RSA Customer Profiles

Transcription

RSA Customer Profiles:
RSA® Identity Protection and Verification
Click for industry index
Click for region index
RSA® Identity Protection and Verification case studies by product
RSA Adaptive Authentication
RSA FraudActionTM
RSA Israel
Banco Popular de Puerto Rico (BPPR)
Bancolombia
Bancolombia
Česká spořitelna
Central 1
European Banking Group
U.S.-Based Bank
International Financial-Services Organization
PayChoice
KASIKORNBANK (KBank)
Zurich Financial Services
Large U.S. Retail and Commercial Bank
WebMD
Online Financial Services Company
Rapattoni
paysafecard
Randolph-Brooks Federal Credit Union
RSA Adaptive Authentication for
eCommerce
State Employees’ Credit Union
Large Bank
Indue
RSA Transaction Monitoring
Deutsche Postbank Group
Banco Sabadell
RSA eFraudNetworkTM
RSA Silver Tail
Luxury eCommerce Site
Online Marketplace
Large Retailer
Click for industry index
Click for product index
RSA® Identity Protection and Verification case studies by region
Asia Pacific
North America
Central 1
Indue
Large Retailer
EMEA
Česká spořitelna
Online Marketplace
PayChoice
paysafecard
Rapattoni
RSA Israel
Banco Sabadell
U.S.-Based Bank
WebMD
Latin America
Bancolombia
South America
Large Bank
Click for product index
Click for region index
RSA® Identity Protection and Verification case studies by industry
Banking and Financial Services
Healthcare
WebMD
Banco Sabadell
Bancolombia
Retail
Central 1
Česká spořitelna
Online Marketplace
Large Retailer
Indue
Technology
Rapattoni
RSA Israel
Large Bank
PayChoice
paysafecard
U.S.-Based Bank
BANCO POPULAR DE PUERTO RICO (BPPR)
Security technology combats phishing attacks
and provides strong authentication
AT-A-GLANCE
Key Requirements
–– Required by Federal Financial
Institutions Examination Council
(FFIEC) to introduce multi-factor
authentication (MFA) for user
access into online banking services
–– Risk assessment showed that its
existing in-house security system
was not adequate to meet these
new demands
Solution
–– D
eployed RSA® Adaptive
Authentication MFA for online
banking access
–– R
SA FraudAction™ anti-phishing
rolled out to combat an increase
in phishing attacks
–– R
SA SecurID® authentication
deployed to secure employee
remote access to the corporate
intranet
Results
–– A dramatic reduction in the number
of phishing attacks, with customers
now benefitting from peace of
mind, knowing that their assets are
fully protected
–– Time and costs associated with
shutting down fraudulent sites
have been reduced, meaning BPPR
can take a more proactive approach
to combating phishing scams
CUSTOMER
PROFILE
“Multi-factor authentication and anti-fraud technologies have
enabled us to accelerate the speed at which we can identify and
prevent phishing attacks in the online channel. Rather than a
reactive approach, we are now able to proactively identify
fraudsters and shut down fraudulent sites.”
CAMILLE BURCKHART, SENIOR VICE-PRESIDENT, TECHNOLOGY MANAGEMENT DIVISION AT BPPR
“We have implemented a risk-based authentication process for
our Internet service channel. The system has proved to be very
effective. Anti-fraud technology has provided us with a more
efficient and proactive way to detect and monitor potential
phishing attacks or fraudulent websites which might have a
direct impact on our brand and services.”
MIGUEL MERCADO TORRES, CISO, VICE-PRESIDENT, OPERATIONAL RISK MANAGEMENT AT BPPR
Banco Popular de Puerto Rico is Popular, Inc.’s main subsidiary and the
largest commercial bank in Puerto Rico. It provides the most extensive
and complete distribution network in Puerto Rico, with 196 branches,
over 620 ATMs, more than 27,162 point-of-sale terminals, a 24/7 call
center, and an advanced Internet banking service. To find out more,
visit www.popular.com.
KEY REQUIREMENTS
As Puerto Rico’s largest commercial bank, Banco Popular de Puerto Rico (BPPR) takes the
security of its customers’ assets extremely seriously. To authenticate users of its online
banking services, BPPR had in place a three-step password system based on its own in-house
technology. Customers were asked to answer one of three rotating questions (all previously
chosen by them), as well as one set question, before finally being asked to enter a PIN.
While this existing system was effective in preventing phishing attacks on BPPR’s existing
customers, it was required by FFIEC to introduce MFA. An extensive risk assessment
carried out by the bank showed that its existing in-house system was not sufficient to
meet these latest compliance demands.
As a result, BPPR searched for a brand new alternative, an MFA solution that would
enable it to meet FFIEC requirements. What’s more, it had to find this solution quickly
as the FFIEC deadline was looming.
SOLUTION
RSA Adaptive Authentication
Initially BPPR decided to deploy an MFA solution from one of its existing vendors, but
found this vendor to be extremely unresponsive. BPPR then reached out to RSA – The
Security Division of EMC, and was immediately impressed by RSA’s MFA solution, as well
as RSA’s responsiveness.
RSA Adaptive Authentication leverages risk-based authentication (RBA) technology to
identify fraud and high-risk transactions. The system is supported by the RSA Risk Engine,
which tracks more than 100 fraud indicators in order to detect suspicious activity. The
Risk Engine assigns a unique risk score to each transaction: The higher the score, the
greater the likelihood that a transaction is fraudulent.
RSA Professional Services
RSA Professional Services helped with what was a very customized implementation,
providing ongoing consultation around how the solution could be adapted to fit the
bank’s requirements. During the implementation of RSA Adaptive Authentication, BPPR
saw a dramatic increase in phishing attacks so BPPR decided to bolster security further
by signing up to RSA FraudAction anti-phishing.
RSA FraudAction & Anti-Fraud Command Center (AFCC)
RSA FraudAction anti-phishing is a proven service geared toward stopping and preventing
phishing attacks that occur in the online channel. It includes 24x7 monitoring and
detection, real-time alerts and reporting, forensics and countermeasures, and site
blocking and shutdown.
At the core of the FraudAction service is RSA’s exclusive Anti-Fraud Command Center
(AFCC). RSA’s experienced team of fraud analysts work to shut down fraudulent sites,
deploy countermeasures, and conduct extensive forensic work to stop online criminals
and prevent future attacks.
RSA SecurID
BPPR has also deployed RSA SecurID two-factor authentication to secure employee
remote access into the corporate intranet; approximately 500 RSA SecurID hardware
tokens are in use.
RSA SecurID two-factor authentication is based on something the user knows (a
password or PIN) and something the user has (an authenticator). It provides a much more
reliable level of user authentication than a user name and password, which is what the
bank had previously relied on.
Miguel Mercado Torres, CISO, Vice President, Operational Risk Management at BPPR,
said: “We were keen to upgrade our solution in light of the increase in cyber threats and
cyber fraud activity. By adding in an extra layer of security for access into the corporate
intranet, RSA SecurID authentication enables us to increase the number of people who
are able to work from home, and also enables the sales team to complete more
transactions while out in the field.”
page 2
RESULTS
Since deploying RSA Adaptive Authentication, BPPR has seen a dramatic reduction in the
number of phishing attacks. As a result, customers benefit from peace of mind, knowing
that their assets are fully protected.
“We were keen to upgrade
our solution in light of the
increase in cyber threats and
fraud activity. By adding in
an extra layer of security for
access into the corporate
intranet, RSA SecurID
authentication enables us to
increase the number of people
who are able to work from
home, and also enables the
sales team to complete more
transactions while out in the
field.”
RSA FraudAction has greatly simplified the process of detecting, blocking, and shutting
down fraudulent sites. Previously BPPR’s internal staff handled this in-house and found
it to be a very time-consuming and costly process. What’s more, their approach was
reactive, relying on customers to inform them about issues. RSA FraudAction allows BPPR
to be more proactive, by enabling them to identify and shut down fraudulent sites before
they become a problem.
To further bolster security in the online channel, BPPR is also planning to roll out RSA
Transaction Monitoring. RSA Transaction Monitoring is typically integrated at various
points within online banking applications in order to monitor high-risk activities such
as money transfers, user profile changes, account modifications, and more.
To prevent fraudsters from setting up new customer accounts, in order to commit fraud,
BPPR is also looking to roll out RSA Identity Verification to verify the identity of callers
into its call center.
MIGUEL MERCADO TORRES, CISO,
VICE-PRESIDENT, OPERATIONAL
RISK MANAGEMENT AT BPPR
CONTACT US
To learn more about how RSA
products, services, and solutions help
solve your business and IT challenges
contact your local representative or
authorized reseller – or visit us at
www.RSA.com
www.rsa.com
©2011 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, FraudAction, and SecurID
are trademarks or registered trademarks of EMC Corporation in the United States and/or other countries. All other
trademarks referenced are the property of their respective owners. BPPR CP 0711
BANCO SABADELL
Banco Sabadell fights fraud with transaction
monitoring
“We think that RSA® Transaction Monitoring is the new standard
for online fraud fighting.”
JAVIER SERRANO, DIRECTOR OF IT SECURITY BANCO SABADELL
AT-A-GLANCE
Key Requirements
–– Accurate, real-time fraud/threat
detection with minimal impact to
user experience
–– A 24x365 dedicated anti-fraud
cybercrime operation
–– Systems that learn from past
behavior to protect against future
attacks
Solution
–– Deployed online fraud-detection
and monitoring solution on top of
strong authentication controls
–– Provided customers with userfriendly online risk management
Results
–– Decrease in the number of online
attacks
–– Achieved 96 percent fraud
detection with minimal (1 out of
5,000) falsely flagged transactions
Banco Sabadell, founded in 1881, forms part of the IBEX35 and
currently heads Spain’s fourth largest banking group. With total assets
of approximately EUR 80,526 million, it has a network of 1,232 branches
in Spain, serving approximately two million customers. http://www.
bancsabadell.com/
KEY REQUIREMENTS
Banco Sabadell believed that because of the rapidly increasing sophistication and
innovation of online fraudsters, login authentication alone (even with strong
authentication) was not enough to stop online fraud.
“We think that it’s mandatory to have defense in depth,” explains Javier Serrano, Director
of IT Security at Banco Sabadell.
In this case, defense in depth demanded an invisible, real-time fraud/threat detection
and monitoring solution layered on top of strong authentication. Banco Sabadell insisted
on a security solution that was not only highly effective at detecting fraud but also did
not create too many “false positives” (flagging genuine activity as fraud). Additionally,
their solution needed to have minimal impact on end-user experience. Finally, it needed
a system that offered protection against emerging threats and was able to learn from past
behavior to guard against future attacks.
SOLUTION
In order to meet its requirements, Banco Sabadell chose RSA Transaction Monitoring due
to its strong history of being able to prevent fraud without negatively impacting the user
experience or creating large numbers of false positives. Banco Sabadell felt that RSA
offered fraud-fighting expertise while also maintaining the flexibility to adapt the solution
to Banco Sabadell’s needs.
CUSTOMER
PROFILE
RSA Transaction Monitoring is a complete online fraud-detection and management
solution that allows organizations to monitor, detect, and investigate online fraud. It is
offered in both Software-as-a-Service (SaaS) and on-premises deployments. Powered by
RSA’s field-proven Risk Engine, RSA Transaction Monitoring analyzes and calculates a
real-time and unique risk score between 0 and 1,000 for every online activity and
presents high-risk activities in a user-friendly case-management system. RSA Transaction
Monitoring works with other authentication solutions to provide an extra layer of security
to protect against advanced threats such as Trojans and Man-in-the-middle attacks.
“The system is easy to use, the
average number of daily alerts
is low and it helped us control
online fraud and be confident
with the combined security
system of strong
authentication and
transaction monitoring.”
JAVIER SERRANO, DIRECTOR OF IT SECURITY
BANCO SABADELL
The deployment of RSA Transaction Monitoring gave Banco Sabadell increased
operational effectiveness by streamlining analysts’ workloads. In addition, Banco
Sabadell was able to deploy a solution in an environment where improvements and
modifications to the application and any underlying infrastructure could be made on
an ongoing basis without burdening internal resources.
The strong reputation of RSA, The Security Division of EMC, also played a part in the
decision-making process. “What we demand of a provider is not only technological
knowledge and powerful tools but also real expertise on fraud and advice from their
experts,” explained Serrano.
RESULTS
Banco Sabadell began implementing Transaction Monitoring in late 2007. Four months
later, the solution was in production.
“The time and conditions for a successful deployment depend more on the customer
(the bank) than RSA,” Serrano noted, “because the RSA system seems ready to be
used in a few weeks.”
With the solution in place, each sensitive online banking transaction at Banco Sabadell
is protected. When users perform an activity that is protected, a risk score is calculated
based on both device and behavioral profiling. If a risk threshold, as determined by
Banco Sabadell, is exceeded, the bank has the ability to act according to its internal
policies. Both the thresholds and policies can be adjusted by Banco Sabadell using
the back-office applications that are part of Transaction Monitoring.
CONTACT US
www.RSA.com
www.rsa.com
After implementation, Banco Sabadell saw a significant decrease in the number of
attempted online attacks against their customers and their online banking system.
The solution achieved a 96 percent fraud-detection rate. This was accomplished with
an extremely low percentage of activities falsely flagged (approximately 1 in 5,000
or an average of 0.02 percent per month) and no impact on the end-user.
©2011 EMC Corporation. All rights reserved. EMC, the EMC logo, Where information lives, RSA, and the RSA logo are
trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks
mentioned are the property of their respective holders. BANCO CP 0311
BANCOLOMBIA
Colombia’s largest bank cuts fraud
attempts by 90 percent with RSA
Key Requirements
–– Combat rising fraud levels on
online-banking portal
–– Minimize impact on the end user
experience while maintaining
effective levels of security
–– Boost security profile with 24x7
monitoring of online activity and
tools to support an effective
response when attacks occur
Solution
–– R
SA® Adaptive Authentication
identifies unauthorized log-in
attempts using RSA Risk Engine,
without affecting end user experience
–– R
SA SecurID® hardware
authenticators for Bancolombia’s
corporate-banking clients enhance
access security with two-factor
authentication
–– R
SA FraudAction™ service provides
constant monitoring of online threats,
helping track and neutralize attacks
on Bancolombia and its customers
Results
–– Fraud incidents reduced by 90 percent
–– Simplified user experience for
retail-banking customers, with
Adaptive Authentication working in
the background to determine risk of
unauthorized access attempts
–– B
ancolombia is better equipped to
prevent and respond to online attacks
CUSTOMER
PROFILE
“Incorporating RSA solutions into our online-banking portal has
helped us offer a safer experience that customers can trust to be
secure against fraud and phishing attempts. The statistics speak
for themselves: We have seen a 90 percent reduction in fraud
since deploying the technology. Both our retail and corporate
customers have benefitted, and we are in a stronger position
to meet our regulatory requirements.”
CARLOS RODRIGUEZ, INTERNET MANAGER, BANCOLOMBIA
Bancolombia is the largest commercial bank in Colombia and one of the
largest in the Latin America region. It offers both retail and corporate
financial services, including saving and current accounts, debit and
credit cards, pension plans, mortgages, and personal and business
loans. Headquartered in Medellín, Colombia, it also has operations in the
U.S., Peru, El Salvador, Panama, Puerto Rico, and the Cayman Islands.
KEY REQUIREMENTS
Bancolombia is a leading name in the world of finance, both in its native Colombia and
across many other Latin American markets. Since starting out in 1945, it has established
an extensive customer base that includes both corporate and retail customers, providing
banking services to around 60,000 organizations and over 1.5 million individuals.
Bancolombia provides an online-banking portal that makes it easier for customers to manage
their financial activity. This is used by around 90,000 contacts within the institutions it serves
and over a million of its retail customers. The transactional platform that supports the service
is hosted and operated on behalf of Bancolombia by TODO1, a company that specializes in
providing IT services to financial organizations across Latin America.
In 2008, Bancolombia began to experience a large rise in attempts to fraudulently gain
access to its online platform. “We knew we needed to respond quickly and effectively,
both for the sake of our customers and to preserve the integrity of our offering,” says
Carlos Rodriguez, Internet Manager, Bancolombia. “Until that point, we had relied on
applications we had developed in-house to prevent attacks. However, the severity of the
fraud activity we were starting to see highlighted the need to strengthen our defenses
with dedicated security solutions.”
A priority for Bancolombia was improving the security of its online-banking platform
without detrimentally affecting customers’ experience of using the service. For corporate
accounts, the local regulatory authority required it to also offer hardware-token-based
authentication security to protect high-value business transactions.
In addition to improving access security, Bancolombia also wanted to enhance its awareness
of the online-fraud landscape and activity on its own systems. It needed a set of security tools
to monitor activity, track threats, and provide support when a response was necessary.
“The combination of RSA
Adaptive Authentication, RSA
SecurID, and RSA FraudAction
service with the support of
TODO1 helps protect our
online-banking portal from
fraud attempts both at the
point of access and on a
continuous basis. We are now
less likely to suffer from an
attack and are better prepared
to respond if an incident
does occur.”
CARLOS RODRIGUEZ, INTERNET MANAGER,
BANCOLOMBIA
SOLUTION
Preserving the ease-of-use of its online-banking portal was a priority, so Bancolombia
decided to deploy RSA Adaptive Authentication for its enterprise and retail customers.
This provides an effective but unobtrusive means of authenticating access attempts. The
solution seamlessly integrates into browser-based log-in processes, without requiring
users to install any additional software or hardware.
For its corporate clients, Bancolombia also offers RSA SecurID hardware authenticators to
provide two-factor authentication when users attempt to access its online-banking
platform, in accordance with the requirements of the regulatory authorities. It distributed
these to approximately 90,000 users of its systems.
Bancolombia relied on the support of TODO1 during the deployment. TODO1 liaised with
RSA Professional Services to provide full support throughout the implementation of
Adaptive Authentication, from sharing examples of best practices during the planning
stages, through overseeing the integration of the technology into Bancolombia’s existing
