How To Protect Customers From Online Fraud

Forewarned is forearmed, says the old adage, and that's certainly the case for solution providers specializing in the area of Internet security. Fixing a breach and dealing with its consequences is costly and time consuming. Brenna Lenoir, marketing manager of TeleSign Corp., discusses intelligent authentication with your phone. — Jennifer Bosavage

Consumers and companies today rely on the Internet to perform all manner of tasks, from conducting business, to buying and selling personal items to managing their lives, friendships and family interactions. However, working and living online exposes everyone to successive waves of hacks, scams, and other digital exploits – threats unimagined only a few years ago.

Enterprise IT and corporate management are spending increasing time, energy, and funds on securing digital and physical assets with technology of growing complexity. Strong encryption, multifactor biometrics, intrusion detection, anti-malware software and other advanced security measures provide necessary protection against a range of threats, but a simple truth remains: Verification before a transaction (or a security breach) occurs is always cheaper and more effective than attempting to remedy the consequences of failing to do so.

Internet security today is built on a fragile combination of robust transport authentication mechanisms like SSL and SSH, strong public and private key encryption, and password and CAPTCHA regimes. Unfortunately, encryption and transport security do little to address vulnerabilities at the endpoints — servers and the personal devices used to access them. And, authentication solutions such as passwords, CAPTCHA and tokens have been shown to be vulnerable to attack.

Intelligent authentication via the phone
Mobile phones are today the most ubiquitous devices on earth. In 2011, the United Nations estimates that more than five billion people worldwide own mobile phones and subscribe to voice and messaging plans and other services. Complement that number with 1.2 billion landlines and a growing number of Internet (VoIP) phones for majority coverage of today’s global population of nearly 7 billion people.

Mobile phones and landlines present key advantages for verification and authentication regimes:

• They possess unique identifiers – phone numbers and electronic identifiers
• They remain in the possession of users or near at hand most of the time
• If stolen or otherwise misappropriated, they are easy to disable
• Their association with actual individuals is verifiable through the operators that provide phone service
• PhoneID provides detailed information about phone type and registration location information globally. Scammers and fraudsters often rely on untraceable pre-paid phones or VoIP numbers that they can acquire in bulk to spam and scam online users. PhoneID helps companies identify such anonymous, location-independent telephone numbers, and block or flag these users and their associated transactions.
• Telephone Verification entails using a supplied telephone number for one-time authentication of online user identity. It calls or sends a text to the user supplied phone number with a PIN that gives users the opportunity to verify their identity in establishing an account or even for each login to the account. Combined with PhoneID, telephone verification forms a robust out-of-band authentication method.
• For example, Name.com, an accredited domain registrar and web hosting company, has a multi-layered fraud defense strategy, using telephone verification together with other fraud prevention products to eliminate more than $1.5 million in annual online fraud.
• Domain registrars are frequently targeted by fraudsters, as compromised domain names are easy gateways for scamming customers of banks, cloud services companies, e-commerce and other websites. By stealing and redirecting domain names, fraudsters can intercept traffic and spoof websites to “phish” for credentials, compromise user accounts, and siphon off funds and personal data. In recent years, Name.com experienced 10 to 12 percent annual fraud rates. By employing fraud prevention solutions to flag suspicious orders and create audit trails with intelligent authentication, Name.com reduced the time and manpower needed to identify fraudulent orders and cut illegal domain purchases by 97 percent.
• Phone verification/identification is fast becoming a core security solution for online companies. It’s used by organizations of all sizes including some of the world’s largest and most prominent Web businesses. It’s also in use by in multiple industries such as social media, lead generation, classifieds, financial services, healthcare, eCommerce and cloud-based services.
• Verification is not merely a piece of larger security routines. Verification lets users, employers, and vendors build and leverage online reputation for applications that include:
• Protecting account access
• Preventing bulk account registrations
• Securing eCommerce transactions
• Enabling trusted password reset
• Verifying businesses, and
• Validating sales leads
• In short, verification is key to securing online activities where knowing who is attempting to access digital assets is as important as what that person is doing.
• Benefits for Solutions Providers
  By offering telephone verification along with other complementary security products, solutions providers can reap many benefits. They include:
• Improving customer satisfaction with innovative cost-effective solutions
• Increasing revenue on a per user basis in installed base
• Increasing market reach
• Keeping competitors out of customer installed base
• Gating access to mission-critical data