Category Archives: Authentication

Increased appetite for biometrics fueled by speed, security and convenience

The Biometric Consumer Sentiment Survey of more than 1,000 U.S. adults who have experience using biometrics to log into their accounts, reveals an increased appetite for the technology. 70 percent of respondents reported that they would like to expand the use of biometric authentication into the workplace, according to Veridium. Consumers cited speed (35 percent), security (31 percent) and not having to remember passwords (33 percent) as the primary reasons for liking biometric authentication. “The … More

The post Increased appetite for biometrics fueled by speed, security and convenience appeared first on Help Net Security.

Voice | A Password Close To Your Heart

Examining the evolution of technology, we have been caught in a trend moving toward natural conversations. The start of this timeline begins with computers, which quickly made their way to being a major force of communication, whether that was through the first emails or internet searches. Bound to the hardwired interface in computers was typing – something that had to be learned, and with that came written passwords.

The advent of smartphones made touch the new star of conversations – leaving typing in our second nature. This era was defined by the “swipe” of a touch screen, still requiring passwords, but with the involvement of two factor authentication. So, what is comes after touch?

That is where voice comes in – the era that is standing in front of us today. Voice doesn’t require an interface that has to be learned; it is as natural as having a conversation with a friend. Typed passwords are moving into the past, with the era of voice offering a password you always have with you – your voice.
To identify some of the trends associated with emerging voice technology, Pindrop conducted a study, including 500 respondents restricted to IT and business leaders. We found that today, 28% of businesses are using voice technology to communicate with customers. In one year, that number is expected to almost triple – with 83% expected to use voice to communicate with customers. At this point, you may be asking yourself, “How will the increased use of voice tech impact my organization?”According to our survey, 94% of respondents believed voice would be a driver of customer satisfaction, and 56% thought it would drive down costs, while offering a competitive advantage (88%). While all of these factors seem to be positive, your customers will have concerns over the implementation of voice technology.Our survey says that the concern from your customers will come from a security standpoint. 80% of the respondents hold concern surrounding business’ ability to keep voice acquired data safe, 88% fear data misuse will slow adoption, and 82% have concerns over how fraud will impact adoption.

In the end, if enterprises want to leverage cost savings, customer satisfaction benefits, and competitive advantages, they must address security in voice applications to help encourage adoption. After all, most of the blocks customers’ have in adopting voice technology on an enterprise level are tied to security concerns.

To find out more about the latest on welcoming the conversational economy – watch our on-demand webinar here.

For more info, contact us.

 

The post Voice | A Password Close To Your Heart appeared first on Pindrop.

Advanced Customer Verification – Are You Ready For That?

Fraud is on the rise and attacks made by cybercriminals are becoming more sophisticated. Basic identity proofing is no longer effective, so it’s time for turning the clunky process into

The post Advanced Customer Verification – Are You Ready For That? appeared first on The Cyber Security Place.

Infosecurity.US: The GoDaddy Hole or Exploiting The Insecurity Event Horizon

Via the inimitable Brian Krebs, writing at Krebs On Security, comes further reportage detailing the continued authentication-flaw-exploitation of the GoDaddy, Inc. (NYSE: GDDY) Hole - a seemingly irrepairable flaw in their Registrar Line of Business systems, with a never-ending Exploitable Event Horizon.



Infosecurity.US

Best Practices for Choosing Good Security Questions

Security questions can add an extra layer of certainty to your authentication process. Security questions are an alternative way of identifying your customers when they have forgotten their password, entered

The post Best Practices for Choosing Good Security Questions appeared first on The Cyber Security Place.

Email authentication use growing steadily in every industry sector

U.S. federal government agencies and many major enterprises have made significant strides to thwart the spread of fake emails, a major cybersecurity attack vector. But many organizations remain susceptible because they’re still not using readily available open standards-based technologies that prevent these fakes from reaching end-user inboxes. Valimail’s “Email Fraud Landscape, Q4 2018” indicates that the fight against fake email is advancing around the world — but email fraud remains a widespread and pernicious problem. … More

The post Email authentication use growing steadily in every industry sector appeared first on Help Net Security.