online-banking portal, and managing the service on an ongoing basis. When deploying
RSA SecurID authenticators to its corporate customers, Bancolombia worked directly with
RSA, with additional support provided by TODO1 once the solution was in place.
To enhance its ability to track and respond to fraudulent activity against its onlinebanking platform, Bancolombia implemented RSA FraudAction service. Managed by RSA
security experts, this provides 24x7 monitoring of the online-fraud environment and of
phishing and Trojan threats specifically against Bancolombia and its customers, as well
as tools to investigate and neutralize attacks. As the service is managed externally, only
minimal work was required to integrate it with Bancolombia’s systems, with the
deployment taking only a week. TODO1 oversees its operation on an ongoing basis and
feeds back the insights gathered into online-fraud trends to executives at Bancolombia.
RESULTS
Once the RSA solutions were in place, Bancolombia soon saw a dramatic reduction in the
level of fraudulent activity against its online platform: “Fraud fell by around 90 percent
after we added the technology and has remained consistent since,” says Rodriguez.
With RSA Adaptive Authentication, Bancolombia’s online-banking portal benefits from the
addition of secure but subtle authentication when customers attempt to access the service.
To log in, users are only required to enter a user name and password. Despite the apparent
simplicity of this process, in reality Adaptive Authentication works in the background to
evaluate the risk of an unauthorized-access attempt. It can respond by requiring the user to
input further identifying information to confirm the attempt is genuine if the level of risk is
deemed to be too high, as determined by Bancolombia’s security protocols.
RSA SecurID is now used by Bancolombia’s corporate customers when accessing their
online-banking services. “Each of the professional users who access our platform on
behalf of their organization now has a hardware authenticator that is unique to them. In
order to gain entry to the system, they use this to generate a one-time access code that
cannot be produced by any other means, but which is recognized by our systems. This
adds a powerful extra layer of security to the log-in process and means that anyone trying
to access our banking portal must have the relevant token in hand,” explains Rodriguez.
page 2
RSA’s FraudAction service reinforces the security these solutions provide at the point of
access by enhancing Bancolombia’s overall ability to detect and respond to fraud
attempts. A dedicated team of RSA experts constantly monitors for signs of fraudulent
activity, allowing the bank to respond quickly in the event of an incident. The service also
provides Bancolombia with a powerful range of tools to support a security response,
including those needed to forensically investigate an incident.
CONTACT US
www.emc.com/rsa.
www.emc.com/rsa
©2012 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, FraudAction, and SecurID are
trademarks or registered trademarks of EMC Corporation in the United States and/or other countries. All other
trademarks referenced are the property of their respective owners. BANCOL CP 0512
CENTRAL 1
Risk-based authentication and fraud-detection
platform bolsters online banking security
Key Requirements
–– Wanted accurate, real-time fraud
user experience
–– Was keen to strengthen security to
support the introduction of new
higher-risk transaction services,
such as email payments
Solution
–– Rolled out a risk-based
authentication (RBA) and frauddetection platform to 87 customers.
Also deployed two-factor
authentication to provide
employees with remote access
into the VPN
Results
–– Member credit unions’ customers
benefit from peace of mind that
their assets are secure
–– Facilitated the introduction of new,
‘higher risk’ transactions, helping
to deliver an improved service to
end users
“Our clients have welcomed our risk-based authentication and
fraud-detection platform, providing their customers with a
higher sense of security when banking online, improving
customer confidence.”
JENS HERTHA, PRODUCT MANAGER OF CONSUMER ONLINE BANKING, CENTRAL 1
Central 1 is the central financial facility and trade association for the
British Columbia and Ontario credit union systems, representing
member-owned financial institutions that serve 2.9 million members
and hold more than $65 billion in assets. Central 1 is the backbone for
powering direct banking and payments to the credit unions, as well as
selected corporate clients. To find out more, visit www.central1.com/
thinkingforward.
KEY REQUIREMENTS
Central 1 provides liquidity management, payments, internet banking, and trade
association services to member credit unions throughout British Columbia and Ontario,
as well as banking and transaction services to over 300 corporate customers across
Canada.
Its online banking service has more than 4.5 million users and receives approximately
10 million logins per month. As such, Central 1 takes the security of its customers’
assets extremely seriously.
Historically, customers logged into an online banking account in one of two ways:
entering their debit card number together with a PIN or entering their branch and
account number together with a PIN.
This system worked well, but Central 1 wanted to strengthen security as it planned
to introduce some higher-risk transaction services, such as email payment transfers
between banks and members.
CUSTOMER
PROFILE
Financial services institutions across Canada had started to migrate to two-factor
authentication solutions for internet banking. Spurred on by customer interest, Central 1
was also keen to introduce risk-based authentication (RBA) to add an extra layer of
security for customers logging in to its online banking services.
SOLUTION
“Thanks to our RSA frauddetection platform, the end
users of our member credit
unions benefit from greater
peace of mind knowing
that their assets are more
securely protected.”
JENS HERTHA, PRODUCT MANAGER OF
CONSUMER ONLINE BANKING, CENTRAL 1
Central 1 began to evaluate the different solutions available on the market. Initially it
considered issuing customers a card that displayed an additional PIN, but decided
against this due to costly implementation and maintenance issues. Another option was
to implement a solution that asked users to enter specific digits from a six-digit number
of their choice, but this did not provide adequate anti-phishing protection.
After significant due-diligence, Central 1 chose to roll out a multi-factor authentication
solution from RSA, The Security Division of EMC. RSA® Adaptive Authentication is an RBA
and fraud-detection platform that measures over 100 risk indicators to identify high-risk
and suspicious activities.
RSA Adaptive Authentication conducts a risk assessment of all users behind the scenes.
A unique risk score is assigned to each activity, and users are only challenged when
an activity is identified as high-risk and/or an organizational policy is violated. This
transparent authentication enables Central 1 to increase security without compromising
user convenience.
Central 1 has also deployed RSA SecurID® two-factor authentication to provide
employees with remote access into the VPN. Currently, a combination of around
100 software and hardware tokens are in use.
RSA SecurID two-factor authentication is based on something the user knows (a
password or PIN) and something the user has (an authenticator). It provides a much
more reliable level of user authentication than reusable passwords, which is what
Central 1 had in place before.
RESULTS
CONTACT US
www.RSA.com
www.rsa.com
Since rolling out its RBA and fraud-detection platform, Central 1’s clients have found that
their customers have benefitted from greater peace of mind knowing that their assets are
more securely protected.
By keeping its members’ end users happy, Central 1 is providing its member credit unions
with the best possible level of service, helping them to reduce customer churn and
maintain business.
Central 1’s aim is to consistently overdeliver on its members needs and expectations
by providing innovative products and services. Increasing the security of its online
banking services has also enabled Central 1 to deliver an improved service to end users.
©2011 EMC Corporation. All rights reserved. EMC, the EMC logo, where information lives, RSA, the RSA logo, and
SecurID are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other
trademarks mentioned are the property of their respective owners. CCU CP 0211
ČESKÁ SPOŘITELNA
Leading Bank Puts its Trust in RSA® FraudAction™
for Customer Protection
AT-A-GLANCE
Key Requirements
–– Retain reputation for
trustworthiness by taking proactive
stance against fraud threats
–– Enhance ability to rapidly detect
and retrieve stolen credentials
–– Speed ability to neutralize phishing
attacks and minimize fraud losses
Solution
–– RSA FraudAction anti-Trojan and
anti-phishing Service
–– Proof of concept (PoC) revealed
extent of Trojan impact on bank’s
customers and enabled action to
be taken
Results
–– Resolution of typical phishing
attack reduced from weeks to
between two and 12 hours
–– Millions of Czech crowns saved
in averted fraud losses
–– 150 stolen credentials retrieved
“By implementing the RSA FraudAction service, we have accelerated
our ability to neutralize phishing attacks from weeks to just a few
hours. We have also averted millions of Czech crowns-worth of
fraud losses, which is great news for us and – more importantly –
our customers.”
DAVID LORENC, DIRECTOR, DIRECT BANKING, ČESKÁ SPOŘITELNA
Česká spořitelna is the biggest bank in The Czech Republic by number
of customers with 5.2 million clients. It is part of the Erste Group, which
serves 17 million customers across Central and Eastern Europe. It has
issued more than 3.2 million payment cards, has a network of 653
branches, and operates more than 1,376 ATMs.
KEY REQUIREMENTS
Voted the Czech Republic’s ‘Most Trustworthy Bank’ by Fincentrum for seven years in a
row, Česká spořitelna has a reputation to uphold. This trustworthiness can come in many
forms – from providing customers with straightforward advice on managing their monthly
finances, to having the right measures in place to protect their hard-earned funds from
falling into the wrong hands.
Following a number of phishing attacks against its customers, the bank wanted to take
a firmer stance against fraud. Its aim was to ensure that the almost 1.5 million users
of its online banking service would have peace of mind. The bank’s existing anti-fraud
measures took weeks to resolve a phishing attack so it needed to ensure that when
attacks did occur they could be resolved quickly. At the same time it wanted to ensure
that the user experience was not negatively impacted and customers were not asked to
go through complex security measures each time they accessed their online account.
“We wanted to take a proactive approach so that we could deal with any future threats
before they impacted our customer base,” explains David Lorenc, Director, Direct
Banking, Česká spořitelna. “This meant that we needed to consider types of fraud beyond
phishing.” The bank realized that a number of its customers did not have sufficient virus
protection on the devices through which they accessed their online accounts, meaning
that they were also vulnerable to Trojan attacks. It therefore wanted to implement a
solution that would help it protect users from this risk as well.
CUSTOMER
PROFILE
SOLUTION
In order to match its position as a leader in its market, Česká spořitelna wanted to work
with the leading security provider to address its requirements and provide its customers
with the most robust protection. It therefore chose to run a proof of concept of the RSA
FraudAction service from RSA – The Security Division of EMC.
“Our cooperation with RSA
has helped us build a greater
level of trustworthiness for
our customers. Our proactive
commitment to protecting
their investments with us,
combined with our use of
industry-leading technology
to do so, acts as a strong
differentiator for us and helps
attract new customers.”
MILAN HAŠEK, IT SECURITY DIRECTOR
AT ČESKÁ SPOŘITELNA
The solution is offered as a suite of managed services supported by the RSA Anti-Fraud
Command Center (AFCC), so the bank was able to select the services that it wanted to
apply to its online banking platform. It ran a proof of concept (PoC) over two months of
both the anti-Trojan and anti-phishing services. Service level agreements were defined
to ensure that Česká spořitelna’s specific needs were met.
As the majority of its fraud exposure to date had been via phishing attacks, the bank was
particularly interested in finding out how much of a threat was posed by Trojans as part of
the PoC. Expecting only a handful of threats to be detected, it was surprised to discover
that around 100 customers were affected over the two months.
“RSA was able to not only detect these threats but also provide us with the information
needed to alert the customers and help them take steps to combat threats. Moreover,
RSA provided us with the capability to retrieve stolen credentials, which had not been
possible before,” comments Lorenc. These results convinced Česká spořitelna of the
value of the RSA FraudAction service.
RESULTS
After a year and a half of using the RSA FraudAction anti-Trojan and anti-phishing
services, Česká spořitelna has seen the number and impact of fraud attacks against
its customers drop significantly.
Phishing attempts are much less frequent than before, and when they do occur, can be
neutralized rapidly – between two and 12 hours compared to weeks previously. The bank
estimates that the savings in terms of averted fraud losses amount to millions of Czech
crowns.
CONTACT US
www.RSA.com
www.rsa.com
The anti-Trojan service has continued to live up to the expectations set by its performance
during the PoC. When an attack is spotted by the AFCC team, it alerts the bank, which
blocks the customer’s online services immediately and whose call center contacts the
affected customer and advises them on how to remove the virus from their PC and
prevent future attacks. Feedback from customers is that they are pleasantly surprised
and impressed by the thoroughness with which the bank is looking after their finances.
Meanwhile more than 150 stolen customer credentials have been successfully recovered.
Milan Hašek, IT security director at Česká spořitelna, explains the importance of the new
service for the bank’s continued success: “Our cooperation with RSA has helped us build
a greater level of trustworthiness for our customers. Our proactive commitment to
protecting their investments with us, combined with our use of industry-leading
technology to do so, acts as a strong differentiator for us and helps attract new
customers.”
©2011 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, and FraudAction are trademarks
or registered trademarks of EMC Corporation in the United States and/or other countries. All other trademarks
referenced are the property of their respective owners. CESKA CP 1011
DEUTSCHE POSTBANK GROUP
Postbank cuts online credit card fraud by 85 percent
with password-free authentication solution
“RSA has accelerated our response to fraud and enabled us to
ensure that our customers and our reputation as a bank and
card issuer are fully protected.”
AT-A-GLANCE
Key Requirements
–– Accurate, real-time fraud detection
with minimal impact to the
customer experience
behavior to protect against
future attacks
Solution
–– The RSA Adaptive Authentication
for eCommerce Access Control
Server Service for 3D Secure™
was integrated with Postbank’s
payment processor Atos Worldline
–– Self-learning Risk Engine reduces
fraud losses in real time
–– Layered security integrates with
Postbank’s existing authentication
solutions
Results
–– Fraudulent transactions cut by
85 percent
–– Return on investment expected
within one year
–– None of the support costs
associated with password-based
solutions
CUSTOMER
PROFILE
STEPHAN SCHÖLZEL, STRATEGIC FRAUD MANAGER LOANS AND CARDS, POSTBANK
With 14 million domestic customers, 20,000 employees, and total
assets of €196 billion, Deutsche Postbank Group is one of Germany’s
major financial-services providers. Its focus is on retail business with
private customers. It has issued over 1.16 million credit cards and
6.46 million debit cards.
KEY REQUIREMENTS
Deutsche Postbank has over one million Visa and MasterCard credit card holders and
was experiencing rapidly increasing levels of fraud, especially in online transactions.
“Fraudsters were acquiring better technologies to get customer data,” said Stephan
Schölzel, Strategic Fraud Manager Loans and Cards, Postbank. “Customers only had to
enter their credit card number and the code from the back of the card to buy online, and
if the fraudster was able to get hold of the card or this information, it could be abused. It
was impossible for us to know whether a customer or someone else had used the card.”
Visa and MasterCard were also shifting the liability for fraudulent transactions from
merchants to banks in cases where the merchant supports buyer verification using 3D
Secure and the bank does not. 3D Secure is a process where people making credit card
purchases online are required to provide additional information to verify their identity
before the payment is allowed.
“It was important to us to ensure that customers had confidence in the security of the
credit cards we issue and to cut our losses due to fraud,” said Schölzel. “Data security
and protection of customer data are particularly sensitive issues in banking and in
Germany, and we have to protect our reputation as a bank and a card issuer.”
Postbank needed accurate, real-time fraud detection with minimal impact to the
customer experience, backed by systems that learn from past behavior to protect
against future attacks.
SOLUTION
Postbank worked with RSA to introduce 3D Secure verification for its credit cards by
integrating the RSA Adaptive Authentication for eCommerce Access Control Server Service
for 3D Secure with Postbank’s credit card processor Atos Worldline. The solution is
hosted by RSA, so it did not require any integration with Postbank’s IT architecture.
“To my knowledge RSA is the
only company that offered this
password-free solution with
the option to require stepped
up authentication only for
higher-risk transactions. We
chose it because the impact
on the customer is minimal.
Feedback from our customers
shows that they appreciate
the extra layer of security is
there.”
STEPHAN SCHÖLZEL, STRATEGIC FRAUD
MANAGER LOANS AND CARDS, POSTBANK
CONTACT US
www.RSA.com
Postbank disregarded a rival solution because it required customers to register and then
remember a password. This increases support costs due to lost and forgotten passwordchange requests and can increase abandoned transactions, which frustrates retail
partners and cuts transaction-fee income for the bank.
Instead, RSA provided Postbank with a modern, risk-based solution that only challenges
customers who are identified as being potentially risky. The Self-learning Risk Engine
reduces fraud losses in real time and the layered security integrates with Postbank’s
existing authentication solutions operated by Atos Worldline.
Only those who are engaged in potentially fraudulent transactions are challenged to
provide some personal data about the card holder’s account that they should already
know; hence there is no need for customers to remember a password, nor for Postbank
to manage a support desk to provision forgotten passwords. More than ninety percent
of customers can make a purchase without facing any challenge, and of those who are
challenged half are fraud attempts. Using RSA’s technology, few genuine customers are
inconvenienced and the total cost of the solution is kept low.
“To my knowledge RSA is the only company that offered this password-free solution,”
said Schölzel. “We chose it because the impact on the customer is minimal. We were also
concerned that fraudsters could find ways to steal passwords from the customer. Even
with fraud evolving rapidly, the RSA solution is a longer-term approach that can protect
our customers for years.”
The integration between RSA and Atos Worldline was carried out by RSA Professional
Services, and the system is maintained and managed by RSA’s operations team. RSA
