Mobility & Security Enhancing User Experience

Transcription

1 Mobility & Security Enhancing User Experience Giovanni Carnovale Regional Sales Manager Central Europe

2 Agenda 2

3 Core Activities How to Secure your Brand 3

4 VASCO s Core Activities User authentication Log-on access - verifying that the user is in fact who he claims to be Electronic signature Secures a transaction/message between two (known) parties Digital signature Secures a transaction/message between two parties who do not necessarily know each other, where a third party guarantees the identity/signature of all parties involved

5 Corporate Profile A leading software company, specializing in Internet security Global company with HQ in US and Europe and Operational HQ in Europe Listed on Nasdaq: VDSI Approximately 10,000 customers in 100+ countries Fast and continuous growing market share from 2004 Profitable throughout the crisis year consecutive profitable quarters allowing VASCO to finance its organic growth and acquisitions State of the art technology and products

6 3 Business Models We authenticate the world 6

7 Origins We authenticate the world 7

8 References in financial institutions We authenticate the world 8

9 References in enterprise market We authenticate the world 9

10 DIGIPASS sold & shipped DIGIPASS GO 3 DIGIPASS GO 6 DIGIPASS CertiID DIGIPASS Key 101 DIGIPASS DIGIPASS DIGIPASS 270 DIGIPASS 300 DIGIPASS 301 CV DIGIPASS GO 7 DIGIPASS GO 8 DIGIPASS GO 100 DIGIPASS Key 200 DIGIPASS Key 860 DIGIPASS 550 DIGIPASS 560 DIGIPASS 580 DIGIPASS 585 DIGIPASS 700 IPT Cloud Key Virtual DIGIPASS DIGIPASS Nano DIGIPASS for Mobile DIGIPASS 800 DIGIPASS 810 DIGIPASS 815 DIGIPASS 820 DIGIPASS 830 DIGIPASS 835 DIGIPASS for Windows DIGIPASS for Web DIGIPASS 110 DIGIPASS 836 DIGIPASS 840 CV DIGIPASS 855 DIGIPASS 865 DIGIPASS 905 DIGIPASS 920

11 Global company VASCO HQ VASCO Offices VASCO Sales Presence

12 Market Strategy 12 12

13 Banking Ecosystem ATM 13

14 Evolution of Authentication Convenience Security Time Federal Reserve Briefing 14 14

15 WW snapshot in 2FA 15

16 Regulations European Central Bank Guidance (ECB) Security of Internet Payment (Should be implemeneted by February 1st, 2015) Security of Mobile Payment (Should be implemeneted by February 1st, 2017) 1. General control of security environment Payment app data should not be accessible by other mobile apps Mobile payment app must be periodically audited Passwords and PINs must be entered in a way that cannot be compromised 2. Strong customer authentication 3. Mechanism to protect sensitive data 4. Customer awareness and education 16

17 Vasco Vision 1/3: History Security HW Client One Time Password TDS for Financial Transactions SW Client One Time Password TDS for Financial Transactions Ease RBA Fraudulent logon prevention for ebanking and Online Application Security ebanking Financial Transactions Fraud Prevention 17

18 Vasco Vision 2/3 Yesterday, balance between security, ease of use and cost Customer were concerned that too much security will downgrade usability and accessibility Security Ease Cost Our Vision is to use Security to enhance Online User experience With our Security solution User usability and accessibility is improved! 18

19 Vasco Vision 3/3 Ease HW Client Connected WYSWYS Solution (USB, BT, QR Code) Press & Login SW Client Scan & Login Scan & Sign OOB TDS Mobile Application Security Security RBA Fraudulent logon prevention for ebanking and OAS ebanking Financial Transactions Fraud Prevention 19