Researchers reveal new privacy attack against 3G, 4G, and 5G mobile users

5G cellular mobile communications, when implemented, are expected to provide high bandwidth, low latency, energy savings, better connectivity, but security and privacy must also be assured. The security challenges are many but, luckily for us all, researchers are already probing the draft standard for weaknesses. Much of the research has focused on the security and privacy of 5G AKA, the Authenticated Key Exchange standardized by the 3rd Generation Partnership Project (3GPP) for 5G. A new, … More

The post Researchers reveal new privacy attack against 3G, 4G, and 5G mobile users appeared first on Help Net Security.

2019 and Beyond: The (Expanded) RSAC Advisory Board Weighs in on What’s Next: Pt. 2

Part two of RSA’s Conference Advisory Board look into the future tackles how approaches to cybersecurity must evolve to meet new emerging challenges.

How privacy and security concerns affect password practices

Yubico announced the results of the company’s 2019 State of Password and Authentication Security Behaviors Report, conducted by the Ponemon Institute, who surveyed 1,761 IT and IT security practitioners in the United States, United Kingdom, Germany and France. Understanding behavior The purpose of this study is to understand the beliefs and behaviors surrounding password management and authentication practices for individuals both in the workplace and at home. The goal was to understand if these beliefs … More

The post How privacy and security concerns affect password practices appeared first on Help Net Security.

The most effective security strategies to guard sensitive information

Today’s enterprise IT infrastructures are not largely hosted in the public cloud, nor are they SaaS-based, with security being the single largest barrier when it comes to cloud and SaaS adoption. With the recent rise in breaches and privacy incidents, enterprises are prioritizing the protection of their customers’ personally identifiable information, according to Ping Identity. Most infrastructure is hybrid Less than one quarter (21%) of IT and security professionals say that more than one half … More

The post The most effective security strategies to guard sensitive information appeared first on Help Net Security.

Securing Government Data with NIST 800-53

If you have ever heard of the Federal Information Security Management Act, then you are aware of the work done by the National Institute of Standards and Technology. The goal of the Act, not to  mention the subsequent documents that resulted from strategies designed around implementing it, led NIST to create works designed to bolster […]… Read More

The post Securing Government Data with NIST 800-53 appeared first on The State of Security.

Collection #1 Data Breach Exposes Nearly 733 Million Records, Highlighting Need for Multifactor Authentication

The theft of nearly 733 million unique email messages and 21 million passwords underscores the urgent need for multifactor authentication in the enterprise.

First discovered by security researcher Troy Hunt, records from the data breach were published to a hacker forum as well as the cloud-based service MEGA, though they have since been removed.

Dubbed Collection #1, the perpetrators behind the theft remain unknown, but the volume of 12,000 files suggests that it may have involved multiple incidents and actors. Cleaned-up versions of the files have been loaded into Have I Been Pwned, which users can leverage to check whether their data was compromised in the breach.

Why Collection #1 Data Is Particularly Dangerous

While any data breach of this magnitude would raise concerns, the files included in Collection #1 include login credentials that have been dehashed. In other words, the threat actors who stole the information were able to convert it into plain text.

This could make it a lot easier for attackers to use those credentials to break into various email servers and other online systems. By using bots, for instance, threat actors could launch credential-stuffing attacks to access multiple accounts with the same stolen password, as Forbes pointed out.

Use Multifactor Authentication Where It Counts

The Collection #1 breach serves as a reminder that a password alone is not enough to protect data from theft or misuse. When emails, login credentials or other files belonging to a business or government organization are compromised, the risk of financial or reputational damage is even greater.

Obviously, the sensitivity of this data necessitates stronger protection for individual workstations and business applications, but IT professionals should also consider the security of the mainframes that keep so many operations and processes running within the enterprise. Multifactor authentication adds layers of defense that credential-stealing threat actors will need to penetrate to access the mainframes, devices and IT infrastructure that holds valuable enterprise data.

The post Collection #1 Data Breach Exposes Nearly 733 Million Records, Highlighting Need for Multifactor Authentication appeared first on Security Intelligence.