Professional Services worked closely with Postbank, Visa, and MasterCard throughout the
implementation and translated the customer-facing and back-office customer service
screens so that the entire application runs in German. Training was also delivered in the
German language for Postbank. “Most of our back-office staff don’t speak English very
well, so it was hugely important for us to be able to train them in German and give them
a German-language user interface,” said Schölzel. “RSA helped us by translating key
documentation into German too, so we could secure buy-in across the company. It was
also important that somebody was leading us through the whole process because there
were so many stakeholders, including Atos Worldline, Visa, and MasterCard. The project
manager at RSA took responsibility for ensuring that everybody understood the processes
and timescales, and that we were heading in the right direction at all times.”
Before launch, the system was operated in a silent mode for six weeks so that RSA and
Postbank could gather data for the risk engine and refine the solution. Now that it is fully
operational, the system learns continuously, with data on legitimate users who are
challenged and any missed fraudulent transactions fed back into the risk engine.
RESULTS
The investment in the RSA solution is expected to pay for itself within a year and has cut
fraudulent transactions by over 85 percent based on constant transaction levels.
For high-risk transactions, Postbank is now working with RSA to introduce one-time
passwords, where customers receive a code on their mobile phones. “This will further
increase security above the level offered by static data elements,” said Schölzel.
www.rsa.com
©2011 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, and the RSA logo are trademarks or registered
trademarks of EMC Corporation in the United States and/or other countries. All other trademarks referenced are the
property of their respective owners. POST CP 1111
EMC AND WebMD HEALTH SERVICES
MD Health Services Logo
PRINT PANTONE VERSION
Blue
Black
PMS 3005
Process Black
Healthy collaboration creates EMC employee health
portal with innovative authentication technology
AT-A-GLANCE
Key Requirements
–– P
romote EMC employees’
well-being by offering secure
access to personalized healthcare
information anytime, anywhere
–– Demonstrate industry leadership
by transparently, yet securely
protecting employees’ personal
healthcare information (PHI)
Solution
–– WebMD Health Services and
EMC collaborated to develop and
integrate an employee-friendly
authentication model
–– Solution was rolled out to
approximately 24,000 employees,
with support from the EMC human
resources (HR) team
–– Solution learns behavior patterns
behind-the-scenes for accurate
authentication with minimal impact
upon users
Results
–– Utilization of the PHR is expected
to remain strong, in line with
current performance
–– Project reinforces EMC’s position as
a premier employer and expert in
healthcare IT
–– Project serves as a pilot to evaluate
new offerings that incorporate riskbased authentication from RSA
CUSTOMER
PROFILE
“Having used RSA® Adaptive Authentication earlier in my career,
I knew that it was a very robust and trustworthy authentication
solution. Given our relationship with EMC, incorporating the
technology in their employee health and benefits portal was
a natural step in our ongoing development effort.”
CHRIS BROOKS, SENIOR VICE PRESIDENT OF TECHNOLOGY, WebMD HEALTH SERVICES
WebMD Health Services provides comprehensive health management
and benefit decision-support solutions for many of the nation’s leading
employers and health plans, including EMC. As one component of its
larger, integrated solution set, WebMD Health Services offers a personal
health record (PHR), which enables users to securely gather, store,
manage, and share their own and their family’s health information.
KEY REQUIREMENTS
With 24,000 employees across the United States, EMC takes a strategic and centralized
approach to managing workers’ healthcare services. Wanting to offer more than a
standard electronic medical record (EMR) system, EMC tasked itself with giving each
employee access to a comprehensive repository of his or her medical history and
treatment information. The company chose to implement the WebMD Health RecordSM
so that its employees would have access to a secure online application that helps to
consolidate disparate sources of health information, including medical claims,
pharmacy, laboratory, and user-supplied data, while delivering personalized care
alerts and reminders.
As with any service that offers individuals access to highly sensitive personal data, it was
imperative to ensure that a strong level of authentication was in place to protect against
unauthorized access. For this reason, EMC asked WebMD Health Services to investigate
the possibility of incorporating RSA Adaptive Authentication into its PHR registration
process.
SOLUTION
“Having used RSA Adaptive Authentication earlier in my career, I knew that it was a
very robust and trustworthy authentication solution,” recalls Chris Brooks, senior vice
president of technology at WebMD Health Services. “Its risk-based authentication model
is one that we’ve seen work well in other industries, like financial services, so we were
comfortable introducing it within EMC’s benefits portal.”
“We have already seen some
interest from other customers,
so we’re evaluating
opportunities to expand our
work with RSA. Protecting the
health information of our
clients and end users is of
paramount importance for us.”
CHRIS BROOKS, SENIOR VICE PRESIDENT OF
TECHNOLOGY, WebMD HEALTH SERVICES
Teams from EMC and WebMD Health Services collaborated to integrate the RSA Adaptive
Authentication software within the technology platform. Once this work was completed,
the teams carried out checks to confirm that the new PHR authentication model would
be easy-to-use for employees. “We needed to ensure that there would be no added
complexity for users logging in to the PHR,” says Delia Vetter, HR Director at EMC.
“It had to be a seamless process for them or they would be put off using it.”
With the integration finished smoothly, EMC issued an update to its employees to explain
the new authentication model and why it was important, and to show them how to set
their own personalized authentication questions when registering on the portal.
Brooks explains: “Once the new authentication model was launched, it began an ongoing
learning process whereby the Adaptive Authentication solution began to recognize the
behavioral patterns of each individual EMC user. As its familiarity with each user and
his or her normal browser, device, IP address, and so on increases, it can make more
accurate judgments about whether additional authentication is needed. Only when a
user is exhibiting unusual behavior – logging in from a different location for example –
will he or she be challenged. In this way, the impact on users is kept to a minimum
while security remains tight.”
RESULTS
The new combination of PHR and risk-based authentication continues to enable
employees to access their health information at any time and from any device – and
even to authorize family members to do so as well – in a private, secure fashion. Since
implementing the new authentication model EMC has added several new capabilities,
including employee access to medical imaging, a mobile PHR application, and a remotemonitoring service for employees suffering from hypertension.
CONTACT US
www.emc.com/rsa.
www.emc.com/rsa
“With so much personal data kept on the portal and within the WebMD Health Record,
privacy and security are always top of mind,” continues Vetter. “We’re excited that we’ve
been able to incorporate RSA in our employee health and benefits portal and confident
that we’ve come up with a way to give each employee a truly personalized, secure service
The team at WebMD Health Services sees this project as a successful pilot of a combined
PHR and RSA Adaptive Authentication offering. “We have seen some interest from other
customers, so we’re evaluating opportunities to expand our work with RSA,” concludes
Brooks. “Protecting the health information of our clients and end users is of paramount
importance for us.”
property of their respective owners. WEBMD CP 0912
EUROPEAN BANKING GROUP
Online fraud plummets as European Banking
Group partners with anti-fraud network
AT-A-GLANCE
Key Requirements
detection to combat an upsurge
in fraud due to new online
e-commerce system
–– Ability to share cybercrime data
across thousands of network
organizations
–– System that learns from past
behavior to prevent future attacks
Solution
–– Developed and implemented a
risk-based transaction-monitoring
solution
–– Joined network which tracks
fraudster profiles, patterns, and
behavior
Results
–– Fraud levels immediately fell by
80 percent
–– Prevented more than £13 million
in attempted e-commerce fraud
–– Phishing incidents plunged
CUSTOMER
PROFILE
“Partnering in the RSA® eFraudNetwork™ has accelerated our
learning about anti-fraud technology and developing a
comprehensive fraud strategy. In fact, it’s been such a success
that what started out as a single project has now extended into
other areas of the bank and will be developed even further.”
FRAUD STRATEGY MANAGER
As one of the leading retail banks in Europe, with a number of
market-leading positions, this banking organization serves more
than 30 million people.
KEY REQUIREMENTS
In 2004, an arm of this company faced a dilemma. Global companies Visa and
MasterCard introduced a new online system, 3D Secure, that shifted liability for
online card fraud from e-commerce merchants to card issuers such as banks.
However, 3D Secure did not require mandatory registration for card holders. Immediate
registration was voluntary. A default configuration on the online page allowed
cardholders to opt out up to three times before having to register and receive a
password. Fraudsters took advantage of this by not registering their stolen cards
and gaining guaranteed acceptance at supposedly secure e-commerce sites.
Unsurprisingly, the amount of fraud using e-commerce sites spiraled. According to
industry figures, it grew to 3 percent of all transactions. Apart from undermining trust in
e-commerce transactions, card issuers also had to absorb the losses. The bank’s existing
neural-network system was unable to track the theft due to the speed at which Internet
fraud was evolving. They needed a real-time fraud/threat detection system that could
keep pace with the cybercrime surge as well as a way to network with organizations to
prevent future attacks.
SOLUTION
To find a solution, the bank engaged RSA—The Security Division of EMC. RSA was
developing a transaction-monitoring solution designed to flag potential fraudulent
activity before it happened. The bank could see the potential in the technology and
embarked on a partnership with RSA, with a view to integrating the technology into the
3D Secure system. The RSA technology was based on a new concept called risk-based
authentication. Essentially it tracked Internet data and e-commerce transaction data
parameters. These included IP address and IP geographical location, ISPs, device
“fingerprints,” merchant, country code, transaction amounts, currency, and so on.
Technically, the transaction-monitoring system broke the rules of Visa and MasterCard,
which recommended that cardholders could choose not to participate in voluntary
security registration. However, for the bank’s existing system it was a pre-requirement
that the bank’s card users needed to register before conducting e-commerce
transactions.
But both MasterCard and Visa soon became convinced when they realized that excessive
losses could undermine their 3D Secure system and that the transaction-monitoring
system had a minimal impact on customer experience.
To bolster this system, the bank also became a member of the RSA eFraudNetwork, the
industry’s first and largest cross-institution and cross-platform online fraud network. This
network identifies and tracks fraudster profiles, patterns, and behavior. When an active
fraud pattern is identified, the fraud data, transaction profile, and fingerprints are moved
to a centralized database and disseminated to all network members.
RESULTS
The transaction-monitoring solution was launched in 2004 and soon after fraud levels
dropped by 80 percent. More recently, results have been equally compelling. For
example, 90 percent of attempted ‘card not present’ fraud has been blocked and from
October 2007 into late 2008, more than £13 million of attempted e-commerce fraud
has been stopped. Between April 1st and October 1st 2008 incidents of phishing fell
by 85 percent.
CONTACT US
www.RSA.com
www.rsa.com
These results are in stark contrast to figures released by APACS, the UK trade association
for payments, which in September 2008 revealed that ‘card not present’ fraud had
jumped by 70 percent in the previous two years. In addition, in the 12 months ending
September 2008, phishing incidents soared by 186 percent. Transaction monitoring and
the effectiveness of the anti-fraud network have been so successful that the technologies
are now widely deployed across different business channels within the banking group
including retail banking, debit cards, and new-use credit card cases.
The organization is now identifying new deployment areas and a recent pilot in balance
transfers led to an 80 percent plunge in fraud.
© 2007 EMC Corporation. EMC, the EMC logo, RSA, the RSA logo, and eFraud Network are trademarks or registered
trademarks of EMC Corporation in the United States and/or other countries. All other trademarks mentioned herein
are the property of their respective owners. EURBG CP 0809
INDUE
Indue Foils Fraudsters with RSA®
Adaptive Authentication for eCommerce
“With this new solution we’ve not only accelerated our ability to
identify and respond to fraud threats now, but we’re also able to
gain better visibility into emerging trends so we can be better
prepared to combat new threats as they develop.”
AT-A-GLANCE
HOLLY MCGREGOR, HEAD OF FRAUD AND ANTI-MONEY LAUNDERING SERVICES, INDUE
Key Requirements
–– RSA Adaptive Authentication for
eCommerce offers customizable
risk policies and reporting
Indue is one of Australia’s leading wholesale financial-services providers.
It offers white-labeled and transactional products to small banks and
credit unions across the country, and has been in business for over 40
years. Indue enables its customer institutions to improve the appeal of
their core products – such as credit cards and electronic payment options
– and, in turn, to enhance their own market performance and customer
satisfaction. Some of Indue’s clients have relatively small card portfolios,
but by leveraging Indue’s economies of scale they are able to get the
fraud protection that usually only larger card issuers are able to obtain.
–– Self-learning solution reduces fraud
losses in real time
KEY REQUIREMENTS
–– Flexible and dynamic 3D Secure
transaction authentication solution
to comply with new Visa mandate
with minimal impact to user
experience
Solution
–– Implementation and optimization
enabled by RSA Professional
Services
Results
–– Fraud losses reduced by 90 percent
–– Customer experience unaffected,
with low transaction-abandonment
rates
–– Detailed reporting creates better
visibility into current and emerging
fraud threats
CUSTOMER
PROFILE
Changing market demands and emerging threats can place pressure on even the largest
financial organizations to respond quickly and innovate. Smaller lenders, like those that
make up much of Indue’s customer base, have limited resources to support rapid and
costly changes to their IT or business processes.
So, when Visa introduced a new mandate requiring all new Visa cards issued to be enrolled
in its Verified by Visa transaction security initiative as a means of reducing online fraud,
Indue knew that it needed to respond quickly to help its customers meet this requirement.
However, it wasn’t simply a case of ticking a box, as Holly McGregor, Head of Fraud and
Anti-Money Laundering Services at Indue, explains: “The threat of online fraud is rising
and we wanted to offer our customers a really flexible and efficient way of protecting their
cardholders against attacks.”
In addition to offering stringent protection, Indue wanted to ensure that its fraudmitigation solution did not have a negative impact on the cardholder experience. Both
Indue and its lender customers are recompensed by Visa every time a transaction is
completed using a Visa card. An overly complex authentication process could run the risk
of putting customers off using their Visa cards for online purchases, thereby increasing
the transaction-abandonment rate. Further to this, Indue’s clients did not want to drive
business to other lenders by negatively impacting the cardholder experience.
SOLUTION
The team at Indue, led by McGregor and her colleague, Project Manager Jessica Tam,
considered a number of authentication products to meet their solution needs, narrowing
down the options to two and then one – RSA Adaptive Authentication for eCommerce,
from RSA, The Security Division of EMC.
“The RSA solution enables us
to identify and analyze any
transactions that had been
denied. We can also write our
own rules and set criteria in
line with our own or our
customers’ requirements.
This flexibility, along with a
compelling price, convinced
us to select the solution
offered by RSA.”
JESSICA TAM, PROJECT MANAGER, INDUE
“We chose the RSA solution as it offered us more dynamic functionality, for example
enabling us to identify and analyze any transactions that had been denied,” says Tam.
“We can also write our own rules and set criteria in line with our own or our customers’
requirements. This flexibility, along with a compelling price, convinced us to select the
solution offered by RSA.”
The solution, which is hosted by RSA, is designed to learn each individual customer’s
spending habits and challenge them only if an activity it deems to be unusual has taken
place. In these instances, the system asks an identifier question based on something
intuitive to the user. If the user fails to provide the correct answer, the system advises the
merchant concerned, who can then decide whether or not to proceed with the transaction.
Currently, approximately 275,000 cards are covered by the solution, with an average
of about 10,000 transactions per month, which is about 2.5 percent of Indue’s total
ecommerce activity.
The RSA Professional Services team supported the integration of the solution with
Indue’s business model and requirements. An expert from RSA worked closely with the
team on-site to provide expertise and advice on how best to incorporate the new 3D
Secure solution. “He was very supportive in teaching us to use the product as well,”
says Tam, “like a project manager and subject-matter expert in one.”
RESULTS
Looking back over the first six months of having the live solution in production,
Indue is already able to point to a number of significant benefits.
CONTACT US
www.RSA.com
www.rsa.com
“Our initial requirement was to develop a solution to meet Visa’s mandate. Now that
we’ve done this, we can ensure that our customers are able to comply with the
requirement efficiently and without dedicating time and costs to developing their own
solution,” says McGregor. “Being able to offer them this peace of mind and high quality
of service is very important for us.”
Furthermore, Indue estimates that the stronger authentication model has enabled it to
cut fraud losses at 3D Secure merchants across its customer base by 90 percent. This
has been achieved without placing a heavy administrative burden on the internal team
at Indue, or on the lenders’ end customers.
Not being able to measure abandonment rates before, Indue is not able to draw a
comparison with current rates, but has found that the rate now is around three percent –
much lower than the industry average. In the future, tracking metrics and analyzing
activity across the RSA Adaptive Authentication for eCommerce platform will be easy to
carry out. McGregor concludes: “With this new solution we’ve not only accelerated our
ability to identify and respond to fraud threats now, but we’re also able to gain better
visibility into emerging trends so we can be better prepared to combat new threats as
