Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

6/25/2009
12:37 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

HDFC Bank, RSA Team On Fraud Prevention Platform

India financial instituion implements RSA Adaptive Authentication, which includes visible component of site-to-user authentication

BEDFORD, Mass., June 25 /PRNewswire/ -- RSA, The Security Division of EMC (NYSE: EMC) announced that HDFC Bank, one of India's premier financial institutions, has successfully implemented layered components of the RSA(R) Identity Protection and Verification Suite to provide a comprehensive fraud prevention platform that has protected the bank and its customers from ever-advancing online threats. The bank's implementation of RSA(R) Adaptive Authentication, RSA FraudAction(SM) service and participation in the RSA eFraudNetwork(TM) community has helped increase customer confidence, accelerate enhanced online banking features, and significantly reduce phishing attacks.

"Online fraud is a significant threat to organizations and consumers all over the world -- and phishing, pharming and Trojan attacks are increasing in India as online banking becomes more popular. Our customers are also aware of these threats, so we needed to ensure we could offer them a secured platform that can protect their personal credentials and financial assets," said Vishal Salvi, Chief Information Security Officer, HDFC Bank. "Customer satisfaction is our top priority and RSA provided us with the necessary balance of online security and user convenience."

Salvi continued, "We had anticipated a slight drop in the number of customers using online banking services as they got used to the new security measures such as site-to-user authentication, but we didn't see this at all. As a result, our customers have been able to reap the benefits of better security with no impact on their online experience.

The fraud prevention platform from RSA has been so effective that the bank has already seen a significant reduction in phishing attacks. And when online attacks are instigated against the bank, RSA is able to quickly respond and shut them down in about five to seven hours to greatly minimize their impact."

HDFC Bank has implemented RSA Adaptive Authentication that includes the visible component of site-to-user authentication to provide its customers with convenient online protection through the use of a personal security image and caption to verify the legitimacy of the bank's website. RSA Adaptive Authentication is designed to help provide HDFC Bank with behind-the-scenes security measures using risk indicators tracked by the RSA(R) Risk Engine that include device identification, behavioral profiling and fraud data from the RSA eFraudNetwork community. In the case of high risk and potential fraud scenarios, HDFC Bank customers are authenticated with challenge questions and out-of-band phone calls to both confirm their transactions and help prevent malware from compromising transactions.

HDFC Bank has also deployed the RSA FraudAction service that is designed to detect, track and shut down phishing, pharming and Trojan attacks perpetrated by online fraudsters. The RSA FraudAction service has shut down more than 150,000 illicit web sites across 140 countries to date. Its fraud analysts operate from the RSA(R) Anti-Fraud Command Center and work 24x7 to shut down web sites hosting online attacks, deploy countermeasures, and conduct extensive forensic work -- reducing the average lifetime of an online attack.

"We were impressed by the solution offered by RSA. As hosted services, RSA FraudAction and RSA Adaptive Authentication were very simple to integrate into our existing infrastructure and were deployed quickly with a minimum investment in resources. This compelling cost effectiveness of the solution was very important to us," said Salvi.

"Furthermore, because they are hosted and API-based, RSA Adaptive Authentication and RSA FraudAction have accelerated the route to market for our enhanced online banking security features -- which was much simpler than developing anything like this in our own data center."

The bank also joined the RSA eFraudNetwork community, the industry's first and largest cross-institution, cross-platform online fraud network dedicated to sharing and disseminating real-time information on fraudulent activity. The members include thousands of the world's leading financial institutions, credit and debit card issuers, regional banks and credit unions, major ISPs, health insurers, government agencies and other organizations. The RSA eFraudNetwork community identifies and tracks fraudster profiles, patterns, and behaviors on a 24x7 basis. When an attack is detected against a network member and an active fraud pattern is identified, the fraud data is securely disseminated to all network members, providing protection against the most current online attacks.

Having successfully deployed the layered platform from RSA to combat fraud against online transactions, the bank's next project is to extend this protection to customers' credit and debit card payments. Over time, HDFC Bank is also considering introducing additional security features for its users including the RSA SecurID(R) two-factor authentication system.