What Does Healthcare Cybersecurity Look Like in a Future of Connected Medical Devices?

As technology continues to transform the way healthcare is delivered, the industry is burdened by the growing cybersecurity risks inherent in the expansion of connected devices. Understanding that each connected device opens another pathway for threat actors, it’s incumbent upon device manufacturers to keep security foremost throughout the development life cycle.

The question is, how can manufacturers ensure the security of the devices they create? Furthermore, what can healthcare companies do to mitigate the risks inherent in the future of healthcare cybersecurity?

Taking the Pulse of Health Care Cybersecurity Today

Because they are so often the target of cyberattacks, healthcare organizations took a beating once again in 2018. We saw some significant data breaches last year, such as the attack on Med Associates where more than 270,000 patient records were breached.

New research from Clearwater found that the three most common vulnerabilities in healthcare cybersecurity are user authentication deficiencies, endpoint leakage and excessive user permissions — which, combined, account for nearly 37 percent of all critical risk scenarios. Credential misuse continues to threaten enterprise security across all sectors, including healthcare.

“When malicious actors gain access to accounts — whether by weak passwords or phishing attacks — they are given the literal keys to the kingdom,” said Justin Jett, director of audit and compliance for Plixer.

When it comes to medical devices, however, cybersecurity is making progress. According to Leon Lerman, CEO of Cynerio, “We are currently in the increased awareness state where healthcare providers, the Food and Drug Administration (FDA), the Department of Health and Human Services (HHS) and device manufacturers are starting to be more active in the space.”

Moving Toward a More Secure Future

The good news is that healthcare providers at hospitals are starting to include cybersecurity requirements in their procurement process. In fact, some are no longer depending on the medical device manufacturers and instead actively looking for dedicated device security solutions.

According to Lerman, the FDA and Department of Homeland Security (DHS) recently launched a joint initiative to “increase coordination in dealing with threats related to medical devices.” In addition, HHS released cybersecurity best practices to help healthcare organizations manage threats and protect patients from internet of things (IoT)-based attacks and other threats.

Manufacturers have not progressed alongside hospitals, though there are more conversations about strengthening the security of their devices, taking part in cybersecurity testing and streamlining the patching process. In reality, though, it’s only been within the last decade that these conversations have been taking place, and according to Anura Fernando, chief innovation architect at UL, medical devices can take at least that long to develop and get into the market.

“If you couple that with the fact that many devices are used by hospitals for 20–25 years, you can see that there is a major legacy systems issue, with many devices lacking security controls at the device level. Based on that timing offset, it could easily be five to 10 years before we see the complete turnover of equipment in use by hospitals that didn’t even have cybersecurity considered during design,” Fernando explained.

The Challenges of Securing Connected Devices

Legacy systems present myriad cybersecurity challenges, but there are other obstacles to securing medical devices. One that is closely related to legacy equipment is that of component obsolescence.

“When you consider the lengthy development timelines associated with most devices, it can easily be the case that security-related components such as operating systems and microcontrollers cease to be supported by the component vendor soon after a medical device reaches the market,” Fernando said.

As a result, maintenance activities such as security patches are no longer feasible for hospitals. Let’s say that security patches are released by the vendors, however. The time and cost it takes to validate these updates to devices is onerous.

“Even once this validation process is complete, it can be a daunting task to manage the deployment of a patch into the highly dynamic operational life cycle phase of a device, which may be in process of performing critical functions like life support,” said Fernando.

How Health Care Organizations Can Mitigate Security Risks

You can’t protect what you can’t see, so proper visibility into connected devices and their ecosystem is critical. Once you have visibility, understand the risk that each of these devices poses and take necessary proactive measures to minimize this risk, such as network segmentation, patching and removing devices from networks.

By monitoring device behavior and understanding what devices do in the context of medical workflows, you can detect anomalies when devices behave suspiciously. And, of course, early detection enables quicker response.

Strengthening password requirements can help you reduce risk, but when malicious actors gain a foothold, organizations need network traffic analytics to understand where the attack started and determine whether it has spread.