they develop.”
©2011 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, and the RSA logo are the trademarks or
registered trademarks of EMC Corporation in the United States and/or other countries. All other trademarks
referenced are the property of their respective owners. INDUE CP 1011
INTERNATIONAL FINANCIALSERVICES ORGANIZATION
Financial Fraudsters Foiled
with RSA® FraudAction™
AT-A-GLANCE
Key Requirements
–– Take a proactive approach to
identifying and defending against
fraud attacks against onlinebanking customers
–– Implement automated incident- and
threat-management processes to
increase speed of response
Solution
–– RSA FraudAction service provides
broad visibility into external threats
and intelligence on targeted attacks
–– 24x7 team provides anti-phishing,
anti-Trojan, and threat intelligence
Results
–– Customers impressed by depth
and speed of anti-fraud protection,
leading to increased loyalty
–– Phishing attacks can now be
resolved in just 30 minutes,
with complex manual processes
eliminated
–– Trusted fraud analysts provide
regular, detailed insight into
current and emerging threats
“The bad guys are becoming more sophisticated, and online
banking is a prime target. Defending our customers against
increasingly complex and organized attacks would need a
massive in-house resource. By working with RSA, we can
depend on a trusted expert team with global visibility of
the current fraud landscape, and its likely evolution.”
GISO, INTERNATIONAL FINANCIAL-SERVICES ORGANIZATION
This global financial-services organization provides specialized, privatebanking products and services to around 100,000 customers. Its services
cover areas such as property, investments, capital markets, and asset
management. Its customer base is its biggest asset, and offering strong
protection to these customers is of paramount importance – both to retain
and grow business, and to protect its reputation for high-quality service.
KEY REQUIREMENTS
As a leading provider of financial services to high-value customers, this organization
cannot compromise on either the quality of its services or the level of protection it
offers. When it noticed an increase in phishing attacks against some of its competitors’
online-banking platforms, it wanted to take a proactive approach to making sure its
own platform was robust enough to withstand such threats to its own customers.
“We wanted to ensure our online banking customers were protected from any illegitimate
attempts to access their funds or account details,” explains the organization’s Group
Information Security Officer (GISO). “However, we wanted the additional assurance that in
the event of any attacks being made, we could take them down as quickly as possible.”
The organization realized that its existing anti-phishing measures were too dependent on
manual processes to be effective against a major attack. “We’d need to manually look up
the location of the ISP from which any attack originated and then identify the correct
resource within the ISP to assist in shutting down the malicious site, which took up
precious time,” the GISO comments. “We needed a stringent anti-phishing solution
that also incorporated a high level of automation for rapid response.”
CUSTOMER
PROFILE
SOLUTION
After considering a number of anti-phishing solutions, the company chose the RSA
FraudAction service from RSA – The Security Division of EMC. Implemented as a service,
it is hosted by RSA and supported by analysts at the RSA Anti-Fraud Command Center
(AFCC). FraudAction offered the organization complete protection against phishing
attacks – including 24x7 monitoring and detection, real-time alerts and reporting,
forensics and countermeasures, and site blocking and shutdown.
“An offending site can now be
located and taken down in
just 30 minutes – compared
to the time-consuming
manual process each threat
represented before.”
GISO, INTERNATIONAL FINANCIAL-SERVICES
ORGANIZATION
“We selected RSA due to its number one position in the market for this type of solution,” says
the GISO. “On top of that, we found that the FraudAction service offered the best insight into
current and emerging threats as well as the fastest response and take-down rate.”
Having relied on the anti-phishing capabilities of RSA FraudAction for a number of years,
the organization opted to expand its use of the service by integrating the anti-Trojan
solution to protect its online channel. This service is designed to help organizations
prepare for an attack before it occurs, respond to an attack when one takes place, and
minimize the threat by attempting to recover stolen credentials.
“With the anti-phishing and anti-Trojan services in place, we’re protecting our customers
on two fronts,” the GISO observes. “As well as making sure their accounts are safe from
fraudulent sites and email communications, we can help them identify if their own
devices may have been infected. The RSA FraudAction team is able to alert us when any
client or account details have been compromised and can let the customer know, advise
them on how to make their system more secure, and clean up any infections.”
RESULTS
Introducing RSA’s fraud-prevention model to deepen the security of its online-banking
platform has driven improvements in a number of areas.
“We’ve seen customer loyalty improve among those who have been contacted through
our anti-Trojan service,” says the GISO. “The benefit they gain by identifying and
neutralizing a Trojan on their device – which is probably tracking their credentials for
any other online-banking or retail accounts – extends far beyond their account with us.
They’re impressed and often surprised that we are able to offer them this advanced
level of security.”
CONTACT US
www.emc.com/rsa.
www.emc.com/rsa
The organization’s ability to respond to phishing attacks is now much faster and more
efficient. “An offending site can now be located and taken down in as little as 30 minutes
– compared to the time-consuming manual process each threat represented before,”
the GISO comments.
He concludes: “The bad guys are always going to be out there, and online banking is
a prime target. Defending our customers against increasingly complex and organized
attacks would need a massive in-house resource. By working with RSA, we can rely on
a trusted expert team with global visibility of the current fraud landscape, and its likely
evolution, that enables us to keep our customers, their data, and their savings out of
harm’s way.”
©2012 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, and FraudAction are trademarks
referenced are the property of their respective owners. GISO CP 0312
KASIKORNBANK (KBANK)
KASIKORNBANK protects its global
Internet banking customers
AT-A-GLANCE
Key Requirements
–– 24 x 7 x 365 dedicated anti-fraud
cybercrime operation to protect
KASIKORNBANK’s 700,000 retail
Internet banking customers
experience
–– Take down phishing sites hosted
overseas
Solution
–– RSA’s 24 x 7 Anti-Fraud Team offers
industry’s broadest multi-language
forensic and investigation capabilities
–– Research team with deep
knowledge of fraud trends uses its
relationships with ISPs, hosting
services and authorities around
the world to block and shut down
phishing sites
–– RSA’s high-quality blocking
partners include TrendMicro,
Microsoft, and CommTouch
Results
–– 80% cut in resources required to
address phishing threats
–– Since using the RSA Service, the
bank has suffered from no
compromised accounts
–– The time taken to close overseas
phishing sites has been cut from
days or weeks to hours
CUSTOMER
PROFILE
“Phishing attacks can happen to any bank, any time, from
any place. Every bank must be prepared. RSA enables us
to accelerate our response and rapidly shut down overseas
phishing sites. We’ve been able to cut our resources used
to address phishing by 80%.”
ART WICHIENCHAROEN, SENIOR VICE PRESIDENT, HEAD OF RETAIL AND SME E-BUSINESS
DEPARTMENT, KASIKORNBANK
KASIKORNBANK, also known as KBank, is Thailand’s leading bank,
managing deposits equivalent to over US$31 billion. The bank has
784 branches across the country, and operates two Internet banking
operations. K-Cyber Banking is the consumer service, enabling customers
to review account balances, transfer funds, pay bills and manage credit
cards. To find out more visit www.kasikornbank.com.
BUSINESS CHALLENGE
KASIKORNBANK (KBank) is Thailand’s leading bank with 700,000 retail customers for
its Internet banking operation K-Cyber Banking. In the past, some of the customers had
suffered loss as a result of phishing attacks and it was a challenge to keep pace with the
innovation and tactics of cybercriminals. While two-factor authentication has reduced the
incidence of fraud, the phishing attacks continue and the bank needed to protect its
customers and its reputation. Were a publicized security incident to occur, there would
be significant damage to the bank’s brand.
“No matter how safe our system is, and how well educated our customers are about
security, there are bound to be some customers who will be tricked by phishing attacks,”
said Art Wichiencharoen, Senior Vice President, Head of Retail and SME E-Business
Department, KASIKORNBANK. “You can’t prevent the attacks. You can only
do your best to prepare so that when they occur, you minimize the damage.”
When customers alerted the bank to phishing attacks, KBank used its close relationships
with Thailand’s ISPs to block the phishing site effectively and efficiently. This offered no
protection to customers overseas, though, and the company struggled to shut down
phishing sites hosted on foreign servers. KBank needed a 24 x 7 x 365 dedicated
anti-fraud cybercrime operation to protect its customers.
SOLUTION
“RSA gives us the assurance
that we are doing our best to
take down phishing sites
overseas. It is something we
must do and RSA offers us the
fastest and best way to do it.”
ART WICHIENCHAROEN, SENIOR VICE
PRESIDENT, HEAD OF RETAIL AND SME
E-BUSINESS DEPARTMENT, KASIKORNBANK
To ensure its customers were fully protected, KBank chose the RSA® FraudAction™ Antiphishing Service from RSA – The Security Division of EMC. This provides a global threat
detection and take-down service from one central location. RSA’s 24 x 7 Anti-Fraud team
delivers the industry’s broadest multi-language forensic and investigation capabilities.
Using its deep knowledge of fraud trends, it works around the clock on behalf of KBank to
identify phishing attacks and shut down phishing sites, wherever they are in the world.
RSA uses its extensive relationships with ISPs and hosts worldwide, and its ability to
work in 200 languages, to detect, block and shut down fraudulent sites. RSA’s highquality blocking and feeding partners include TrendMicro, Microsoft and CommTouch.
“When the phishing sites are overseas, it is difficult for us to coordinate the
shutdown,”says Wichiencharoen. “RSA makes that easy. RSA also supports us in
shutting down attacks hosted within Thailand, where we continue to use our established
procedure to contact ISPs as well. We use both approaches to ensure that we can have
the speediest response possible in every case.”
RSA recommended that KBank establish an email address where customers can report
abuses, and RSA monitors this and uses it as additional intelligence to identify and
eliminate threats to the bank’s customers.
While anti-phishing protection is not required by law in Thailand, KBank has reported
the implementation of the RSA FraudAction Anti-phishing Service to the regulator to help
satisfy its requirement to ensure customers are well protected.
RESULTS
Since the introduction of RSA FraudAction Anti-phishing Service, KBank has had no
accounts compromised through phishing.
At the same time as expanding its reach to tackle overseas hosts of phishing sites, KBank
has cut the resources it dedicates to phishing response by 80%. Before working with
RSA, KASIKORNBANK needed a team of five people to investigate threats and attempt to
shut them down. Now, a single person at KBank can liaise with RSA and ensure a higher
level of security than the five-person team could previously achieve.
CONTACT US
www.RSA.com
www.rsa.com
It used to take KBank days or weeks to shut down overseas phishing sites, but RSA is
now able to achieve that within hours, closing one site in Korea within four hours. “If
we hadn’t been working with RSA, it would have taken us much longer and been more
difficult to close that site down,”said Wichiencharoen. “It would take us time to persuade
the host to shut the site down, but RSA already has a relationship there.”
When customers notify the bank of a phishing attack, they can now receive a response
from RSA within hours, which helps to reassure customers that the bank is taking their
security seriously.
©2010 EMC Corporation. EMC, RSA, RSA Security, the RSA logo, (other EMC trademarks) and (other RSA trademarks)
are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks
mentioned are the property of their respective owners. KBANK CP 0810
LARGE BANK
Leading bank meets 3D Secure requirement with
RSA® Adaptive Authentication for eCommerce
AT-A-GLANCE
Key Requirements
with minimal impact to the
customer experience
attacks
“RSA has always been at the forefront of the industry, and
we know we can trust them to deliver the perfect balance
between strong security and customer convenience.”
VICE PRESIDENT AND MANAGER FOR THE FRAUD RISK CONTROL DIVISION
This large bank has 1.4 million private and business customers and
offers 200 branches, over 600 ATMs, a 24/7 call center and advanced
online banking services.
Solution
–– The RSA Adaptive Authentication
for eCommerce Access Control
Server Service for 3D Secure™
was integrated with the bank’s
payment processor
–– Bayesian Risk Engine reduces fraud
losses in real time while minimally
impacting the users’ experience
Results
–– Increased transactions by 50
percent without increasing fraud
losses
–– Cut support calls to help desk by
90 percent
KEY REQUIREMENTS
The bank was experiencing difficulties balancing the trade-offs between strong security
and customer convenience when authorizing e-commerce transactions for its card
holders. To comply with the Verified by Visa and MasterCard SecureCode 3D Secure
requirements, the bank used a password-based authentication product.
“The first time a customer tried to buy something on the Internet, they had to provide
some personal information to confirm their identity and then set up a password,” said
the bank’s vice president and manager for the Fraud Risk Control division. “When they
wanted to buy something online in the future, whether from that same merchant or
another one, they had to provide that password. It was a cumbersome process.
Customers didn’t want to sign up for it and would forget their passwords. We allowed
them to skip the authentication a maximum of three times and then blocked all their
transactions. We needed a solution that was more customer-friendly.”
The bank was also experiencing problems keeping the authentication data current. Its
authentication provider was not incorporating new data quickly enough, which caused
problems for some customers, and the bank was dissatisfied with the service it was
receiving and its data integrity. “We were losing a lot of sales because our system didn’t
work very well,” said the vice president. “Our goal was to increase profit and sales and to
do it in a secure way.”
The bank needed accurate, real-time fraud detection with minimal impact to the customer
experience, backed by systems that learn from past behavior to protect against future
attacks. It needed a hosted solution so that it could easily integrate it with its payment
processor, and the bank did not want to have to migrate any data from its existing
password-based authentication solution.
CUSTOMER
PROFILE
SOLUTION
The bank worked with RSA to introduce 3D Secure verification for its credit cards by
integrating the RSA Adaptive Authentication for eCommerce Access Control Server
Service for 3D Secure with the bank’s payment processor.
The RSA solution uses a combined Bayesian Risk Engine and policy-based rules to reduce
fraud losses in real time and includes protection against emerging threats such as manin-the-middle (MITM) and man-in-the-browser (MITB) Trojans.
“The best thing is that we
have peace of mind that our
customers are able to transact
as they wish and we are
able to authenticate them
effectively. That, for me,
is priceless.”
VICE PRESIDENT AND MANAGER FOR
THE FRAUD RISK CONTROL DIVISION
“RSA provides an engine that evaluates every transaction going through it,” said the vice
president. “It uses the customer history and analyzes the risk involved in a specific
transaction for a specific customer, so it can identify the high-risk transactions. For those
transactions only, we request additional authentication information from the customer.”
The solution validates customers using information that the bank already holds about
them. This customer information is supplied to RSA in a daily batch and the RSA
authentication server is updated promptly to ensure that transactions are all validated in
line with the latest customer information. Because the new solution does not require any
passwords, there was no need for the bank to export the passwords that customers had
created, a project that would have been time consuming and costly.
The authentication process is now seamless for customers. Ninety-five percent of
transactions are authenticated without asking for any additional information from the
customer. For the other five percent, customers are asked to provide some information
about themselves to confirm their identity. The bank identifies those that fail
authentication and works with account holders to protect their accounts. The falsepositive rate is extremely low: less than one percent of the five percent that are challenged
turn out to be genuine account holders. The system continuously learns from the
transactions going through it, so that it can better protect against future fraud attacks.
RSA Professional Services supported the bank in integrating its data with RSA’s hosted
solution, liaising with MasterCard and VISA to migrate across the bank identity numbers
(BINs). These are parts of the credit card number which are used to route the transaction
from VISA or MasterCard to the bank for approval. RSA also translated the customerfacing screens into Spanish in partnership with the bank and trained the bank on using
the system. Throughout the project, RSA Professional Services offered consultancy on
data elements and was available at any time to share its expertise, including working
closely with the bank’s IT company to ensure the solution was implemented successfully.
“The RSA Professional Services representatives know their product and how to set it up
effectively, so they did us a great service,” said the vice president. “They were extremely
professional, understood what we needed, and delivered it. The project was completed
on time in six months. The tool is really easy-to-use, but RSA Professional Services gave
us customized knowledge transfer that enabled us to understand it in great detail.”
He added: “RSA Professional Services gave us extensive support throughout the process
of migrating our bank identification number from VISA and MasterCard, including liaising
directly with those organizations on our behalf, and was on hand to guide us through the
whole implementation process. We’ve been impressed with the team’s knowledge and
dedication to delivering superior customer service.”
page 2
RESULTS
As a result of having a more customer-friendly way to authenticate online transactions,
the bank saw its sales volume of 3D Secure transactions increase by 50 percent, without
an increase in fraud losses.
The support desk was inundated with calls under the old system, but call volume has
dropped by 90 percent so IT resources can be more strategically deployed.
“The way we measure the success is that we’re able to process many more sales, we have
our fraud losses under control, and our customers are happy with the solution,” said the
bank’s vice president.
He concludes: “RSA has always been at the forefront of security. Adaptive authentication
is the best way to implement 3D Secure. I think companies that do not authenticate
based on risk are going to struggle to manage fraud effectively. You must consider using
authentication that adapts to the risk of the transaction. You can’t treat every transaction
