VeriSign Identity Protection Network and Services

1
VeriSign Identity Protection Network and Services

• Intelligent Network Infrastructure to Strengthen
  and Protect Digital Identities Across Private
  and Public Networks

2
Cyber Threat Landscape

• Increased Sophistication Criminalization
• From HangUP to MetaFisher
• Targeted Attacks on the Increase
• Rapid exploitation for sale on black market
  Example of WMF
• Rogue spyware installations, Trojans
• Vulnerabilities quickly implemented into existing
  attack toolkits and techniques
• Zero Day Attacks Emergent and Persistent
• Future Threatscape for Financial Services

3
MetaFisher Command and Control Interface a
New Level of Attack

• Very sophisticated attack interface
• Targets banks primarily in Spain, UK and Germany
• Encrypted Communications Evade IDS
• Undermines SSL TAN

Bot command and control interface for
MetaFisher
4
Cyber Threat Landscape Russian Hackers

• Increased Sophistication of Threats and
  Specialization and Commoditization of the Cyber
  Underground Marketplace
• Increasingly Advanced Malicious Code
• Testing and validation of malicious code for sale
  among Russian cyber criminals for use in various
  attacks
• October 2005 posting on
  Web-Hack.ru
• Increase in Communication/Teamwork Among Hackers

5
Cyber Money Mules

A Key Part of Former Soviet Union Credit Card
Fraud (Carding) Targeting Primarily
US/UK/Australia
6
Geopolitical Hotspot China

• Anti-.gov.cn defacements against Chinese
  government websites increasing one recent report
  of malicious code being placed on a .gov.cn
  website many .gov.cn websites probably remain
  vulnerable
• American businesses working with .gov.cn
  websites in their operations should be aware of
  these security concerns, especially for various
  Chinese provincial, regional and municipal
  websites and networks
• Mobile-based and wireless cyber crime doubled
  in China from 2004 to 2005, according to a
  Chinese government official with the Information
  Security Supervision Bureau, Ministry of Public
  Security, presenting at the AVAR 2005 AV
  conference in Tianjin, China, in November 2005
• Phantom FanBot family of malicious codes and
  Chinese hacker connections
• Rise of Zombie Networks in China
• Though the rate of infected computers is
  down, the overall number of infected computers
  probably has not changed substantively

7
Authentication The End of the Status Quo

• Ramping Identity Theft in 2005
• 10M US adults victimized1
• 50M accounts Compromised2
• 15B in Total Losses
• Reputation Risk
• Negative stay out of the press
• Positive customer care
• Compliance (FIs)
• FFIEC mandate for 2006
• Two-Factor Auth elsewhere
• Emerging.
• Online fraud costs
• Consumer Confidence Erosion

• 1 Source FTC survey http//www.ftc.gov/opa/2005/
  03/idthefttest.htm
• 2 Source Privacy Rights Clearinghouse
  http//www.privacyrights.org/ar/ChronDataBreaches.
  htm

8
Announcing VeriSign Identity Protection
A Comprehensive Solution
VIP Strong Authentication
VIP Fraud Intelligence
VIP Network
Two complementary services enhanced by a Network
Effect
9
VIP As the Complete Solution
All Forms of Identity Protection
Mobile Phone (SMS, voice)
Smart cards
U3 Mini-Drives
OTP Tokens
Fraud Detection
ID Proofing
PROACTIVE
INVISIBLE
For All Users
HIGH VALUE / HIGH RISK
LOWER VALUE/LOW RISK
10
How does it work ?
User logs in as usual
11
Multi-Tiered Fraud Detection System

• Rule Engine
• Out-of-the-box fraud detection rules
• Custom rule creation with GUI tool or scripting
  language
• Behavioral Engine
• Automatically finds patterns of normal behavior
• Flags anomalies in real-time.
• Intervention Feedback Loop
• System learns from failure of in-band/out-of-band
  intervention
• Fraud Intelligence network
• Enhances in-premise software fraud analytics and
  tools
• Provides both for periodic rules, data, and fraud
  model updates
• Blend this information together to come up with
  an anomaly score

12
Data Inputs

• We use data that you already have available
• Out of the box configuration provided
• Any other available parameters can be used