“By looking at how credentials are used throughout the network and creating a baseline of normal usage, network and security teams can be alerted to anomalous credential use and stop attacks as they happen,” Jett said.

Furthermore, all of the different stakeholders in the healthcare value chain need to be invested in securing the future of connected healthcare. Since this is a widespread effort across the healthcare environment, industry leaders should develop guidelines and standards to evaluate whether products and devices meet cybersecurity standards.

The post What Does Healthcare Cybersecurity Look Like in a Future of Connected Medical Devices? appeared first on Security Intelligence.

NBlog Jan 17 – another day, another breach



https://haveibeenpwned.com/ kindly emailed me today with the news that my email credentials are among the 773 million disclosed in “Collection #1”.  Thanks Troy Hunt!

My email address, name and a whole bunch of other stuff about me is public knowledge so disclosure of that is no issue for me. I hope the password is an old one no longer in use. Unfortunately, though for good reasons, haveibeenpwned won’t disclose the passwords so I can’t tell directly which password was compromised … but I can easily enough change my password now so I have done, just in case.

I went through the tedious exercise of double-checking that all my hundreds of passwords are long, complex and unique some time ago – not too hard thanks to using a good password manager. [And, yes, I do appreciate that I am vulnerable to flaws, bugs, config errors and inept use of the password manager but I'm happy that it is relatively, not absolutely, secure. There are other information risks that give me more concern.]

If you haven’t done that yet, take this latest incident as a prompt. Don't wait for the next one. 

Email compromises are pernicious. Aside from whatever salacious content there might be on my email account, most sites and apps now use email for password changes (and it’s often a fallback if multifactor authentication fails) so an email compromise may lead on to others, even if we use strong, unique passwords everywhere.

New Reverse Proxy Tool Can Bypass Two-Factor Authentication and Automate Phishing Attacks

A new reverse proxy tool called Modlishka can easily automate phishing attacks and bypass two-factor authentication (2FA) — and it’s available for download on GitHub.

Polish security researcher Piotr Duszynski released the tool just weeks into the new year. As noted by ZDNet, Duszynski started the project in 2018 with the goal of writing “an easy-to-use tool that would eliminate the need of preparing static webpage templates for every phishing campaign that I was carrying out.”

He certainly succeeded. Modlishka — the English pronunciation of the Polish word for mantis — is a reverse proxy modified to handle traffic between legitimate login pages and phishing attacks. While victims receive authentic content, all traffic is routed through the Modlishka server, giving threat actors the ability to collect 2FA tokens and create authenticated user sessions. As a result, attackers don’t need to deploy any cloned template sites; if they have a valid Transport Layer Security (TLS) certificate, users are typically none the wiser.

Potential Problems Down the Road

This new 2FA-bypassing tool is problematic for several reasons. First, it’s automated and lightweight — so long as attackers can effectively spoof target domains, there’s very little chance the ruse will be detected. According to Duszynski, while some defenses — such as obfuscated JavaScript code or HTML security tag attributes — require manual adjustments, both are “fully supported by the tool and will also be improved in the future releases.”

Another big concern is that Duszynski released his code as open source on GitHub. According to SCMagazine, Duszynski said he put the tool on GitHub as a way to better prepare penetration testers and improve red team engagements, and he doesn’t support any malicious use of the tool. However, given a recent Amnesty International report that notes an increase in state-sponsored two-factor authentication attacks as well as the rise of “script kiddies” looking for prebuilt malware kits online, Modlishka will likely prove popular among threat actors.

While Duszynski makes his case with a cogent argument, saying that “without a working proof of concept that really proves the point, the risk is treated as theoretical and no real measures are taken to address it properly,” this kind of public distribution is outside the normal scope of vulnerability assessment.

Strengthen Your Two-Factor Authentication Methods

It’s not all bad news: While two-factor authentication methods such as SMS or one-time codes are susceptible to Modlishka, emerging standards such as universal second factor (U2F) remain secure. This is backed up by security experts like IBM X-Force Red’s Dustin Heywood, who recommends using 2FA wherever possible, but suggests skipping SMS codes for authenticator apps or other more secure options.