the same and expect to convince customers to use your product. You have to personalize,
and the way to do that is to allow customers to go ahead and do business with you, and
only to intervene when necessary.”
CONTACT US
www.RSA.com
www.rsa.com
©2012 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, RSA Adaptive Authentication and the
RSA logo are the property of EMC Corporation in the United States and/or other countries. All other trademarks
referenced are the property of their respective owners. LRGBNK CP 0212
LARGE RETAILER
Bolsters Online Security with RSA Silver Tail
AT-A-GLANCE
Key Requirements
–– A large retailer with an online
marketplace needed to protect
itself from business logic abuse
schemes
Solution
–– RSA Silver Tail provides visibility
into online behavior and identifies
potential fraud or business logic
abuse
Results
–– Silver Tail highlighted the fact that
the retailer had been returning a
10% rebate on phony sale items
totaling $5,760,000 a year
–– By identifying the rebate theft,
Silver Tail Systems was able to save
the company $576,000 annually
SECURITY IS KEY SUCCESS FACTOR FOR ECOMMERCE SITES
Online marketplaces are a type of eCommerce site where products are available from
multiple third parties and the transaction occurs via the marketplace operator. Online
marketplaces can also include App stores where consumers can buy applications for
iPhone, Mac, Android or Windows phones or devices.
While this business model can be highly beneficial to both marketplace operators and
consumers, security is a critical component of success. If customers experience theft or
account hacking, they can lose confidence in the online marketplace, translating to real
dollars lost.
In a recent Wired article, Sony noted that they lost approximately $171 million, including
the impact to future profits due to damage to the brand after a security breach
compromising user and credit card information.
FRAUDSTERS ABUSE ONLINE REBATE PROGRAM
Silver Tail Systems was able to detect a particularly challenging form of marketplace fraud
for a large retailer with an online marketplace as well as over 4,000 brick-and-mortar
stores. The criminals were able to take advantage of a rebate program on the company’s
online marketplace.
Seller in marketplace
1 Registers as a seller
Buyer in marketplace
3 Signs up for third party
rebate program to
receive cash back
FRAUDSTER
2 Populates portal
with phony items
4 Purchases phony
items that never ship
& receives rebate
eCommerce marketplace
THE SILVER TAIL SOLUTION
By looking at the customer’s website through behavior analytics, Silver Tail Systems
found that the vendor had been returning a ten percent rebate on phony sale items that
were averaging $1,500 per item. As a result, thieves were able to obtain a 10 percent
rebate on $5,760,000 worth of phony sales a year. The behavior was difficult to detect
because the criminals were working within the business logic of the website (i.e. creating
user accounts and making credit card purchases).
By discovering the rebate theft, Silver Tail Systems was able to save the customer
$576,000 annually.
CUSTOMER
PROFILE
CONTACT US
To learn more about how EMC
products, services, and solutions
can help solve your business and
IT challenges, contact your local
representative or authorized reseller—
or visit us at www.EMC.com/rsa or
www.silvertailsystems.com
www.emc.com/rsa
EMC2, EMC, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and
other countries. VMware are registered trademarks or trademarks of VMware, Inc., in the United States and other
jurisdictions. © Copyright 2012 EMC Corporation. All rights reserved. Published in the USA. h11411 CP 1212
LARGE U.S. RETAIL AND
COMMERCIAL BANK
Phishing protection safeguards customers and
strengthens security strategy of large U.S. bank
AT-A-GLANCE
Key Requirements
–– Protect online retail and
commercial customers from
growing security attacks
detection and dedicated anti-fraud
–– Provide extra protection for
business-to-business customers
and technical staff logging in
remotely
Solution
–– Deploy a managed security service
which monitors in real time and
identifies the source of phishing
attacks
–– P
rovide business-to-business
customers and technical employees
with hardware tokens that deliver
two-factor authentication
Results
–– Reduction in online attacks due
to complete 24x7 fraud protection
–– Ability to close down criminal
web sites almost immediately
–– Secured customer online access
with two-factor authentication
CUSTOMER
PROFILE
“With RSA® FraudAction™ and RSA SecurID® we have been able to
offer our customers the best protection against a multitude of
online attacks and in the process have accelerated our brand
as a bank to be trusted.”
ONLINE INFORMATION SECURITY MANAGER, LARGE U.S. BANK
This large U.S.-based bank provides its retail and commercial customers
with a wide range of services. Many of its retail customers are considered
to be affluent and the bank develops services specifically for them. It is
over 100 years old and has a considerable presence in the states in
which it operates.
KEY REQUIREMENTS
In line with industry trends, several years ago this large U.S.-based bank noted a
relatively sharp increase in the number of phishing attacks that were being targeted at
customers using its online service. Initially these attacks focused on retail customers
but they soon began spreading to commercial businesses.
Some of these customers suffered financial losses. As a result the bank began a
widespread education process to inform its customers about phishing attacks, how
to identify them, and how to avoid becoming a victim.
Prior to this upsurge in phishing attacks, the bank had utilized its own technical expertise
to counter them. However, as the attacks accelerated in scale and volume, the bank
wanted to add a technological component to its customer-education initiative.
In short, it wanted to introduce a technology solution that would identify phishing
attacks, provide around-the-clock monitoring, and provide real-time alerts. This required
real-time fraud/threat detection with minimal impact to user experience, easy-to-use
tools for forensic analysis, and a 24x7 dedicated anti-fraud cybercrime operation.
SOLUTION
After reviewing vendors of technology for managing online security threats, the bank
selected RSA FraudAction, a solution offered by RSA, The Security Division of EMC.
This technology service is designed to stop and prevent phishing, pharming, and Trojan
attacks that occur in the online channel. Offered as an outsourced, managed service,
it enables organizations to minimize resource investment while deploying a solution
quickly.
“The RSA technology is
extremely cost-effective and,
in terms of a reduction in the
potential losses to phishing,
pharming, and other types of
online attack, provides a
compelling return on
investment.”
SENIOR PRODUCT MANAGER, LARGE U.S. BANK
RSA FraudAction offers complete fraud protection and includes 24x7 monitoring and
detection, real-time alerts and reporting, forensics and countermeasures, and site
blocking and shut down.
At the core of the service is RSA’s exclusive Anti-Fraud Command Center (AFCC). An
experienced team of fraud analysts works to shut down fraudulent sites, deploy
countermeasures, and conduct extensive forensic work to stop online criminals
and prevent future attacks.
With the deployment of RSA FraudAction, the bank immediately experienced a drop in
phishing and similar attacks.
Prior to the implementation, the bank had tremendous difficulties closing down web
sites used to launch phishing attacks. For example, when it contacted the ISP about
one insidious phishing attack launched from a Texas-based web site, it was told it
would take a week to close it down.
However, RSA FraudAction enabled it to shut down a similar, overseas web site within
1.22 hours. Shutting down overseas web sites for the bank had previously been next
to impossible.
Because the RSA technology was so successful, the bank adopted RSA SecurID for its
business-to-business customers that use online banking. The two-factor authentication
solution is based on something a user knows, such as a password or a PIN, and
something they have, that is an authenticator.
RESULTS
CONTACT US
www.RSA.com
The bank’s early use of the anti-fraud system was widely recognized as cutting-edge,
bringing the company praise from Javelin Research and Strategy, a leading provider of
quantitative financial-services research.
The bank’s Online Information Security Manager said: “RSA FraudAction, followed by RSA
SecurID, has clearly strengthened our security posture and today we are well protected
against all forms of phishing, pharming, and Trojan attacks. At the same time, we have
also strengthened our brand and today have a reputation for good customer security.”
A Senior Product Manager at the bank added: “We have a safe and secure security
solution that provides satisfaction and peace of mind to our customers and protects
us from a multiplying universe of online attacks.”
www.rsa.com
©2011 EMC Corporation. EMC, the EMC logo, RSA, the RSA logo, FraudAction and SecurID are trademarks or
registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned
are the property of their respective holders. LGEBNK CP 0211
LUXURY ECOMMERCE SITE
Protects Customers from Password
Guessing Attacks with RSA Silver Tail
AT-A-GLANCE
Key Requirements
–– A luxury ecommerce site needed to
protect its customers – and its
reputation – from complex attacks
and fraud schemes
Solution
–– RSA Silver Tail provides visibility
into online behavior and identifies
potential fraud or misuse
Results
–– RSA Silver Tail identified more than
15,000 log in attempts from a
single IP address – 65% of the
clicks were .5 seconds
–– A real-time alert was sent to the
fraud team, who were able to shut
down the attack
–– Addressing the password
guessing attack saved the retailer
approximately $48,800 per incident
and up to $1,220,000 annually.
PASSWORD GUESSING – COSTLY FOR MERCHANTS
AND CUSTOMERS
Password guessing is serious business. When cybercriminals compromise user
passwords, they can steal funds, take over accounts, or make unauthorized purchases.
Regardless of the cybercriminals’ motivation, companies agree that compromising
accounts hurts their business and reputation.
What compounds this problem is the fact that many online consumers use the same
passwords across many different accounts making it easy for cybercriminals to guess
passwords and take over accounts across different sites.
SILVER TAIL PROTECTS ECOMMERCE SITES
Silver Tail Systems recently helped a luxury ecommerce site with annual sales of
approximately $750,000,000 per year address a password guessing attack. The customer
discovered that criminals had compromised approximately 400 online accounts in a very
short period of time. The estimated annual cost for this attack was $1,220,000, not
including damage to the company due to loss of reputation.
LUXURY ECOMMERCE SITE PROTECTS CUSTOMERS
AND SAVES PER INCIDENT COSTS
The Silver Tail System Forensics tool identified that 15,000 or more login attempts were
made from the same IP address. In addition, 65% of the clicks were .5 seconds,
suggesting a robotic attack.
Because the Forensics tool monitors every click on a website, anomalous behavior
patterns become quickly apparent, allowing security analysts to respond to threats in
real-time.
This kind of attack can cost a company precious resources and time as they sort through
log files, investigate the issue, and handle customer complaints. However, using Silver
Tail Systems, the company discovered they could save approximately $45,125 per
incident.
For more information, go to www.silvertailsystems.com.
CUSTOMER
PROFILE
CONTACT US
www.emc.com/rsa
ONLINE MARKETPLACE
Stops Cybercriminals from Testing Stolen
Credit Card Numbers with RSA Silver Tail
AT-A-GLANCE
Key Requirements
–– An online marketplace for ticket
sales and exchange needed a way
to distinguish legitimate users from
cybercriminals and fraudsters
seeking to exploit the site for their
own ends
Solution
–– RSA Silver Tail helps identity
fraudulent or disruptive behavior
through web session analysis
Results
–– RSA Silver Tail identified single
users creating multiple accounts –
the accounts were being used to
test stolen credit cards
–– The marketplace was able to shut
down the fraudulent accounts and
maintain the sterling reputation
they had worked so hard to achieve
WEBSITE MISUSE IS PERVASIVE
There are a virtually limitless number of schemes that cybercriminals and fraudsters use
against websites to enrich themselves or simply to wreak havoc. However websites need
to make sure that they are providing full functionality for their legitimate users while
preventing attacks by cybercriminals and fraudsters.
Distinguishing legitimate from disruptive use of a site is not always easy, however. In
fact, 74% IT security practitioners surveyed by the Ponemon Institute claim it is difficult
or very difficult to tell the difference between the “real” customer and the criminal
accessing their company’s website.
The survey also found that 45% thought their website would be vulnerable to an online
marketplace attack and of those vendors, 75% believed that it would be difficult to
detect this kind of fraud.
AN ONLINE MARKETPLACE IS TARGETED BY CYBERCRIMINALS
A large eCommerce site has an open platform where customers can register to buy and
sell tickets online, via mobile, social networks, and other sources.
Criminals had created accounts on the open platform and then used those accounts to
test the validity of stolen credit cards.
While the company was not being defrauded in the traditional sense, their site was being
used in a fraudulent way, and the vendor’s reputation was at stake.
“Maintaining integrity with our users’ marketplace is paramount,” stated the manager of
trust and security.
The company found it difficult to separate the criminals’ behavior from the customers’
behavior because the web session behavior was essentially the same.
Creates multiple
accounts
Cybercriminal purchases list
of stolen credit card numbers
CUSTOMER
PROFILE
CYBERCRIMINAL
Uses account to test stolen credit cards and
make purchases on the site or elsewhere
THE SILVER TAIL SOLUTION
While the Cybercriminals were performing the same basic actions as a typical customer,
they were performing them in an atypical way that was revealed when looking at the
activity through the lens of Silver Tail Systems behavior analysis.
“The fraudsters were using
our business logic that we
need for our customers to
potentially get information
about their stolen credit
cards.
Security analysts used Silver Tail Forensics to perform behavior analysis on the site’s
traffic flow. Once the anomalous behavior was identified, the security analyst discovered
that the same user was logging into the site multiple times to create a number of
accounts and used those accounts to test stolen credit cards.
By looking at the overall picture of the company’s web traffic, Silver Tail Systems was able
to provide context to the data flow, allowing for security analysts to easily locate and
identify the illegal activity.
They were hitting us pretty
hard, and traditional security
measures…did not identify
cases where the fraudsters
were using our site in the way
we intend our customers to
use the site”
SENIOR MANAGER OF TRUST AND SAFETY
CONTACT US
www.emc.com/rsa
ONLINE FINANCIAL
SERVICES COMPANY
Financial services company sees ten-fold
drop in fraud losses with RSA® FraudAction™
AT-A-GLANCE
Key Requirements
–– Combat rise in fraud losses by
introducing effective anti-phishing
and anti-Trojan measures
–– Reduce pressure on small security
team by automating the timeconsuming processes involved in
resolving attacks
–– Equip organization to respond to
new and emerging threats over time
Solution
–– RSA FraudAction service provides
24x7 anti-Trojan and anti-phishing
protection
–– RSA FraudAction Intelligence
service monitors online forums
and IRC channels of the fraud
underground and reports
intelligence
–– RSA Anti-Fraud Command Center
(AFCC) provides visibility into
external threats and specific
intelligence on targeted attacks
Results
–– Fraud losses have been cut by
a factor of ten, with the RSA
FraudAction service playing a key role
–– The organization ran penetration
tests, which found AFCC team could
identify and neutralize Trojan
attacks within a couple of hours
–– In-depth intelligence on current
and emerging fraud trends
supports management decisions
on strategic IT spending
CUSTOMER
PROFILE
“RSA was one of the few vendors that could offer the reliable
anti-phishing service we were after. Add to that the fact that it’s
the biggest name in security, and we knew RSA is capable of
helping us fight back against phishing attacks and other types
of emerging fraud in the future.”
SENIOR MANAGER FOR FORENSICS AND INTELLIGENCE
This organization offers online banking and investment services to
customers across the United States.
KEY REQUIREMENTS
Like many of its industry peers, this financial company has first-hand experience of the
impact a new type of fraud threat can have. The rise in phishing attacks against the
industry had resulted in an increase in fraud losses for the company.
The small team responsible for handling information security was used to dealing with
internal issues, so taking on the task of dealing with this large volume of external threats
placed a heavy burden on them. Each attack meant the team would have to research the
source, contact the relevant Internet service provider (ISP), send official abuse complaints,
and work with domain registrars to bring the site down. If an attack originated overseas, the
process could be even more complex and resolving a single threat could take weeks.
At the same time, the volume of calls to the company’s help desk had significantly
increased, as confused customers who had received phishing emails reached out for
help. The organization’s Senior Manager for Forensics and Intelligence explains: “Our
overall fraud losses were significant, with a major percentage being driven by phishing
attacks. Our existing team just didn’t have the bandwidth to effectively defend against
such an onslaught, so we knew we needed to find a way to block these attacks and
protect our customers while reducing this heavy manual burden.”
SOLUTION
The company always takes a thorough approach to selecting new technology solutions
and vendors. After researching the options available and taking advice from leading
analyst firms, it issues a request for proposal. The top contenders are then asked to run a
competitive ‘bake-off’ for about 30 days to prove the viability of their solutions against
the company’s specific requirements. When seeking an anti-phishing solution using this
process, the organization found that one vendor quickly came to the fore.
“RSA was one of the few vendors that could offer the reliable anti-phishing service we
were after,” says the Senior Manager for Forensics and Intelligence. “Add to that the fact
that it’s the biggest name in security, and we knew RSA is capable of helping us fight
back against phishing attacks and other types of emerging fraud in the future.”
“RSA’s unique ability to peek
under the hood of the criminal
underground and tap into
what’s coming next has proven
enormously helpful. It provides
us with detailed evidence and
third-party validation to back
up our own predictions,
enabling us to have more
informed discussions with
management about where IT
and security investments
should be made.”
SENIOR MANAGER FOR FORENSICS
AND INTELLIGENCE
The organization chose to make use of the RSA FraudAction Anti-Phishing service. “We’d
been impressed by the speed of site take-down the service demonstrated during the trial
and also liked its innovative features, such as the ability to register and track attacks and
their associated domains via the proprietary FraudAction dashboard,” the Senior
Manager for Forensics and Intelligence continues.
With the solution in place, the company could respond to phishing attacks much more
effectively, and it did not rest on its laurels. Aware that a successful fraudster is an
adaptable fraudster, the security team takes proactive measures against new and
emerging threats as well, to stay a step ahead of the criminals’ plans. Therefore, when
Trojan attacks became more prevalent, the company wanted to take action before they