20 RBA New channel opportunities Channel 1 Core Banking Anti-Money Laundering: VASCO RBA integrated within the core banking system for Anti-Money Laundering and unspecified fraud prevention Channel 2 Debit and Credit Card fraud prevention: VASCO RBA integrated within the ATM and Card Scheme (Visa \ Mastercard) payment networks for fraud prevention Channel 3 ecommerce fraud prevention: VASCO RBA as a direct competitor to Cybersource often integrated as a payment gateway.. Channel 4 Card Acquiring Credit Risk monitoring: VASCO RBA integrated into card acquirers to monitor for rouge merchants who may present a significant financial exposure to the acquirer. 20

21 CrontoSign 21

22 CrontoSign Visual Transaction Signing 22

23 CrontoSign Visual Transaction Signing 23

24 Example: European Money Transfer Auto-alignment handled by device Multi-lingual 24

25 You choose Formatting Special Characters Long Message Colors Bold Customized Label Currency Special Characters Center Alignment No amount No Performance impact for long messages 25

26 Encrypted Free Text Transaction Encoding 26

27 Dynamic Personalization CrontoSign Device/Apps is distributed impersonalize Secure credentials provisioned via CrontoSign Image Update Credentials without replacing the device N No Seed Stored by Vasco 27

28 CrontoSign Business Value 1 Device to Multiple Accounts 28

29 CrontoSign Licensing Model 1 User License can be used to activate multiple Devices without any security compromise t 29

30 CrontoSign Summary Flexible Choose hardware device or mobile Easy activation CrontoSign image scanning WYSIWYS All transaction data presented on color screen Secure communication , Mail, On-line, etc. up to 115 characters 30

31 CrontoSign - Roadmap DIGIPASS 780 Device with CrontoSign technology support and touchscreen for numeric input (e.g. PIN) Rechargeable battery Release expected Q DIGIPASS 880 Card reader with CrontoSign technology support Release expected Q

32 Bluetooth-Devices 32

33 Bluetooth-Device DIGIPASS 875 Hybrid Solution, Bluetooth USB Base on Bluetooth low energy Support IOS/android/BB Support windows 8RT WYSIWYS Easy transaction data signing : 6 lines * 20 characters eid supported Device can also be used with eid to sign online contracts 33

34 Bluetooth-Device GO 3 BT One button Bluetooth device Auto discovery Unconnected Time based OTP Connected Time based OTP (BT) Online Transaction Data Signing(BT) Secure channel (128 bits) 34

35 Bluetooth-Device DIGIPASS 775 DP 770 WYSWYS BT device Touchscreen for numeric input (e.g. PIN) Rechargeable battery Coming Soon DP 340 Coming Soon 35

36 DIGIPASS for Mobile / APPS DIGIPASS for Application Perimeter Protection SDK The Mobile Security Library 36

37 Attacks against Mobile: Causes Main causes of Fraud or incidents in mobile applications in 2013 (OMASP/OWASP) Application Security Authentication 37

38 Mobile Application Security Apps are based on the same principle.. Let s secure them with all Vasco Knowledge 38

39 Client-Side Scoring

40 User Platform Context Client Side Decision Policy Client Score Policy Score Calculation Scoring: Based Authentication OTP Injection OTP Validation OTP Extraction Server Score Policy Geolocation 1 2 Action 1 Action 1 OS Version Action 2 Action 2 JailBreak & Rootkit Action 3 Action 3 Malware Action 4 Action 4 PIN Activated Action 5 Action 5 Behavior Analysis Biometric Action Action 6 Defined by customer when customizing the application, delivered within the App or with an external XML Define by customer when customizing the application, delivered within the App or with an external XML 40

41 Use Case 1 Mobile Phone is Used as an Authentication Device

42 Login Methods DIGIPASS for APPS/Mobile

43 OTP Generator OTP 43

44 Scan & Login Username Session ID SN Signature Password Scan 44

45 Transaction Data Signing Methods DIGIPASS for APPS/Mobile

46 Scan & Sign Toronto Office Supply Submit 46

47 OOB TDS Toronto Office Supply Submit 47

48 Notify & Sign 2- Send Message to Notification Service Provider 3- Deliver Notification 1- Generate Secure Channel Transaction Message 48