The post New Reverse Proxy Tool Can Bypass Two-Factor Authentication and Automate Phishing Attacks appeared first on Security Intelligence.

The FCC and Call Authentication

On a daily basis, many people receive automated machine calls, and importantly, more people are getting annoyed. The Federal Communications Commission (FCC) in the United States must have received and no doubt continues to receive many complaints about automated calls and caller ID spoofing. Apparently, these complaints forced the FCC to come up with a […]… Read More

The post The FCC and Call Authentication appeared first on The State of Security.

Using a Fake Hand to Defeat Hand-Vein Biometrics

Nice work:

One attraction of a vein based system over, say, a more traditional fingerprint system is that it may be typically harder for an attacker to learn how a user's veins are positioned under their skin, rather than lifting a fingerprint from a held object or high quality photograph, for example.

But with that said, Krissler and Albrecht first took photos of their vein patterns. They used a converted SLR camera with the infrared filter removed; this allowed them to see the pattern of the veins under the skin.

"It's enough to take photos from a distance of five meters, and it might work to go to a press conference and take photos of them," Krissler explained. In all, the pair took over 2,500 pictures to over 30 days to perfect the process and find an image that worked.

They then used that image to make a wax model of their hands which included the vein detail.

Slashdot thread.

Opinion: Back to the Start for 2FA Adoption?

In a previous post, Tripwire asked contributors what their most memorable event of 2018 was. As a follow-up, guest author Bob Covello expands on his thoughts about two-factor authentication (2FA). We in the infosec community have made enormous progress towards getting multi-factor authentication the recognition it deserves. All the respected folks in the community have […]… Read More

The post Opinion: Back to the Start for 2FA Adoption? appeared first on The State of Security.

Privacy and Permissions | Google+

With Google making headlines about the privacy of apps and the breaking news of the Facebook data breach earlier this year, it has become clear that the apps on our phones are now holding, and disseminating, large amounts of data and are doing so most of the time. More often than not, we as consumers don’t know what they are sharing or what we have given consent for these apps to do.

We often trade privacy and data usage agreements we might not be comfortable with, for a membership to an online community, an app, or a network.

Kit Walsh, a staff attorney with the Electronic Frontier Foundation, a digital rights advocacy group mentioned, “It would take you two months to read all of the agreements that you click through in a year. The PayPal terms of service is longer than ‘Hamlet’ and lot less interesting to read.”

In this age of data prevalence and machine learning, permission is an increasingly valuable asset. Privacy permissions are supposed to provide a barrier between information shared and the app creators – but these permissions are often vague, and at times withhold functionality of permissions you are granting.

Where once companies created seemingly intentionally long privacy policies, the increased scrutiny from federal regulators has caused tech companies to take steps in improving and clarifying privacy policies for their users. With the latest announcement of Google discovering a bug that allowed app developers to access users data as well as their friends, Google is taking steps to up its protections.  

Customers have expectations for who they do business with, and if they are willing to trust their data with a company, privacy and protection should be upheld. Transparency in security measures is especially important today because fraudsters evolve with and know the in’s and out’s to authentication and security measures. Privacy policies and security measures can demonstrate that customer experience is a priority by use of technology like machine learning and AI – rather than easily surpassed traditional methods of authentication.

The post Privacy and Permissions | Google+ appeared first on Pindrop.

The Future of Voice, Fraud, and the Impact to CX | A Recap

Voice is growing out of the call center, out of your telephone and is growing into the next interface. In previous years, we have released fraud reports revolving around the call center, but with the expansion of voice, and the fraud that follows, we have shifted our perspective to voice intelligence – after all, voice is everywhere: your digital assistant, your latest kitchen appliance, and even your car.

The eras of economies have passed us by, first characterized by digitalization, then the wave of mobile devices, and now by voice – paving the way to the conversational economy. These economies are accompanied by their own collection of problems – and fraudsters are not letting up. There has been a 350% increase from 2013 to 2017 in phone fraud, and a 47% increase from last year. Banks and the insurance industry are experiencing a higher level of fraud, with a 20% and 36% increase in fraud year over year respectively.