became a threat to its customers.
“Given the success of the anti-phishing service, it was natural for us to incorporate the
RSA FraudAction Anti-Trojan service as well,” explains the Senior Manager for Forensics
and Intelligence. “It offered the credential recovery and site take-down features that we
felt were key to combating this sort of fraud attempt.”
RESULTS
In the past few years, the company has seen its fraud losses drop by a factor of ten. It
attributes much of this success to its use of RSA FraudAction services, which enable it to
spot customers with compromised accounts and take action before fraudsters can attack.
Feedback from customers who have been helped indicates that they appreciate the
proactive approach the company has taken to protecting their funds and personal details.
“We recently ran a penetration test, which sent Trojans into our network to see how
effectively we could identify and eliminate them,” says the Senior Manager for Forensics
and Intelligence. “The RSA Anti-Fraud Command Center (AFCC), which is behind the
FraudAction service, responded so quickly that we passed with flying colors. The attack
was shut down within a couple of hours.”
CONTACT US
www.emc.com/rsa.
www.emc.com/rsa
Indeed, the organization’s security team has found the FraudAction Intelligence services
provided by the AFCC to be an invaluable aspect of the RSA FraudAction service. The team
receives real-time alerts to new threats and reporting on how they have been resolved. As
a result the team no longer needs to spend hours researching and resolving incidents,
eliminating the need to increase headcount.
The AFCC provides the company with ad-hoc reports on industry fraud trends and ‘deep-dive’
analyses of specific topics or threats, which have been very useful for the Senior Manager for
Forensics and Intelligence. “Our management team often asks us to look into a crystal ball
and tell them what new fraud threats are on the horizon,” he concludes. “RSA’s unique
ability to peek under the hood of the criminal underground and tap into what’s coming next
has proven enormously helpful for this. It provides us with detailed evidence and third-party
validation to back up our own predictions, enabling us to have more informed discussions
with management about where IT and security investments should be made.”
©2012 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo and FraudAction are trademarks
referenced are the property of their respective owners. OFSC CP 0113
PAYCHOICE
Protecting Payroll Data with
RSA® Adaptive Authentication
AT-A-GLANCE
Key Requirements
–– Strong authentication for thousands
of users to cut risk of financial loss
and compromised data
–– Simple integration with existing
payroll platforms and business
processes
–– Minimal impact on end user during
change and simple ongoing use
Solution
–– RSA Adaptive Authentication
monitors and authenticates users
with step-up authentication for
high-risk transactions
–– Combined Bayesian Risk Engine
and policy-based rules reduce
fraud losses in real time
–– R
SA eFraudNetwork™ identifies and
tracks international fraud trends
and emerging threats
–– Deployment was supported by
RSA Professional Services
Results
–– In the first year of use, about
5 percent of customers were
prompted for challenge questions
–– Visibility into emerging threats
enabled PayChoice to take
proactive steps to avert risk
–– Minimal increase in complaints or
calls for help to contact center
CUSTOMER
PROFILE
“We knew we could trust RSA to give us the robust user
authentication we needed to protect us and our stakeholders
from the risk of financial loss and compromised personal data.
The solution not only met this need, but it was easy to implement
and has delivered an easy-to-use experience for our clients.”
PHIL MCLAUGHLIN, CIO, PAYCHOICE
Founded in 1990, PayChoice is a leader in the U.S. payroll and payrollsoftware market, offering a world-class suite of payroll and employee
management services. Approximately 150,000 businesses, and their nearly
2,000,000 employees, rely on its services and technology to eliminate the
hassles associated with payroll, HR, record keeping, and tax filing.
KEY REQUIREMENTS
When your organization handles large amounts of payroll every year on behalf of 150,000
companies, you need to be careful. Unauthorized access to corporate systems could
bring with it a catastrophic financial impact for you and your customers, as well as
jeopardize the personally identifiable information (PII) of nearly two million employees.
Facing this challenge, PayChoice wanted to ensure it was taking a proactive approach to
protecting itself and its stakeholders by reducing the risk of all unauthorized individuals
accessing its system, even those armed with valid credentials. “It’s likely that this will
happen occasionally,” explains Phil McLaughlin, CIO, PayChoice. “People write down
their login details, leave them on their desk at work, and then anyone who walks past
can pick them up. We wanted to make sure that even in situations like this the sensitive
data in our systems would not fall into the wrong hands.”
It wasn’t as simple as finding an authentication solution stronger than its current username-and-password-based model, however. PayChoice needed something that would
integrate smoothly with its payroll platform and its business processes, while maintaining
the smoothest possible user experience. “Our users are representative of the general
public. Many of them are cautious when going online. Plus, we expected them to be
anxious about any changes made to the payroll system with which they were familiar,”
comments McLaughlin.
SOLUTION
“RSA Adaptive Authentication
gives us a strong competitive
advantage. None of our peers
have a similar level of data
security in place, so we’re
setting the standard for the
industry. We look forward to
implementing additional
elements of the solution –
like transaction monitoring
and authentication – over
the coming months, to make
our payroll solutions even
more secure.”
PHIL MCLAUGHLIN, CIO, PAYCHOICE
Having worked with RSA – The Security Division of EMC – previously, McLaughlin knew where to
turn when it came to finding a solution that he and his team could trust. They chose to implement
RSA Adaptive Authentication, which uses risk-based authentication to monitor and verify online
activities in real time, using behavioral analysis, device profiling, and data feeds from the RSA
eFraudNetwork. “The insight provided to us through the eFraudNetwork was a compelling selling
point for us, in addition to the quality of the technology,” says McLaughlin.
The shared fraud intelligence gained through the eFraudNetwork can prevent losses from
occurring by enabling PayChoice to proactively combat known cybercriminals. RSA monitors
and tracks fraudulent profiles, patterns, and behaviors across an extensive network of
customers, ISPs, and third-party contributors. When an active fraud pattern is identified or
suspected, the fraud data, transaction profile, and device fingerprints are moved, in real
time, to a shared data repository. More than a simple IP blacklist, this fraud-intelligence
information is continually updated by and shared across the eFraudNetwork contributive
partners, RSA Identity Protection and Verification (IPV) customers, as well as analysts at
RSA’s Anti-Fraud Command Center.
The PayChoice IT team carried out an evaluation of the solution’s features to determine its
implementation strategy. It assessed the different approaches to deploying RSA Adaptive
Authentication, including the option of RSA hosting the solution. It determined that this approach
would make testing and administration simpler and less resource-intensive for the in-house team.
McLaughlin adds: “Making use of the hosted option meant that we could speed up our time to
market. With RSA handling the bulk of the work behind the scenes, we just focused on finessing
the end-user interface, which was very simple and straightforward.”
Post-implementation, a consultant from RSA Professional Services worked with the PayChoice
team to ensure they fully understood the solution and all its capabilities and to help fine-tune
the verification rules to fit with the organization’s operational structure. “Making use of RSA’s
expertise in this way was a very good decision for us,” McLaughlin recalls.
The deployment of the new solution was completed in a matter of months, enabling
PayChoice to meet its objectives quickly.
RESULTS
CONTACT US
www.RSA.com
With RSA’s sophisticated risk-based authentication model in place, PayChoice has mitigated
the risk of both financial loss and of PII being compromised. On average, during the first
year of use, approximately 5 percent of PayChoice’s customers were prompted for challenge
questions, with the rate of challenges falling as time went on.
“Being part of the RSA eFraudNetwork means we’ve been alerted to emerging threats well in
advance and have been able to take steps to ensure our environment is protected,” explains
McLaughlin.
Integration of the solution went very smoothly from a technical perspective, and it has also
been a big success operationally. PayChoice has found it easy to incorporate the new riskbased authentication model into existing processes within its customer-service call center
and other parts of the business.
End users have also found it easy to utilize the solution, which came as a pleasant surprise for
McLaughlin: “We and our licensees were braced for an increase in calls to our help desks from
clients having trouble with the new risk-based authentication model, but it just hasn’t happened!”
He concludes: “RSA Adaptive Authentication gives us a strong competitive advantage. None
of our peers have a similar level of data security in place, so we’re setting the standard for
the industry. We look forward to implementing additional elements of the solution – like
transaction monitoring and authentication – over the coming months, to make our payroll
solutions even better.”
www.rsa.com
property of their respective owners. PAY CP 0212
paysafecard
paysafecard protects its customers from phishing
and Trojan attacks
At-a-Glance
Key Requirements
–– Identify and take down phishing
and fraud threats promptly
–– 24 x 365 dedicated anti-fraud
–– Mitigate cybercrime incidents in
real-time across thousands of
networked organizations
Solution
–– RSA FraudAction™ Anti-Phishing
and RSA FraudAction Anti-Trojan
services provide global threat
detection and take-down from a
single location
–– Research team with deep
knowledge of fraud trends
–– Quality blocking and feeding
partners including TrendMicro,
Microsoft, and others
Results
–– Able to take down phishing and
Trojan attacks in under five hours,
which was previously impossible
“RSA consistently identifies potential threats and attacks against
our customers and takes care of them. If we weren’t using the
RSA services, we would need to invest heavily in liaising with all
the ISPs, registrars and blocking organizations. Leveraging RSA’s
long term experience significantly helped us to build up a strong
cybercrime competence within a short timeframe. We can trust
that RSA is taking care of it, and it makes our life much easier.”
Christoph Sprongl, Chief Information Security Officer, paysafecard.com Wertkarten AG
The paysafecard group, founded in 2000, already operates in 31
countries worldwide. The group has established itself as Europe’s
leading provider for prepaid payment solutions. In 2012 the group
won the Paybefore Award for being the ‘Best Digital Currency’ and the
Paybefore Award Europe for being the ‘Most Innovative Prepaid Solution’.
Key Requirements
The Internet has revolutionized the way we shop. You can think of almost any product at
any time, go online, and have it delivered to your door. Online shopping typically requires
a credit card, though, which excludes people who cannot or do not have one. paysafecard
offers a solution as it makes online payments as easy as using cash and it offers
complete security against data abuse and fraud. Anybody can use paysafecard as no
credit card or bank account is required. When making a payment, customers’ financial
privacy remains fully intact. The voucher functions like a charge card for mobile phones.
The 16-digit pin is all that is needed to make a transaction. The amount paid is then
debited from the paysafecard balance, which can be checked online at any time.
“We had 45 million transactions last year and we’re estimating we will increase on that
this year,” said Christoph Sprongl, Chief Information Security Officer, paysafecard.com
Wertkarten AG. “Whenever you do business on the Internet, fraud is a threat, so it is
essential that we take care of it in a proactive way. Maintaining our good reputation and
our security are top priorities for us. We have to make sure our customers feel
comfortable and safe with our service.”
The company undertook a comprehensive risk assessment and identified potential
threats including Trojans, phishing attacks and brand abuse.
customer
profile
paysafecard was building its own fraud prevention systems, analyzing forums and using
information from police and customers to identify threats, but this was extremely
resource-intensive. “If we found a phishing site, we would report it to the blocking
alliances, but if you don’t have a commercial contract with them, it’s hard to get in the
high-priority queue,” said Sprongl. “The process was time-consuming and had no
guarantee to reach all required parties.”
paysafecard needed a 24 x 365 dedicated anti-fraud cybercrime operation with the ability
to mitigate cybercrime incidents in real time across thousands of networked organizations.
“I’m happy to recommend
RSA’s services. We could
significantly improve our
capability to fight cybercrime
effectively. We have a
competent partner who runs a
service for us on a 24x7 basis.
We could have never built up
the service on our own with
comparable quality and
effectiveness.”
Roland Schaar, Chief Information
Officer, paysafecard
Solution
paysafecard chose the RSA FraudAction Anti-Phishing Service and RSA FraudAction AntiTrojan Service to protect its business. They provide global threat detection and take-down
services in one location, backed by a research team with a deep knowledge of fraud
trends. The services’ high-quality blocking and feeding partners include TrendMicro,
Microsoft, and others, which has access to device, IP, financial and identity feeds from
over 8,000 organizations worldwide.
RSA identifies and takes care of threats for paysafecard and provides a quick insight into
any incidents affecting it through a reporting portal. It is used primarily by the fraud and
information security departments with regular reporting to the CEO and CIO.
“We chose RSA because it has an excellent reputation and is well connected with ISPs,
registrars, and legal organizations worldwide,” said Sprongl. “The company is also
oriented to what customers like us really need. RSA gives us a complete tailored service
we can trust, not just a product we would have to take on and adapt to our needs.”
He adds: “RSA consistently identifies potential threats and attacks against our customers
and takes care of them. If we weren’t using the RSA services, we would need to invest
heavily in liaising with all the ISPs, registrars and blocking organizations. Leveraging
RSA’s long term experience significantly helped us to build up a strong cybercrime
competence within a short timeframe. We can trust that RSA is taking care of it, and it
makes our life much easier.”
Results
Contact Us
www.emc.com/rsa.
www.emc.com/rsa
“RSA has taken down some attacks for us in under five hours, and that would have been
almost impossible without their help,” said Sprongl. “I’m happy to recommend RSA’s
services. The company has lots of skills and experience, is very customer-focused and
has strong links to law-enforcement organizations, ISPs, and blocking organizations
worldwide.”
He concludes: “We were surprised to find that Trojans posed a bigger threat than phishing
attacks, but RSA gives us the confidence that we are comprehensively protected not just
from the kind of attacks we expect, but also from any new threats as they emerge.”
©2012 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo and FraudAction are the property
of EMC Corporation in the United States and/or other countries. All other trademarks referenced are the property of
their respective owners. PAYSAFE CP 1012
RANDOLPH-BROOKS
FEDERAL CREDIT UNION
Revitalizing Efficiency and Customer
Service with RSA Technology
“We choose to partner with RSA for all these projects because
it offers us a timely, in-depth, global view of potential threats,
enabling us to be better prepared.”
CHARLES BEIERLE, VP INFORMATION SYSTEMS, RANDOLPH-BROOKS FEDERAL CREDIT UNION
AT-A-GLANCE
Key Requirements
–– Optimize efficiency of internal
policy-management, compliance,
and business-continuity efforts
–– Deliver enhanced member
experience with more proactive
services
–– Create flexible, automated platform
with ability to identify and respond
to real-time threats
Ranked among the top 25 of nearly 7,700 financial cooperatives in the
United States, Randolph-Brooks Federal Credit Union (RBFCU) is one
of the strongest credit unions in the country with more than 385,000
members and total assets exceeding $4.9 billion. Recognized for
financial stability, the credit union consistently receives the highest
ratings of “Five Star” and “Superior” from two respected independent
organizations that rate financial institutions in the United States.
It operates from 40 locations across South Central Texas.
KEY REQUIREMENTS
Solution
–– T he RSA Archer GRC suite single
dashboard integrates, aggregates,
and maps multiple threat and
vulnerability feeds
®
™
–– R
SA FraudAction™ service provides
broad visibility and specific
intelligence into all threats
Results
–– Reports are now faster and simpler
to create, metrics immediately
available and easier to read
–– Phishing and other types of fraud
attacks are down by about 75
percent in one year
–– Deeper visibility into internal security
stature and global threat landscape
enables RBFCU to offer proactive,
value-added services
CUSTOMER
PROFILE
Originally chartered in 1952 to serve personnel at Randolph Air Force Base, RandolphBrooks has expanded to include employees and associates at more than 2,000
select groups and several geographically defined communities in the San Antonio
and Austin areas.
Eager to build on its success, the credit union prioritizes optimization of both internal
efficiency and external services, in order to keep members happy and profitability high.
This objective touches on a wide range of areas – from protecting members against
online fraud threats, to ensuring that internal processes, like incident management
and compliance, are properly managed.
Responsibility for addressing much of this falls under RBFCU’s IT security team. Led by
Charles Beierle, VP Information Systems, the three-person team had its work cut out for
it, needing to carry out in-depth incident tracking, reporting, and response using
manually updated spreadsheets.
As Beierle explains: “The time and effort involved in these activities meant that reports to
management and audit exercises were delayed, and we had trouble determining our level
of success at any given time. Moreover, whenever any new issues emerged – such as a
sudden increase in a particular type of threat – coordinating a response while staying on
top of our internal priorities was a challenge.”
RBFCU needed a centralized, automated platform that would enable both the security
team and non-technical business users to achieve greater visibility and efficiency when
dealing with these issues. The core requirements were:
–– Efficient communication among security, management, and business teams to ensure
clear education on policy requirements
–– Transparency around goals and objectives for the security team, easily flagging
developing threat trends
“We were impressed by the
speed of RSA’s response
and its global reach. It really
showed us the value of the
FraudAction solution, so
we had no hesitation in
deploying it.”
CHARLES BEIERLE, VP INFORMATION SYSTEMS,
RANDOLPH-BROOKS FEDERAL CREDIT UNION
–– Accountability around areas where the security team could improve its approach,
and in terms of identifying the users who infringe policy regularly and so need more
