manual processes online now have a compliant and comprehensive solution that will enable them to securely move sensitive transactions and data to the Web."

Key credentials The Experian and Symantec solution will further protect transactions and work seamlessly with existing business processes through the use of new credentialing capabilities that include the combination of online identity proofing and strong authentication. This feature ensures that the right person with the correct credentials is making a transaction. The solution also provides constituents within the government sector with the ability to self-register for an online account that makes online enrollment part of the credentialing process and ensures that the user's identity is properly validated.

How it works Once their identity is verified, users are able to create a login and password account that will require them to bind a Symantec strong authentication credential to the newly created account. For subsequent logins, users are required to submit their login account, password and VIP credential to gain access to their account. This process ensures that all of the necessary steps have been are taken to protect users' online transactions.

Meeting government needs For government agencies, the joint solution will enable secure access to a variety of online services, including e-government services that incorporate all digital interactions between government agencies and their constituents. In addition to authenticating users, protecting identities and securing transactions, the technology will secure agency data and improve customer satisfaction levels among constituents.

Experian and Symantec also will co-present on identity proofing and NIST 800-63 at the Safeguarding Health Information event that is being hosted by the HHS Office for Civil Rights (OCR) and the NIST at the Ronald Reagan Building and International Trade Center in Washington, D.C., on Tuesday, May 10, at 4:00 p.m. Eastern time. To learn more about the event, go to http://www.nist.gov/itl/csd/upload/HIPAA_Agenda.pdf.

About Experian Experian is the leading global information services company, providing data and analytical tools to clients in more than 65 countries. The company helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score and protect against identity theft.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31618
PUBLISHED: 2021-06-15
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why...
CVE-2021-20027
PUBLISHED: 2021-06-14
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.
CVE-2021-32684
PUBLISHED: 2021-06-14
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, an...
CVE-2021-34693
PUBLISHED: 2021-06-14
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
CVE-2021-27887
PUBLISHED: 2021-06-14
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids ...