Companies have spent a great deal of time and money protecting their core systems and infrastructure from cyber attacks — hardening their perimeters and moving to risk-based authentication for moderate to high risk resources. The collaborative environment of modern companies also means that there are quite a few “extranets”, which allow for information sharing with partners, third-party vendors, and customers. Ongoing attacks against major retailers, banks, and other organizations highlight the criticality of protecting these extranet environments with the same level of diligence that is used for internal resources.
Managing identities and reviewing the risk and fraud potential of high volume external user populations can be challenging. While hashing information and passwords does provide some additional level of protection, it does not prevent the negative attention garnered when this information is unintentionally released. Successful data security systems rely on defense-in-depth — a method of combining multiple authentication strategies with the right combination of enterprise security solutions to better assure the organization that the user on the opposite end of the online transaction, even a third-party transaction, is the person the company expects to be executing that specific transaction.
Existing authentication methodologies involve three basic “factors”:
- Something the user knows (e.g., password, PIN, personal data)
- Something the user has (e.g., cell phone, ATM card, smart card)
- Something the user is (e.g., biometric characteristic, such as a fingerprint)
Authentication methods that depend on more than one factor are more difficult to compromise than single-factor methods. Adoption of this approach for protecting internal or external resources provides organization with access to strong, progressive authentication vectors, compliant to NIST Level 3, including hard or soft OATH tokens, SMS messaging, IVR, and voice biometrics which offer solutions for the enterprise in a single platform.
The post Allaying concerns about fraud from third-party vendors appeared first on Insights.