guidance
–– Centralized control to identify which areas of the company could benefit from increased
awareness. Of all policy infringements, 90 percent are unintentional, so deeper insight
was needed to help identify which were genuine threats and which just needed
clarification
–– Easy integration of new elements when changes in market landscape, member
behavior, or regulatory requirements dictate
SOLUTION
With these needs in mind, RBFCU turned to its long-time security partner, RSA – The
Security Division of EMC, for support. Having viewed a demonstration of the policytracking automation capabilities of the RSA Archer GRC suite, Beierle immediately saw
the potential for improving activities such as policy enforcement and business continuity.
Taking a phased approach, RBFCU deployed the Enterprise, Business Continuity,
Compliance, Policy, and Incident Management modules of the RSA Archer suite. A single
dashboard integrates and aggregates multiple threat and vulnerability feeds from the
modules as well as other sources like the organization’s RSA enVision® security
information and event management (SIEM) platform. It then maps this data to the impact
it can have on the organization and its members. Access to the platform was offered to
selected users from across the business, including security, project management, risk
management, and executive leadership.
The flexibility of the platform to incorporate new elements was soon put to the test,
when RBFCU noted a sharp increase in phishing and Trojan threats against its members.
Attacks were being launched 24/7, from all over the world, making it challenging for
Beierle’s small team to respond quickly.
RSA stepped in to combat one phishing attack, running a demo of its FraudAction service,
which is supported 24/7 by the RSA Anti-Fraud Command Center. “We were impressed by
the speed of RSA’s response and its global reach,” recalls Beierle. “It really showed us the
value of the FraudAction solution, so we had no hesitation in deploying it.”
The data from the new RSA FraudAction anti-phishing and anti-Trojan solution was
soon integrated into the central RSA Archer dashboard, so that the team could maintain
constant visibility of where threats were emerging and how they were being resolved.
“The data-import feature of RSA Archer saved us a huge amount of time and effort
initially,” says Beierle. “We could simply import the data from existing FraudAction
report spreadsheets automatically. Doing it manually would have taken days.”
page 2
RESULTS
By implementing the centralized RSA Archer platform to manage its policy, compliance,
business-continuity, and workflow challenges, RBFCU has seen a marked improvement in
company-wide efficiency. With all incident communications now in one place, it is much
easier for security personnel to direct conversations with other stakeholders. As Beierle
puts it, “the interactive dashboard is much clearer and more engaging than a spreadsheet
– not to mention easier to collate the information – so both business users and IT find it
more intuitive to work with. As we are all working from the same centralized data source,
it also means there’s no longer a risk of multiple versions of a report spreadsheet being
created. This amounts to a single version of truth across the organization.”
Along with the user-experience benefits of the RSA Archer suite, RBFCU is able to perform
better when it comes to meeting audit expectations by having information continually
updated and immediately available. The combination of both enhanced visibility and
usability means that Beierle’s team has seen better engagement and interest from the
senior-management team, which is now also appreciating the value of having such
centralized, automated solutions in place.
While these improvements have been felt internally, the addition of the RSA FraudAction
service has delivered real advantages to RBFCU’s members as well. Since strengthening
its response to new threats, the organization has seen the level of phishing attacks
against members’ accounts reduced by around 75 percent in just one year.
The anti-Trojan element of the FraudAction service has also enabled RBFCU to take a
more proactive approach to helping members deal with Trojan attacks and recover any
credentials that are stolen. “Our members are very impressed and reassured when we
contact them to flag any issues and show them how to resolve them,” says Beierle. “This
is just one example of how the automation of so many of our core manual processes has
given us more time to focus on delivering more value-added services to our members.”
RBFCU plans to continue building on the foundations it has in place by implementing the
RSA Archer Vendor Management module over the coming months. It is also considering
incorporating the RSA CyberCrime Intelligence Service, which forms part of the RSA
FraudAction offering, to gain greater insight into malware threats against its corporate
network.
CONTACT US
www.emc.com/rsa.
www.emc.com/rsa
Beierle concludes: “We choose to partner with RSA for all these projects because it
can offer us a timely, in-depth, global view of where the next threats might come from,
enabling us to be better prepared. We also really like RSA’s strategy of integrating its
technologies and having everything in one place – this aligns perfectly with our
objectives to run as efficient and effective an organization as possible.”
©2012 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, Archer, enVision, and
FraudAction are the property of EMC Corporation in the United States and/or other countries. All other
trademarks referenced are the property of their respective owners. RBFCU CP 0412
RAPATTONI
Rapattoni builds business by protecting
customer interests
AT-A-GLANCE
Key Requirements
user experience
–– System that learns from past
attacks
–– Safeguard personally identifiable
information such as sensitive
homeowner information
Solution
–– Authentication manager with
authentication software and
hardware tokens
–– Industry-leading risk-based
authentication and fraud-detection
platform
Results
–– Many of its customers are using the
two-factor authentication solution
and will eventually transition to
adaptive authentication, ensuring
greater protection of personally
identifiable information
“We want to accelerate our business through a stronger security
infrastructure to enhance customer confidence. Personally
identifiable information such as sensitive homeowner
information is sometimes unintentionally compromised. RSA®
Adaptive Authentication successfully addresses these issues
and also provides a springboard for further growth.”
TIM P. JOHNSON, CHIEF FINANCIAL OFFICER AND VP OF BUSINESS DEVELOPMENT, RAPATTONI
Rapattoni is one of the leading software providers for the U.S. real estate
industry. Established in 1970, the company provides the technology to
power more than 100 Multiple Listing Services (MLS) which are in turn
used by more than 250,000 real estate professionals to share
information about properties for sale.
KEY REQUIREMENTS
An MLS, which consists of hundreds of data fields that provide real estate agents with
information relating to listed properties, is an indispensable tool for U.S. real estate agents.
Rapattoni provides its MLS service via a Software-as-a-Service (SaaS) model, ensuring
MLSs receive frequent software updates. Several years ago, Rapattoni implemented a
market-leading strong authentication system based on software and hardware tokens to
allow MLSs to protect their systems from unauthorized use. The implementation was a
great success, with a large number of real estate professionals using tokens for secure
website access to safeguard clients’ personal information.
Rapattoni was particularly interested when its trusted vendor launched a new adaptive
authentication solution. This is a comprehensive authentication and fraud-detection
platform that monitors and authenticates customer activity based on risk levels,
institutional policies, and customer segmentation. As a result, Rapattoni was keen to
incorporate the technology into its MLS offerings.
It believed the solution could galvanize existing security protection and equally
importantly, in a small but intensely competitive market undergoing economic turmoil,
Rapattoni understood that the solution could also be used as a market-winning
business differentiator.
CUSTOMER
PROFILE
SOLUTION
Tim P. Johnson, Chief Financial Officer and VP of Business Development, Rapattoni, said:
“The RSA SecurID® system is a great advantage for our MLS customers. In line with our
philosophy of introducing innovative technologies, we also decided to offer our
customers RSA Adaptive Authentication.”
“RSA has a very strong
reputation in the U.S. due to
extensive use of its security
technologies throughout the
banking community. Clearly
it’s a great benefit for
Rapattoni to be aligned
with such a strong brand.”
TIM P. JOHNSON, CHIEF FINANCIAL OFFICER
AND VP OF BUSINESS DEVELOPMENT,
RAPATTONI
RSA Adaptive Authentication establishes the identity of users by measuring a series
of risk indicators such as device identification, geographical location, and behavioral
profiling. By deploying the technology, Rapattoni’s customers ensured legitimate users
can securely access the MLS from an office PC, notebook, or remote PC at a client site,
regardless of location.
It works by collating fraud indicators with user profiling and transactional behavioral
patterns and identifies behavior and activity patterns that do not conform to historical
patterns and known activities. If the RSA Adaptive Authentication system does not
recognize the IP address range, the user will need to answer a series of ‘challenge
questions’ in order to be authenticated.
If the IP address range does not reflect common usage patterns, a series of further flags
will also be raised, requiring more responses from the user before access is permitted.
All incoming logon attempts are vetted against RSA’s eFraudNetwork™, the industry’s
first and largest cross-institution, cross-industry, and cross-platform online fraud network
dedicated to sharing and disseminating information on fraudulent activity.
The company unveiled the solution at a Rapattoni customer tradeshow, branding it
Rapattoni Secure Logon. Johnson says: “The response was incredibly positive. All of
our customers who saw this showed an immediate interest and wanted to know about
deploying it.”
RESULTS
Johnson says: “Our customers immediately understand the value of this solution. It’s also
widely used by many U.S. financial institutions for online banking and as such is already
highly regarded. It has a very good reputation for protecting personally identifiable
information.”
CONTACT US
www.RSA.com
www.rsa.com
Rapattoni operates in a relatively small but highly competitive market. When it began
offering adaptive authentication, the real estate market had begun contracting due to the
economic climate. But the solution helped the company galvanize its market position.
“RSA Adaptive Authentication enhances our reputation in a tough economic climate,
which gives us an edge over competitors. It’s a compelling offering and MLS sales are
reflecting that,” adds Johnson.
RSA is a comprehensive provider of strategic and innovative authentication solutions
that enable organizations to successfully meet growing needs. This has helped Rapattoni
employ multiple authentication technologies to not only meet security objectives but also
drive forward with its business goals.
©2003-2007 EMC, the EMC logo, RSA, the RSA logo, eFraudNetwork, and SecurID are trademarks or registered
trademarks of EMC Corporation in the United States and/or other countries. All other trademarks mentioned herein
are the property oftheir respective owners. RAPAT CP 0409
RSA ISRAEL
RSA puts its own technology to the test
“The RSA® Adaptive Authentication solution was very smooth to
deploy and easy to integrate, which accelerated our rollout of
the enhanced authentication model across the entire enterprise
user base.”
AT-A-GLANCE
Key Requirements
–– Innovative remote security solution
to authorize R&D data access
–– Real-time fraud/threat detection
experience
LIRAN COHEN, SENIOR SECURITY ENGINEER EMC GLOBAL SECURITY ORGANIZATION,
SBS OPERATIONS ISRAEL
RSA, The Security Division of EMC, is the premier provider of security
solutions for business acceleration. Working with more than 90 percent
of the Fortune 500, it helps many of the world’s leading organizations
succeed by solving their most complex and sensitive security challenges.
Solution
–– Deployed adaptive authentication
compatible with existing remoteaccess system
–– Solution recognizes users by
devices used, only challenging
beyond single-password sign-on
when a high risk is identified
–– Validate POC success by running
environment through thirdparty-vendor scrutiny
Results
–– Fewer login hurdles for employees
–– Remote and onsite users operate
more efficiently without
compromising data security
–– RSA is able to demonstrate
strength of its own internal
security strategy
CUSTOMER
PROFILE
KEY REQUIREMENTS
As a leading global IT security provider, RSA, The Security Division of EMC, takes the
protection of its own data very seriously. To inspire customers’ confidence in its solution,
it must set a high security standard across its network.
Much of RSA’s research and development takes place at its Israel headquarters, one of
the largest EMC sites in the world. Approximately 300 engineers and other employees
onsite, as well as a number of remote workers, need access to data on this network.
Before this project, users accessed appropriate information using hardware tokens. While
this strong, two-factor authentication met EMC data-access standards, the IT team wished
to further enhance and simplify the employee-authentication process.
“We wanted a solution that would fit well with the wider EMC network and be simple
to use, while maintaining the highest possible level of security,” explains Liran Cohen,
Senior Security Engineer EMC Global Security Organization, SBS Operations Israel.
“Before, we asked users to enter a password to traverse the firewall but we wanted
to eliminate this step by enabling the system to authenticate them when they entered
their usual corporate login information.”
SOLUTION
“It made sense to deploy RSA® Adaptive Authentication behind our corporate firewall to
meet our need for a simpler-to-manage authentication solution,” says Cohen. “It enables
us to assign a risk score for each activity, only challenging users where the risk is high.
It recognizes users based on their device fingerprints so a worker doesn’t need to enter
a password every time he or she uses their own laptop, but only when accessing the
system from another machine.”
“Our own experience of RSA
Adaptive Authentication,
combined with in-depth
assessment by a third-party
vendor, has shown us that
the solution is the best fit for
our organization. It delivers
robust security along with a
smooth user experience.”
LIRAN COHEN, SENIOR SECURITY ENGINEER
EMC GLOBAL SECURITY ORGANIZATION,
SBS OPERATIONS ISRAEL
It was important for the team to fully evaluate the solution before deploying it across the
organization, so a proof of concept (POC) was undertaken. It built a test environment
mirroring RSA Israel’s production environment, but with RSA Adaptive Authentication
sitting behind the firewall. User groups were identified using EMC’s Corporate Active
Directory account and permitted access to data depending on their permissions listed
in this directory.
After running the test environment for three months to ensure its compatibility with the
organization’s existing infrastructure, RSA Israel sought external validation of its findings
and asked a third-party vendor to check the solution for vulnerabilities. “The external
testing found a very low level of risk, thanks to the fact that all authentication was being
conducted within the network,” explains Cohen. “This was the deciding factor for us, and
after this we went ahead with deployment.”
RESULTS
Cohen recalls: “The solution was very smooth to deploy and easy to integrate, which
accelerated our rollout of the enhanced authentication model across the whole user
base.” Employees working at the Israel site, or even accessing its data and systems from
other locations, are now able to work much more efficiently, accessing what they need
quickly and with fewer security hurdles to negotiate. All the while, the level of security
demanded by the organization is maintained.
CONTACT US
“Users now just have to remember a password and no longer need to worry about
forgetting or losing their hardware token,” concludes Cohen. “If the Risk Score is high or,
for example, they are authenticating from an unrecognized workstation, then they will be
asked to answer additional questions, but the system is smart enough to ensure the user
experience is always smooth and stress-free. Meanwhile, we know that we’re setting the
best example to the rest of the security industry with our own data-protection strategy.”
www.RSA.com
www.rsa.com
©2011 EMC Corporation. EMC, the EMC logo, RSA, and the RSA logo are trademarks or registered trademarks of EMC
Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective
holders. RSAISR CP 0211
STATE EMPLOYEES’ CREDIT UNION
Member funds and personal information
kept safe with anti-fraud solution
AT-A-GLANCE
Key Requirements
–– Dedicated anti-fraud cybercrime
operation to protect credit union
members’ data from phishing and
Trojan attacks
–– Ability to track and retrieve
fraudulently obtained information
Solution
–– Deployed anti-phishing and antiTrojan services to protect members
from having their information
compromised
–– Both services supported by antifraud center, providing forensics
on fraud attempts
Results
–– Phishing attempts neutralized in
as few as 20 minutes, often before
going live
–– S
uccessful Trojan attacks
significantly reduced
–– Compromised data quickly tracked
and retrieved, enabling SECU to
alert members about potential
fraud threats
“The RSA® FraudAction™ anti-fraud solution is able to identify
malicious attacks when they are in development and neutralize
many of them before they go live, so our members are rarely
affected. These accelerated results have persuaded us that it
is the best proactive solution on the market today.”
RICK RHOADS, SENIOR VICE-PRESIDENT, E-SERVICES, STATE EMPLOYEES’ CREDIT UNION
State Employees’ Credit Union (SECU) is a non-profit financial cooperative
owned by its members. SECU has been providing the employees of the
state of North Carolina and their families with consumer financial services
for over 70 years. Currently serving more than 1.6 million members, SECU
provides services through 226 branch offices, over 1,000 ATMs, 24x7 call
centers, and a website: www.ncsecu.org.
KEY REQUIREMENTS
Serving 1.6 million state employees across North Carolina, SECU needs to ensure the
security of members’ personal and account information. Members want to be confident
that their hard-earned savings are safe from fraud.
SECU needed an anti-Trojan service to protect members from Trojans located on their own
personal computers without having to degrade the user experience of the credit union’s
secure websites. With malicious online activity against the financial industry increasing,
SECU also found that its members were being targeted by phishers from outside the
U.S. The volume of attacks and the fact that they were being made in a foreign language
meant that the organization was unable to combat them effectively, lacking the expertise
and global contacts to identify their source.
SECU needed a service that would combat phishing attacks quickly, no matter where they
originated. It required real-time fraud/threat detection with minimal impact to user experience.
“We had to make sure these attacks were not impacting our members,” explains Rick
Rhoads, Senior Vice President, E-Services, State Employees’ Credit Union. “They rely on
us to keep their money safe, so we take any attempts at fraud very seriously.”
CUSTOMER
PROFILE
SOLUTION
After five days fighting a particularly aggressive phishing attack, SECU accepted an offer
from RSA to apply its RSA FraudAction anti-fraud service to identifying the source and
combating it.
“Within twenty minutes, RSA had managed to bring down the attack,” says Rhoads.
“You can’t ask for a better proof of concept than that!”
“Fraudsters are constantly
inventing new ways to breach
