Online fraud grows up

Financial institutions worldwide are subjected on a daily basis to identity theft attacks, which have become the fastest growing white-collar crime in America. Bill Conner explains how financial institutions must take a more comprehensive approach to protecting against new and innovative attacks by sophisticated criminal organizations.

What are the top two challenges currently facing financial institutions in dealing with fraud?
Bill Conner. The internet offers financial institutions the promise of delivering new services at a fraction of the cost of traditional channels. This helps reduce their operating costs and significantly grow their customer base, as consumers want to go online and take advantage of them. But the challenge lies in being able to offer these services across new and sophisticated channels - for example the mobile channel - while not sacrificing security or usability.

Fraud is becoming pervasive and much more sophisticated, translating into growing real dollar losses. Financial institutions are being hit non-stop with innovative attacks, such as the latest man-in-the-browser (MITB) attacks initiated via phishing attacks. This is leading to higher losses than ever before, for individuals, and for businesses - a recent FBI study highlighted that potential losses from attempted MITB and other attacks could have exceeded $100 million (October 2009). In addition to the loss of consumer confidence, brand erosion, and the direct costs of online fraud, the banks are now being sued by businesses for not providing stronger protection.

What are institutions doing today to combat online fraud?
BC. Every financial services organization that is concerned about fraud is doing something. The question of how it's working is really found in how comprehensive the approach is and at what cost. The base level of SSL security - the padlock in the browser - is in place today protecting sensitive transactions. Most organizations also have some form of fraud detection in place. The challenge is that it is typically a post-transaction approach, looking at things after-the-fact. This leaves the organization vulnerable to the latest generation of malware attacks.

Given the current situation, what should organizations do to protect their users?
BC. Financial institutions need to understand the complexity of today's attacks. Organizations should look beyond solutions that address fraud on a per application basis. A more comprehensive approach is required. The modern version of fraud detection solutions offer organizations the ability to detect and defend against fraud in real time, a critical capability given how fast criminals move. Because of the new attacks, like MITB attacks, it's critical that a fraud detection solution be able to capture and analyze all of the data, not just select points in a web site. The solution also needs to be able to rapidly adapt with the business, enabling new services, while detecting new forms of fraud - all without changing the applications. Finally, fraud detection should be implemented in combination with an integrated authentication platform - one that supports multiple authentication capabilities, providing flexibility to address a range of needs and user types.

What can Entrust provide organizations?
BC. Entrust delivers a complete solution for detecting, defending and adapting to online fraud. As one of the pioneers of Extended Validation (EV) Certificates, Entrust provides organizations the ability to deploy the latest in web browser security with industry leading capabilities that make management of large scale deployments seamless. Our zero touch fraud detection solution delivers next generation capabilities for detecting and defending against the latest identity theft ploys, including MITB attacks that many of our competitors simply cannot catch without cost-prohibitive application changes or by forcing client software onto the user. Rated a leader by Gartner, our fraud detection solution fits seamlessly with our proven versatile authentication platform, offering organizations one of the widest ranges of authentication capabilities on the market. In combination, Entrust provides financial institutions with a complete solution to address online fraud today and adapt in the future.

Bill Conner is President and Chief Executive Officer of Entrust.With a career that spans more than 25 years across numerous high-tech industries, he is among the most experienced security and infrastructure executives worldwide. He engineered the acquisition of Entrust by private equity firm Thoma Bravo in July 2009, and immediately before joining Entrust he held various senior executive positions at Nortel Networks.