49 Use Case 2 Mobile Phone is Used to access Mobile Banking Application

50 Native Integration DIGIPASS for APPS

51 DIGIPASS for APPS Mobile Banlking Apps Security Increased User Friendliness. with Strong Authentication OTP 51

52 App(Banking) To App(Security) Communication DIGIPASS for Mobile

53 2 Way App To App Secure Channel Communication Digipass:// MobileBanking App:// Generat e Secure Messag e

54 Secured Cash Out DIGIPASS for APPS Sample of usage

55 ATM cash out Define Title in Insert Header/Footer Slide 55

56 VASCO Data Security Identikey Risk Management Authentication the way we do

57 A Human Scale Protocol hi there! I am VASCO Data Security Assurance Level Authentication - The way we do 57

58 Step Up the Level of Assurance Design inspired by DryIcons hi there! I am VASCO Data Security Assurance Level Authentication - The way we do 58

59 With plenty Pseudo Identities Design inspired by DryIcons ID NO STATE IDENTIFICATION CARD Surname Forename Address SEX M HGT 5-08 EYES BLU Student Card Forename Surname N Course 2015 FT AUTO DRIVER LICENSE Surname Forename Address SEX M HGT 5-08 EYES BLU X hi there! I am VASCO Data Security Assurance Level Authentication - The way we do 59

60 only 1 Real Identity VASCO Data Security Assurance Level Authentication - The way we do 60

61 e-authentication beyond Yes & No Location Trends Inherence Time Environment Possession Assurance Level Knowledge Context Risk Level VASCO Data Security Authentication - The way we do 61

62 Authentication Categories Increased Trust Continuous Inherence Possession Assurance Level Knowledge VASCO Data Security Context Entity Profiling Risk Level Secondary Attributes Authentication - The way we do 62

63 4 A Value Chain Acquire Aggregate Analyze DE O K VASCO Data Security Action Authentication - The way we do 63

64 Meaningless Characteristics Analyze I Velocit y 6 Hours How many events of a certain type I N Volume 12 Hours The sum total of the value of all events N DE P Difference 24 Hours How many events holding different properties P U Same 36 hours How many events holding the same properties U T Slope 8 Hours If there is an upward or downward trend DE T VASCO Data Security Authentication - The way we do 64

65 Bayesian Model Risk? Analyze DE Self- Adjusting Historical Data probability of condition A (consequence) p(a B) = p(b A) p(a) / p(b) when condition B already exists High Risk? Probability Score Swiped Card 3% Cross Border Transactio n 20% Risk? High Decline 7% High Decline 10% Cross Border Transactio n 20% VASCO Data Security Authentication - The way we do 65

66 Artificial Neural Network Input Layer Hidden Layer Output Layer Analyze I N N P U T Perceptron DE Ibias Output Self-Learning Supervised Unsupervised Reinforcement P U T Risk? anomaly Parallel Processing VASCO Data Security Authentication - The way we do 66

67 Decision Engine Analyze Inference Score Probability Score Neural Score DE Expert Rules Velocit y 12 Hours Volume 12 Hours IO Boolean Match Same 12 hours Difference 12 Hours Memory VASCO Data Security Action Authentication - The way we do 67

68 Processing AnalyzeAcquire Batch Near Time With rollback Real Time Aggregate Analyze Trigger Authentication Review & Investigation Suspend Transaction O K VASCO Data Security Action Non-Blocking Blocking Authentication - The way we do 68

69 VASCO Vision Fraudulent logon prevention Transactions Fraud Prevention IDENTIKEY Scan & Login Scan & Sign OOB TDS Mobile Application Security Risk Manager Software Connected WYSWYS Press & Login Hardware Assurance Level Assurance Level VASCO Data Security Authentication - The way we do 69

70 Thanks!, Questions