"Our measured success at HDFC Bank reflects our proven abilities in protecting against the continuous advancements in online fraud and identity impersonation, as well as our ability to deliver value to our customers that reduces related losses," said Amuleek Bijral, Country Manager, RSA India and SAARC. "We are proud to team with HDFC Bank to boost both the security of its Internet banking systems and the confidence of its customers who now have visible assurances that their identities and assets are more secure."

About the RSA Identity Protection and Verification Suite

The RSA Identity Protection and Verification Suite offers one of the most complete and innovative portfolios of strong authentication and anti-fraud technologies, and is engineered to protect organizations and their online users against the latest external threats. It is a complete Software-as-a-Service (SaaS) portfolio that is designed to increase activity in online and remote transactions, inspire user confidence, and reduce fraud losses and related costs. The RSA Identity Protection and Verification Suite leverages RSA's expertise in fraud analysis, fraud forensics, and fraud modeling, and it includes the following components:

-- RSA(R) Adaptive Authentication, a risk-based authentication and fraud detection platform used by more than 8,000 organizations in ten countries, authenticating over 225 million users through risk indicators powered by the RSA(R) Risk Engine, such as device identification, geo-location, behavioral profiling, and fraud data from the RSA eFraudNetwork community. -- RSA FraudAction(SM), a 24x7 service designed to detect, track, block, and shut down phishing, pharming and Trojan attacks perpetrated by online fraudsters. It has shut down more than 150,000 illicit web sites across 140 countries to date, protecting more than 320 organizations. Its fraud analysts operate from the RSA(R) Anti-Fraud Command Center to shut down hosted online attacks, deploy countermeasures, and conduct extensive forensic work to reduce the average lifetime of an online attack. -- RSA(R) Identity Verification, a knowledge-based authentication system that assures and confirms user identities in real-time by presenting a series of top-of-mind questions utilizing relevant facts obtained from dozens of public and commercial record databases It is used by more than 140 organizations in the financial, telecommunications, insurance, and healthcare industries. -- RSA(R) Transaction Monitoring, an online fraud detection and management system that detects, flags, and investigates high-risk activities. Its RSA Risk Engine evaluates each online activity in real-time and generates a unique risk score that reduces fraud. -- RSA(R) Adaptive Authentication for eCommerce, a secure framework for cardholder protection and fraud management. It has authenticated over 20 billion transactions via a range of authentication and card security products, including Verified by Visa(R), MasterCard SecureCode(TM) and JCB J/Secure(TM). -- The RSA eFraudNetwork(SM) cross-institution, cross-platform, online fraud network community dedicated to sharing and disseminating information on fraudulent activity.

About HDFC Bank

Promoted in 1995 by Housing Development Finance Corporation (HDFC), India's leading housing finance company, HDFC Bank is one of India's premier banks providing a wide range of financial products and services to its over 15 million customers across hundreds of Indian cities using multiple distribution channels including a pan-India network of branches, ATMs, phone banking, net banking and mobile banking. Within a relatively short span of time, the bank has emerged as a leading player in retail banking, wholesale banking, and treasury operations, its three principal business segments. The bank's competitive strength clearly lies in the use of technology and the ability to deliver world-class service with rapid response time. Over the last 13 years, the bank has successfully gained market share in its target customer franchises while maintaining healthy profitability and asset quality. For more information please visit: www.hdfcbank.com.

About RSA

RSA, The Security Division of EMC, is the expert in information-centric security, enabling the protection of information throughout its lifecycle. RSA enables customers to cost-effectively secure critical information assets and online identities wherever they live and at every step of the way, and manage security information and events to ease the burden of compliance.

RSA offers industry-leading solutions in identity assurance and access management, encryption, security information management and anti-fraud protection, bringing trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19040
PUBLISHED: 2019-11-17
KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring.
CVE-2019-19041
PUBLISHED: 2019-11-17
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by th...
CVE-2019-19012
PUBLISHED: 2019-11-17
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or ...
CVE-2019-19022
PUBLISHED: 2019-11-17
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git r...
CVE-2019-19035
PUBLISHED: 2019-11-17
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.