Default parameters supported out of the box
13
FDS Rule Engine

• Extensible
• Able to use any combination of transaction or
  user info available
• Turnkey
• Out of the box rules that protects against well
  known fraud patterns
• New rules are provided as part of the FDS service
• Customizable
• Easily add custom rule with no programming
• Scripting language and XML representation of
  rules
• Scalable
• Support for thousands of rules (including
  stateful) with no performance degradation

14
Out-Of-The-Box Rules
15
FDS Behavior Engine

• Clustering algorithms
• System creates a behavioral map for each user
  (clusters)
• Each cluster corresponds to a learned behavior
  (e.g. work, home)
• Unsupervised learning
• The clustering process is automated (no need to
  tell whether a transaction is an anomaly or not)
• Simply feed log or live transaction data into the
  engine.
• Engine knows when it has enough data to discern
  anomalies
• Benefits over rule engine
• Not limited to known fraud attacks
• The system works by understanding how a user
  operates, not by a known and fixed fraud
  signature
• Increased robustness
• Not overly dependent on any one single attribute,
  such as IP address
• Reduced maintenance
• Dedicated rules are automatically built for
  each user

16
Fraud Intelligence Network

• Initially combines intelligence from multiple
  internet-wide sources
• Origins of confirmed credit card fraud (over
  100,000 merchants, 44B in transactions, 33 of
  Internet e-commerce - PayPal)
• Origins for network attacks (VeriSign Managed
  Security Services)
• Origins for DDoS attacks on global DNS
  infrastructure
• Aggregates fraudulent behaviors from multiple
  customers
• Each FDS deployment periodically updates network
  with known fraud data
• Fraud User to encapsulate know fraudulent
  behavioral models
• Regular rule, data and model updates
• Available June

17
Fraud Intervention Options

• FDS Engine Automatically Triggers Intervention
  when
• Rule has fired
• Behavioral engine returns high risk score, high
  confidence
• Support for Multiple Intervention Mechanisms
• Question and Answer provides simplest form of
  integration
• Out of band verification code (email, automated
  call, SMS)
• Helpdesk call (from Investigation console, based
  on pre-defined scripts)
• Turn-Key Challenge-Response Implementation
• No Coding Required
• Minimal integration requires only a simple site
  template with an iFrame
• FDS handles all response verification and actions
  
• Advanced String Normalization Techniques
• Removes common errors when users answer challenge
  questions
• Addresses common shortened words such as Univ.,
  St.,

18
Sharing One Identity Across Many Interactions
E-Commerce
Online Banking Trading
Communication
Government Services
InternetPayment
Health Care
19
Inspired by the Offline World
20
VIP Network Participants Roles

• VIP members that issue their own VIP credentials
  to consumers (e.g. PayPal)
• VIP credentials are co-branded with VIP as
  ingredient brand
• Issuer Implements 2nd Factor life-cycle Mgt and
  first level support for the credentials it issues

• Member site on VIP network
• Carries VIP seal to indicate VIP network
  membership
• Accepts VIP credentials for strong authentication
• May issue own branded credentials at later date

• VIP credential issuer operated by VeriSign
• Directory of VIP sites on the Internet
• Self-service portal for consumers to manage their
  credential
• Credentials branded VIP and VeriSign provides
  first level support

• Second factor authentication in VeriSign
  infrastructure
• 2nd level support for issuers and relying parties
• Deployment services (integration, training,
  support)

21
Key Concepts for Sharing

• 2nd factor only, not federation
• 1st factor remains Unique user name and
  password
• Current user logon experience remains
• www.banksname.com
• Username, password logon
• Binding is local
• Association of token to user is local
• Authentication can be tailored to specific
  security environment
• Bank acct no, ATM no, PIN
• Small merchant site username, password,
  question and answers
• 2nd factor credential layered on
• Can be included in regular password field
• Can be implemented as separate logon step
• E.g., One time passcode

22
Flexibility Driven by Open Standards

• 60 active members and counting
• 15 interoperable shipping products

23
Primary Benefits

• Reduced Cost
• Tokens do not have to be issued to every consumer
• Rely on other issuers (eBay/PayPal, VeriSign)
• Rely on embedded devices
• SanDisk
• Motorola
• More to come
• Branded tokens only for a limited customer
  segment
• Reduced Complexity
• Outsourced distribution, fulfillment, support
• Limited additional architecture to support 2nd
  factor authentication
• Higher Security
• 2nd factor authentication

24
Conclusion Its Time To Share!

• The Any Era Makes It Real
• The Web Lifestyle Makes It Important
• The VIP Network Makes It Work