So how did we get to these increased fraud rates?

There have been an increasing amount of data breaches year over year; last year, there were 1,300 data breaches. These breaches make it easy for criminals to commit fraud – ultimately feeding into the $1.5 trillion cybercrime market. Additionally, a lot of enterprises rely heavily on KBAs, or knowledge-based authentication questions, which function as secrets for security. These “secrets” can be easily hacked through social engineering or through the black market.

The arrival of the omnichannel has not helped with containing fraud – consumers want to be able to contact a business through any channel, with the expectations for the experience to remain consistent. However, there are consequences for the omnichannel – it allows fraudsters to use resources from one channel to access an individual’s details in another channel. Lastly, as we build more tools to stop fraud, fraudsters are evolving quickly and learning how to combat these security measures.

Overall, fraud is the ultimate impact to customer experience – your customers have expectations for who they do business with, and if they expect their data to be safe with you, this should be upheld. We’re living in a world where consumers are likely to switch who they do business with if their customer experience expectations are fulfilled.

For more information on the future of voice, fraud in the voice channel, and the impact it has on customer experience, tune into our on-demand webinar here.

The post The Future of Voice, Fraud, and the Impact to CX | A Recap appeared first on Pindrop.

A [Female] Voice of Concern

The number of people using digital assistants are growing by the day, and the increasing popularity has led to predictions of as many as 75% of US households owning smart speakers by 2020 according to Gartner. Within this expansive growth, there are several brands of assistants, including Amazon Alexa, Google Home, and Microsoft Cortana, taking the lead. Their offerings contain many similarities, and of course differences too, but when it comes to the obvious characteristics – what do these devices all have in common? The voice behind the technology, in each device, is female.

A recent study questioning the design of artificial intelligence revealed that out of almost 12,000 people from 139 countries, 44% prefer their digital assistant to be gender neutral. However, when broken down into gender, 36% of men thought the assistant should be gender neutral, contrasting to 62% of women. While most assistants offer voices of either gender, the default is female – and is lacking a gender neutral option completely. This opens up the question: why?

Tech companies are beginning to recognize the parallel between the voice – whether female or male – to the role of the assistant itself as they become more ubiquitous. Alexa, Siri, Cortana, and Google Assistant are all synthesized versions of a woman – required to answer questions and demands in a polite manner. On the other hand, IBM’s Watson is male, holding a higher role of leadership and knowledge, compared to its female counterparts. These preferences and the difference can be linked to norms tied to tradition or other cultural values, furthering gender bias.

Examining this concern and contemplation regarding why the default voice is female, many AI companies have, or are, considering moving towards a more inclusive design. While the bias within voice AI is seemingly present, how is speech recognition, natural language processing, text to speech, and voice biometrics technologies impacted with the same bias?

Each of these technologies require large amounts of data for machine learning – and male voices are dominating these datasets. Women’s voices for speaker recognition systems are harder to recognize because training data has more male voices. So for Pindrop’s Deep Voice™  biometric engine – how does gender impact accuracy?

We take great care in balancing gender in our data set evaluation. Today we’re working with the largest banks globally. When you take a look at what that means in the US – the top banks account for 60% of the US population demographic, which is evenly split between men and women.

Artificial intelligence is destined to power some of our most important services, but there’s growing concern that it could repeat much of the prejudice that humans have about race, gender and more because of the way it’s built. There’s a lot of work from the major players to evaluate these systems and remove prejudice from AI.

The post A [Female] Voice of Concern appeared first on Pindrop.

Zelle | A direct funds transfer disruptor…What Are You Trading For Convenience?

With convenience on the mind of most consumers, peer to peer payment apps are making it easy to transfer money to friends, family, or acquaintances. The money-transfer market is dominated by Venmo and Paypal, however, Zelle is quickly catching up, offering an alternative that is backed by U.S. financial institutions. Zelle is known for its pervasive nature, as a natural extension to a consumer’s existing mobile banking app and the speed it is able to offer funds transfers from account to account directly. This differentiates from Venmo, Square (and even Paypal) that have elements of a “mobile wallet,” which can be seen as more of an ‘escrow account’ before your money clears the transfer. Zelle is quickly disrupting the money-transfer space.

