Professional Documents
Culture Documents
SECURITY
SECURITY
SECURITY
10/13/2023
Leading information Security and Surveillance
consultant group based in India
PhysicalSecurity
Information Security
2
CONTD.
10/13/2023
Servicing Security business for more than 5 years
10/13/2023
Indian Army –
Military Intelligence
Multiple core(s) including 15 core etc
Multiple commands including Northern Command, Western Command etc.
NTRO
NIA
Delhi Police
J & K Police
4
10/13/2023
5
10/13/2023
Multifactor
Authentication
6
10/13/2023
7
IT SECURITY - CURRENT
Anti – Virus
Firewall
10/13/2023
Card cloning
Online credit card frauds by stealing card data
Identity Thefts / Phishing
Money Laundering / Hawala
Tax evasion / PF Fraud / Pension Scam
Internet Investment Scams
Internet Auctions
Nigerian Scandal
Online investment scams – Market Manipulation
11
POINT OF VULNERABILITY
Point of attack
IDENTITY THEFTS
10/13/2023
Identity thefts – Fastest growing white collar crime
Number of victims in 2006 – 9.9 Million
15
THREATS
10/13/2023
Identity theft can be carried out by
Phishing
Virus, Trojans, worms
LAN Attacks – Remote Sniffing
Web Vulnerabilities including SQL Injection, XSS attacks
and Cookie capturing
16
PREVENT IDENTITY THEFT
10/13/2023
Map the physical identity of the user to the server
Removes the vulnerability of Static Passwords
Works on two premises –
Something you have
Something you know
Prevents –
Online Credit Card Fraud
Phishing
Cloning of Cards
17
ACCESS AND AUTHENTICATION
10/13/2023
Credit Card Transaction
E-Banking / Net Banking
IT Infrastructure in the Bank –
LAN
Wi-Fi connectivity
Mail Servers
Critical web applications
VPN
18
AUTHSHIELD
10/13/2023
AuthShield is a multi factor authentication system which
uses either of the three authentication mechanisms
Soft Token
Hard token
E-Token
Black Berry / Other smart Phones
AuthShield is used to identify the physical identity of the
user to the server
AuthShield identifies the user on two factor –
Something he/she knows (User Name / Password)
Something he/she has
19
Hard Token – Identifying the user on the basis of
his Key
20
PREVENT CREDIT CARD FRAUD
10/13/2023
Security device given to authorized users
The device displays a changing number that is typed in as
a password
The password is based on a pre defined unbreakable
randomized algorithm
Every time the user makes a credit card transaction, the
randomly generated number is matched with the server to
verify users credentials
21
Soft Token – Identifying the user on the basis of
his phone number
10/13/2023
22
MOBILE TOKEN – GENERATING TOKEN VIA
MOBILE PHONES
BlackBerry AuthShield for Web Clients–
10/13/2023
4). Token Generated
Web Client –
UN+PWD+TOKEN
BES
23
IAS
6). Access
PROTECT CUSTOMERS IDENTITY
10/13/2023
The OTP is sent either via SMS or the OTP is generated
by the smart phone itself
The user use the OTP to log into the web application like
OWA or the core banking application
10/13/2023
Centralized architecture where all web / applications servers
are integrated centrally. Distributed servers can have their own
controlling architecture
The user logs into the application server and provides his
credentials
10/13/2023
Whether the user is using a spoofed IP address or not
IP address of the system of the user
Time stamp
27
FEATURES
10/13/2023
Optional integration available in the system for advanced
Risk based Transaction Algorithm which includes –
Predictive Modeling based Algorithm (Heuristics)
Behavioral pattern of the user based on his previous 50
transaction
Average card use over the past two years
Address verification service
Profile of the user
Pre programmed with specific patterns found during
fraudulent activity attacks like fund consolidation or
exaggerated numbers of small transactions
28
CONTD.
10/13/2023
OS Independent Authentication Mechanism
10/13/2023
AAA Servers to be deployed at the clients premises
Unbreakable encryption
Competitive costs
10/13/2023
A secure access solution for Core Banking Applications, LAN users, offline users,
10/13/2023
2). User Prompted to enter OTP
IAC
1). User Logs in with his credentials Interoperable with
multiple token
types
32
4). AD Result
5). Access
AD
SAMPLE SCENARIO 2
Bank requires –
10/13/2023
A secure access solution for Net Banking
SMS based token acceptable but not preferred for users travelling to remote
locations with connectivity issues
10/13/2023
4). Token Generated
Web Client –
UN+PWD+TOKEN
BES
34
IAS
6). Access
SAMPLE SCENARIO 3
Bank requires –
10/13/2023
A secure access solution for web based applications for users in remote
offices
10/13/2023
Authenticate Authenticate
MMFSL
Server
IAS
Token Generated
SMS
Access
36
6). Access
SAMPLE SCENARIO 3
Bank requires –
10/13/2023
A secure access solution for –
ATM Transactions
Users can use any ATM or can use his credit card at any location
10/13/2023
Authenticate/
Authenticate
Commit
IAS Bank’s DB
Server
Access
38
6). Access
ADVANTAGES
10/13/2023
The Bank User Gets –
39
CONTD.
10/13/2023
The Bank gets -
Zero user administration.
Seamless Integration with current setup
Simple price set up
Better use of the IT systems already in place
100% control of 'who can access the system'.
Zero maintenance on card frauds
Decrease credit card frauds by up to 99%
No deployment of devices or software to users.
40
Thankyou!!
Questions Welcome!!