organizations’ data defenses.
We’ve been very impressed
with RSA’s proactive approach
to staying ahead of the threats.
We expect that RSA will
continue to evolve solutions
to counter emerging threats
and, in doing so, to add value
for us and our members.”
RICK RHOADS, SENIOR VICE PRESIDENT,
E-SERVICES, STATE EMPLOYEES’ CREDIT UNION
The organization therefore decided to deploy the solution permanently in order to
continue benefiting from this level of protection from phishing attacks. The 24x7
monitoring and detection with real-time alerts, reporting, and forensics meant that
a number of attempted attacks over the next few months were brought down within
hours, many while they were still at the development stage.
“Like any sort of software developer, phishers need to test their programs before they
deploy them fully,” Rhoads explains. “The solution is able to identify malicious attacks
when they are at this initial stage and neutralize them before they go live, so our
members are never affected. Without it, we would have only found out about new
phishing attempts when our members alerted us to them. These accelerated results have
persuaded us that the RSA FraudAction anti-fraud service is the best proactive solution
on the market today.”
The RSA FraudAction service is powered by the RSA Anti-Fraud Command Center (AFCC),
whose team of analysts do continuous research and forensics work to stop online
criminals. Eager to extend this support from focusing just on phishing attacks to other
common types of fraud, SECU expanded its solution to cover Trojan attacks as well.
RESULTS
“We’re seeing a huge benefit from using the RSA FraudAction anti-Trojan service, which
has reduced successful attacks in line with the expectations set by the anti-phishing
service,” says Rhoads.
Besides stopping new attacks, of key importance to SECU is the ability to capture any
compromised data and prevent its sale on the worldwide underground market. Its security
team previously had limited success attempting such monitoring and prevention efforts.
CONTACT US
www.RSA.com
www.rsa.com
“The RSA AFCC has the global reach and expertise to infiltrate these underground markets
and ensure our members’ data does not get sold to third parties for further illegal use,”
Rhoads adds.
This enhanced visibility of fraud attempts lets SECU add further value for its members by
notifying them when their data has been compromised – be it their SECU account details
or those of any other financial institution.
Rhoads concludes: “Fraudsters are constantly inventing new ways to obtain personal
data from consumers but we’ve been very impressed with RSA’s proactive approach to
staying ahead of the threats. We expect that RSA will continue to evolve solutions to
counter emerging threats and, in doing so, to add value for us and our members.”
©2011 EMC Corporation. EMC, the EMC logo, RSA, the RSA logo, and FraudAction are trademarks or registered
trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property
of their respective holders. NCSECU CP 0211
U.S.-BASED BANK
Mid-tier U.S. bank reduces fraud to negligible levels
AT-A-GLANCE
Key Requirements
–– Meet Federal Financial Institutions
Examination Council (FFIEC)
“Authentication in an Internet
Banking Environment” regulation
requiring increased security for
online banking
–– Deploy accurate, real-time fraud/
threat detection with minimal
impact to user experience
Solution
–– Leveraged existing use of security
tokens by implementing a
comprehensive authentication and
fraud-detection platform
–– Rolled out technology to 300,000
online banking users over a threemonth period
Benefits
–– Reduced existing, relatively small,
levels of fraud to almost negligible
levels
–– The bank is implementing new
levels of protection, including postlogin protection, with transaction
monitoring
“RSA® Adaptive Authentication not only accelerated our drive
towards complying with new regulatory mandates but also
helped us introduce a comprehensive online identity system
that has increased security, resulting in online fraud falling
to minimal levels.”
VICE-PRESIDENT, MID-TIER U.S. BANK
This mid-tier U.S.-based bank has been in existence for more than 100
years. It provides a broad range of financial services for businesses and
individuals as well as investment, financial-management services, private
banking, and insurance services. It has an employee headcount that
numbers over 10,000 and an international reach with overseas offices.
KEY REQUIREMENTS
Along with other U.S. financial institutions, this bank was faced with a set of new
requirements from the FFIEC, a federal financial-regulatory umbrella body that sets down
standards for the U.S. financial-services industry. These regulations stated that existing
user IDs and passwords did not provide sufficient levels of security for online banking.
In 2005, the bank had already conducted a survey of fraud risks for online banking and
realized that there were some clearly established patterns. For example, they determined
that fraudsters were cracking user IDs and transferring funds from the compromised
accounts.
When the FFIEC issued its mandate in 2005, the bank was already researching alternative
methods of increasing online security. Internally, it had made some software changes to
security controls and had truncated account numbers so the full number did not appear
on screen when a user logged in.
But as it researched online security vendors, the bank discovered that many of the
companies offering solutions were relatively new, lacked financial viability, and
sometimes did not have a mature product.
It needed an established vendor with strong authentication and accurate fraud/threat
detection technology.
CUSTOMER
PROFILE
SOLUTION
The bank already had an existing relationship with RSA and had deployed thousands
of RSA SecurID® hardware tokens for both commercial customers and employees.
Ironically, two of the solution companies it had been researching, Cyota and PassMark,
were bought by RSA and their technologies integrated to create RSA Adaptive
Authentication.
“RSA Adaptive Authentication
has provided a very solid
foundation for protecting the
identities of online users.
It is also a stepping stone in
extending security to new
areas such as post-login
transactions. One of the
solutions we could explore
is ‘out-of-band’ phone calls
for the riskiest transactions
flagged up by the system.
Functionality such as this
already exists within RSA
Adaptive Authentication
which extends our choices.”
VICE-PRESIDENT, U.S. BANK
CONTACT US
www.RSA.com
Because of the existing relationship, RSA’s financial stability, and the comprehensive
authentication and fraud detection offered by RSA Adaptive Authentication, the bank
decided to implement a hosted version of RSA Adaptive Authentication.
This software-as-a-service (SaaS) deployment delivers frequent updates of risk profiles
while the RSA Adaptive Authentication Risk Engine provides a comprehensive range of
risk indicators. These indicators are based on pattern analysis and establish whether
user actions might be dubious, immediately flagging those requiring investigation.
This was particularly important given that the bank’s online service has approximately
300,000 users, ranging from consumers to small businesses and commercial operations,
and in any given month the website receives approximately four million hits.
Furthermore, within RSA Adaptive Authentication, a case-management system provides a
score, ranging from zero to 1,000. The higher the score, the more likely that some form of
fraudulent activity is occurring; the lower the score, the more likely that the user is
logging in from a known PC and location.
These and other features assured the bank that RSA Adaptive Authentication in the SaaS
deployment mode was the correct choice.
RESULTS
While the bank had not previously suffered high levels of fraud, it was reduced to almost
negligible levels following the rollout of the authentication solution. This has remained
consistent since the implementation, despite a rise in fraudulent activity.
Following the introduction of the hosted service, the previous customer logon procedure
was bolstered with a registration process in which a customer had to set three challenge
questions. If during a customer login the risk score is particularly high, one of the
challenge questions is presented to authenticate their identity.
Flagged actions that receive a high risk score are investigated by the bank’s fraud unit.
This uncovers attempted fraud while also preventing further deception. When unusual
behavior is flagged by the system, users are contacted to confirm the suspicious activity.
The SaaS deployment has been running for almost three years with minimal disruptions
and downtime. An average of 99.51 percent of transactions are analyzed within 600
milliseconds.
The bank has been able to comply with FFIEC regulations and is also well-placed to
implement new types of anti-fraud protection around post-login transactions using
transaction monitoring.
www.rsa.com
©2011 EMC Corporation. EMC, the EMC logo, RSA, the RSA logo, and SecurID are trademarks or registered
trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the
property of their respective holders. USBANK CP 0211
ZURICH FINANCIAL SERVICES
Global insurance group ensures seamless
secure access for remote workers
AT-A-GLANCE
Key Requirements
–– Replace remote-access platform
with newer, more flexible
technology, while preserving
a high level of security
–– O
verhaul user-authentication
process to make it easier for
staff to log in to remote network
–– Use simple, software-based
authentication to reduce
management overhead and
enable large-scale deployment
Solution
–– RSA Adaptive Authentication to
enhance security within large
internal network environment
–– Zurich and RSA teams collaborated
to ensure seamless integration
between RSA Adaptive
Authentication and new Cisco
AnyConnect Remote Access platform
–– Solution deployed to 50,000 U.S.
employees and contractors, with
roll out extending to a further
50,000 in rest of world
Results
–– New Cisco browser-based platform
offers secure access to corporate
data, with identity-authentication
vastly simplified
–– RSA Adaptive Authentication
ensures high level of security by
unobtrusively assessing risk of
unauthorized access
–– Reduced management burden on
security team, with no end user
hardware or software installations
to maintain and fewer help desk
enquiries
CUSTOMER
PROFILE
“Integrating RSA® Adaptive Authentication into our new Cisco
VPN infrastructure has enabled us to extend remote network
access to all our employees, while maintaining the high level of
security we had with our hardware-based system. The adaptable
Risk Engine within the RSA solution ensures that we can trust it
to accurately identify when there is a potentially unauthorized
access attempt, and that genuine users can log in quickly and
with minimal fuss.”
ANDREW STONE, GLOBAL HEAD OF INFORMATION SECURITY SERVICES, ZURICH FINANCIAL SERVICES
Zurich Financial Services is one of the world’s largest insurance groups,
and one of the few to operate on a truly global basis. It offers a wide range
of general and life insurance products for individuals, small businesses,
mid-sized and large companies, and multinational corporations. With over
60,000 employees serving customers in more than 170 countries, Zurich
has strong positions in North America and Europe, and growing positions
in Asia-Pacific, the Middle East, and South America.
KEY REQUIREMENTS
As one of world’s largest providers of insurance to individuals and organizations, Zurich
puts assessing and mitigating risk at the heart of its business. A priority for Zurich’s
Information Security department is balancing employees’ need to access sensitive
customer data in order to perform their roles effectively with the company’s responsibility
to ensure information is safeguarded against those not authorized to view it.
Within Zurich’s U.S. operations, it had established a virtual private network (VPN)
platform to provide some staff with remote-access to its network when outside the office.
This was based on Nortel technology, with hardware tokens used to ensure only
authorized employees could access the system.
By 2010, the VPN platform was coming to the end of its life. Zurich saw an opportunity to
replace it with a new remote-access system that was easier to use and administer, and
which could be extended to the rest of its employees. Given the scale of Zurich’s U.S.
operations (50,000 staff), it needed to meet the following two requirements: no hardware
or software to be installed on a computer before it could connect to the network and
integration of a streamlined authentication solution.
Andrew Stone, Global Head of Information Security Services at Zurich, said: “Our
priorities for the new system as managers were closely aligned to those of the users
within the business. We knew that a platform which made it simpler and quicker to
securely log on to the network would better support the needs of users within the
business, and reduce the amount of time the team spent responding to help desk
enquiries and managing an inventory of security tokens.”
“For staff, the new technology
offers a simple browser-based
platform for remote network
access that only requires
them to enter a user name
and password on the majority
of occasions. Despite the
ostensible ease with which
access is granted, in reality
each access attempt triggers
the Adaptive Authentication
solution to perform multiple
checks in the background to
verify that whoever is trying
to log in is indeed who they
claim to be.”
ANDREW STONE, GLOBAL HEAD OF
INFORMATION SECURITY SERVICES,
ZURICH FINANCIAL SERVICES
Zurich chose to deploy Cisco’s AnyConnect Remote Access solution. This uses a browserbased portal from which remote workers can securely access internal applications and files,
bypassing the need to install a software package on individual computers. For an extensive
organization such as Zurich, the platform can be configured according to the needs of
particular users or business divisions. For example, depending on their specific requirements,
users can use the technology to access virtualized instances of key applications that might
perform specialized processes such as filing or updating the status of claims.
With security a top concern, Zurich needed an effective identity-authentication tool that
could integrate with Cisco’s VPN technology to ensure that only authorized users could
gain access to the network, but which did not interfere with the streamlined process of
logging on to the new system.
SOLUTION
At the time, RSA had recently launched Adaptive Authentication, a comprehensive riskbased authentication and fraud-detection solution. This offers strong protection against
unauthorized access, but unlike other authentication solutions it performs its risk
analysis silently in the background without the end user necessarily being aware that
this is taking place. This had previously been used mainly in a consumer-facing
environment – however, Zurich saw the potential to deploy its streamlined authentication
capabilities in its large internal enterprise setting.
“We immediately saw the benefits of having a powerful but unobtrusive tool in place to
control access to Cisco’s new VPN platform,” said Stone. “In a company like Zurich, which
has a large and geographically dispersed employee base, any measures we can take to
simplify employees’ experience of using our IT systems can translate into significant cost
and time savings for management. Adaptive Authentication’s streamlined approach to
user authentication opened up the possibility of extending access to the new platform to
all 50,000 of our U.S. employees.”
Prior to committing to a deployment of the Cisco and RSA solutions, Zurich wanted to
make sure the technologies worked together to offer a seamless user experience. It
collaborated with RSA to develop a proof-of-concept to confirm this, with both teams
working to develop the necessary software components. This proved successful, with the
Cisco AnyConnect platform capable of integrating with Adaptive Authentication’s identityauthentication processes to produce a best-of-breed solution. By investing effort upfront,
Zurich could be sure that the resulting deployment delivered the secure, user-friendly
solution it required.
Stone described the experience from an employee’s perspective: “For staff, the new
technology offers a simple browser-based platform for secure remote network access that
only requires them to enter a user name and password on the majority of occasions.
Despite the ostensible ease with which access is granted, in reality each access attempt
triggers the Adaptive Authentication solution to perform multiple checks in the
background to verify that whoever is trying to log in is indeed who they claim to be.”
As part of this background check, RSA technology tests a wide range of different variables
against how they would normally expect to appear. For example, it can detect if the IP
address a user is trying to log in from is different from that which they are normally
associated with. If a sufficient level of risk of a fraudulent access attempt is detected,
Adaptive Authentication then prompts the user to input more identifying data, with the
exact response tailored according to the level of risk that has been determined.
page 2
The Zurich team was also able to present a compelling business case for the new
technology, showing how it could enable secure remote working to be extended to all
users for no additional cost, when accounting for the reduction in overhead associated
with managing the prior VPN system.
RESULTS
The new secure remote-access solution based on Cisco’s AnyConnect Remote Access
technology and RSA Adaptive Authentication technology has now been successfully rolled
out across the U.S., covering 50,000 employees in almost all of Zurich’s business units in
the region. The team is now focusing on extending the solution to Europe and then the
other geographical territories where the company is active, including the Middle East,
Asia-Pacific, and South America, covering an additional 50,000 users. Using the
technology as part of everyday operations in the U.S. has proved it to be a much better
solution for both employees and the IT team.
Zurich is confident in the accuracy of the security provided by Adaptive Authentication.
The RSA Risk Engine driving the solution is capable of adapting to respond to the security
and usage environment it operates within, minimizing false positives and ensuring its
authentication priorities remain valid.
Stone comments: “From a management perspective, the new remote-access platform
based on RSA and Cisco solutions delivers significant time and cost savings over the old
infrastructure, making a full-scale deployment practicable for the first time. Previously,
establishing access to the network required an IT support engineer to spend time
manually preparing an employee’s computer. This has now been vastly simplified,
speeding up the process for both employees and support staff.”
With no end user software or hardware to manage, and employees experiencing fewer
problems trying to access the system, the IT team’s time has been freed to focus on
supporting the objectives of the business. The ongoing cost of supporting the platform
has been reduced, with no physical hardware inventory to account for and replace.
CONTACT US
The flexibility of the remote-access solution based on RSA and Cisco technology also
means that it can be adapted to fit the business’s IT requirements as they develop in the
future. For example, the integrated, browser-based nature of the access portal makes it
possible to extend its coverage to mobile devices, such as smartphones and tablets,
something which the IT team at Zurich is currently looking into.
www.emc.com/rsa.
www.emc.com/rsa
property of their respective owners. ZURICH CP 0512

RSA Customer Profiles

Transcription

Similar documents

Perak

AllPoints Bulletin - Riverside Sheriffs` Association

Procedure for the Detection of Anomalies in Public Key Infrastructure

Presentation () - Association of International Education

User Manual

H10893 We Energies

How to configure your email client

Social Security Fraud, Similar Fault, and Penalties

Shark Attacks - International Wildlife Museum

“Be Better, Not Bitter”