The almost frictionless enrollment and speed that Zelle supports financial transfers has exposed some potential misuse patterns. As the New York Times found, the perks embedded into Zelle are not only attracting customers, but criminals as well. Fraudsters are taking advantage of the system to drain the bank accounts of unsuspecting Zelle users – or nonusers. Some victims of Zelle fraud had never used, or heard of, the money-transfer application prior to the discovery of an empty bank account. So, what makes Zelle so susceptible to fraud?

In efforts to catch up with Venmo and Paypal, many banks moved quickly in implementing Zelle. Normal security processes may have been reduced in an effort to provide a more frictionless experience, with some banks implementing Zelle with reduced protections, like no two-factor authentication or behavior monitoring, to send a payment. Additionally, within the Zelle network, checking accounts are linked directly to other checking accounts – allowing the transfer to be completed in seconds and making it difficult to reverse fraudulent transactions.

Venmo and Square both rely on unique usernames to initiate transfers, whereas Zelle operates under either a user’s phone number or email address. If a single phone number happens to be tied to two (or more) individuals, transfers can easily be sent to the wrong person. If this were to happen, and the transfer was initiated and unknowingly sent to the wrong person, the bank may not have to refund the claim, because the bank may not be obligated to intervene.

Peer to peer payment apps can provide a fast and convenient way to send money, but that convenience may come with a price. The vulnerabilities present in sending money this way is akin to sending cash in the mail. The convenience is alluring but the risk may be higher. App users should use caution when sending money to any unknown parties, and try to set up alerts to be notified of any transfers. Financial institutions should be on high alert for password reset requests coming through the call center, as this could be an early indicators of fraudsters attempting account takeover of your Zelle app to send themselves your money.

It is clear that users see enormous value from the convenience provided by Zelle’s frictionless and near instantaneous support of direct funds transfers. Let’s make sure that the value and convenience that this service offers are not also being offered to those with mal intent to misuse this service.

The post Zelle | A direct funds transfer disruptor…What Are You Trading For Convenience? appeared first on Pindrop.

Pindrop® Express | Authentication, Risk, CX and the Enterprise

Businesses today often suffer from lagging or inefficient authentication solutions – from knowledge based authentication questions (KBAs) to simple caller ID verification. These traditional methods are tedious and create friction within the overall customer experience, extending call handle time which also impacts operational costs. Additionally, we are moving into an era defined by a conversational economy – which has placed expectations on enterprises to support the growing popularity and use of voice technology by customers.

Aligned with the voice first movement, Pindrop® Express, a risk-based authentication solution, can validate a customer’s phone number prior to the call arriving at the contact center, delivering a “yes” or “no” authentication decision. Going beyond phone number validation, Pindrop Express works within carrier networks, gaining access to additional metadata. The calls are analyzed using a proprietary risk engine and then the validated caller ID is matched to a customer number on file to provide the simple authentication decision. Pindrop Express removes friction by verifying legitimate calls, reducing the amount of time consuming KBAs required, and enabling more advanced self-service transactions.

  • Authentication

Pindrop Express leverages intelligence from carrier networks, allowing ANI validation prior to the phone ringing. This pre-ring authentication will reduce call handle time by removing lengthy authentication practices (KBAs), eliminating some of the friction of the overall customer experience.

  • Risk Assessment

Beyond ANI validation, Pindrop Express includes Pindrop’s proprietary risk engine and intelligence from the Pindrop Consortium – allowing more than just spoofed calls to be stopped.

  • Customer Experience

With reduced average call handle time, Pindrop Express reduces the need for extensive identity verification methods for most of your customers. With less friction encountered, customers are granted a quicker resolution.

Requiring no enrollment and offering passive authentication that works on every customer call – regardless of whether they have previously called, Pindrop Express is fit for enterprises of all sizes.

Learn more here.

The post Pindrop® Express | Authentication, Risk, CX and the Enterprise appeared first on Pindrop.