Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Authentication

4/5/2019
11:45 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

iovation Releases New Product Features

Series of updates to online fraud prevention and authentication products increase security for businesses and reduce friction for consumers.

PORTLAND, Ore., Apr 3, 2019 -- iovation, a TransUnion (NYSE:TRU) company, today released a series of updates to its online fraud prevention and authentication products. The additions increase security for businesses and reduce friction for consumers with features like email and phone number verification, botnet detection, streamlined de-registration of a device used for authentication, and more customization and context insight for authentication requests. The enhanced identification and removal of threats, coupled with increased trust of good consumer devices, advances iovation’s capabilities to use a consumer’s laptop or mobile device as their online passport.

“Just as TSA Pre✓® has made flying dramatically easier and safer, the same could be said for online transactions with iovation’s updated products,” said iovation Chief Product Office Bala Krishnamurthy. “With iovation working in the background, consumers aren’t bothered by fraud checks and device confirmations that enhance authentication, they’re completely transparent. They simply get to enjoy the online experience while businesses ensure they are protected against fraud and other cyberattacks.”

The iovation product updates include:

Email and phone number verification: iovation added capabilities to verify the risk associated with email and phone numbers submitted in FraudForce, the company’s fraud detection and prevention solution containing intelligence based on experience with more than 5.9 billion devices. For email, iovation is looking at indicators such as when an email address was created and if it is using special characters with multiple similar emails to trick application forms. These are both significant signs whether an email address should be suspected as potentially fraudulent.

The phone number risk score takes into account several indicators including previous fraudulent activity associated with a phone number, and other attributes such as carrier, SMS capability, phone type and odd traffic problems. For example, if a single phone number requests a passcode in five different languages within the same week, this may indicate that the phone is being shared. Velocities can also flag suspicious behavior, such as a particular number or range of numbers showing up repeatedly on one or more web services within a relatively short time.

Botnet detection: iovation has new functionality to help identify the botnet risk for transactions from a device within FraudForce. The botnet risk score considers several key factors including the severity of previous botnet attacks, the historical presence of phishing or malware, and how long it’s been since any previous botnet activity has been seen on an IP address. Tracking network patterns and botnet activity contributes to a powerful, multi-pronged strategy to combat botnets up front.

De-registering a device used for transparent authentication: iovation ClearKey uses the device as a transparent factor of authentication for customers logging in to a website. The new update to ClearKey makes it simpler to remove a device from a customer account if they, for example, replace a device, log in to their account from a public computer using the “remember me” button or lose or had their device stolen. Now all a business has to do to remove a device from a customer’s account is to pull up the account in their Intelligence Center. They’ll see all the devices registered to that account, and the business will be able to selectively deregister a single device removing it as a known device used to access their account.

More insights and consumer options for authentication requests: iovation has released a number of new features that will enhance communication with consumers and give additional context and insight into their replies to authentication and authorization requests for its multifactor authentication solution, LaunchKey. This includes:

· Providing consumers with custom replies for denying authentication requests

· Enabling companies to find out if an authentication request failed or was denied by a consumer and the reason behind it.

· Allowing businesses to set the amount of time after which an authentication request will expire.

· Empowering companies to customize the title of authorization requests, create custom text for push notifications for authorization requests and choose which authentication factors consumers can select.

“Many people think of fraud prevention and cybersecurity as putting up a wall,” said Shirley Inscoe, Senior Analyst at research and advisory firm Aite Group. “But it should be looked at from the consumer perspective. If you are simply stopping the bad guys without any consideration to customer friction, your business probably won’t thrive. Instead, use appropriate tools to detect and manage fraudsters while providing great service to all your good customers.”

For more details about iovation’s products and new features, go here.

About iovation
iovation, a TransUnion company, was founded with a simple guiding mission: to make the Internet a safer place for people to conduct business. Since 2004, the company has been delivering against that goal, helping brands protect and engage their customers, and keeping them secure in the complex digital world. Armed with the world’s largest and most precise database of reputation insights and cryptographically secure multifactor authentication methods, iovation safeguards tens of millions of digital transactions each day.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9046
PUBLISHED: 2020-05-26
A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files.
CVE-2020-12388
PUBLISHED: 2020-05-26
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.
CVE-2020-12389
PUBLISHED: 2020-05-26
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.
CVE-2020-12390
PUBLISHED: 2020-05-26
Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76.
CVE-2020-12391
PUBLISHED: 2020-05-26
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox < 76.