Blog
-
May 6, 2013
Account Takeover: What You Need to Know
A few weeks ago, I spoke at the Merchant Risk Council in London with Sudhir Jha from Google about Account Takeover (ATO). For several years ATO has been a hot topic for email platforms and social networks, and is now gaining mindshare fast from leading merchants. Ironically, in many ways, merchants are somewhat responsible for the rise in ATO. Merchants became so good at identifying and blocking fraud at the transaction level that fraudsters were forced to identify new methods.
-
April 30, 2013
Learning from LivingSocial
With the huge LivingSocial hack that we read about the other day it’s clear that there are common themes that we’ve seen many times lately. In this case the news is a little better than previous but let’s review what we know: 1. 50 million accounts have been compromised with email address and salted passwords 2. Living Social as a precautionary measure is asking all users to reset their passwords 3. No news on how the hack was perpetrated
-
April 25, 2013
AP Hack Begs for Stronger Security
The other day the Associated Press (AP) twitter feed was hacked through a spear-phishing attack against AP employees. It was apparently instigated by the Syrian Electronic Army (SEA) — a Syrian government aligned hacking group. The SEA has either taken credit for or has been blamed for attacks recently against news organizations like CBS, NPR, and the BBC, as well as international organizations like FIFA.
-
April 12, 2013
Justin Bieber’s Twitter Followers are Fake!
On my way to work this morning I was listening to popular morning show Kevin and Bean. They were discussing Socialbakers’ recent report that more than half of Justin Bieber’s followers are fake. Shocking! Bean went on to say that, “I guess Twitter is free and you only need an email to sign up and since that is free too, you can sign up for as many twitter handles as you want.”
-
March 29, 2013
7 Things You Need to Know about International SMS
1. In the beginning there was only ASCII. ASCII is the basic language that all other character sets are based on. ASCII characters are the uppercase and lower case letters A to Z, plus some basic punctuation. ASCII is a universal set of characters, every device everywhere understands what ASCII is. At the dawn of SMS 20 years ago, ASCII characters were the only ones you could reliably send in an SMS message.
-
March 5, 2013
Top 6 Reasons You Should Consider Voice Authentication
Offering voice-based authentication as a complement to SMS-based authentication isn’t just about offering your users a choice, it’s fast becoming a business requirement for larger corporations and best practice for any web property looking to serve the diverse needs of their global users.
-
February 21, 2013
Mobile World Congress 2013
The upcoming Mobile World Congress in Barcelona, Spain, is the mobile industry's biggest showcase of new devices.
-
February 15, 2013
TeleSign Mobile Joins TeleSign - Another Unconventional Move
Over its 10 year history, RoutoMessaging has become known as something of an unconventional player in a crowded industry. We have stood out for two reasons, above all: our focus on superior quality while most others chase the lowest possible price, and our dedication to achieving truly global coverage by forging meaningful partnerships with operators around the world. Relentless pursuit of these aims has helped us become an indispensable partner to hundreds of customers who depend on us, around the clock, to deliver critical information to their users, no matter where in the world they happen to be. We are very proud to have become a truly integrated part of their business processes.
-
February 14, 2013
Six Crucial Questions for Mission-Critical Messaging
7.8 trillion text messages were sent in 2011 and that number was expected to reach about 9.6 trillion in 2012 (Source: Portio Research). However, for the most part, texting has been a person-to-person (P2P) phenomenon with a smaller portion of the traffic being attributed to business-to-consumer (B2C) SMS, which has grown over 50% in the last two years.
-
February 14, 2013
TeleSign Gears Up for RSA 2013
If you’ve been to RSA before you know it can be quite the show, booth babes, giveaways and sometimes even magicians. This will be my second year going and I can’t wait to set up our newly designed booth with a fully equipped charging station. It doesn’t matter what kind of phone you have, we’ve got the charger for you!
-
February 11, 2013
Launching TeleSign Mobile
In the beginning, TeleSign was purpose built to serve the world’s largest and most visible online web properties. We developed TeleSign to deliver high quality, innovative security products that help our clients prevent fraud and protect their users. We’ve brought that same level of commitment and enthusiasm to the creation of TeleSign Mobile, our Mobile Services division.
-
January 31, 2013
Lessons on Online Relationships from the Manti Te’o Hoax
Whether or not you’re an avid college football fan, you’ve probably heard some recent news coverage about the Manti Te’o hoax. Whether or not you serve high-profile athletes like Manti Te’o, we have three simple recommendations that you can make, in order to prevent your target audience from falling prey to similar online scams.
-
January 29, 2013
Enable two-factor authentication on popular sites
I'll start with a big thank you to C|Net author Dennis O'Reilly for putting together this list. The advice is clear, to protect our accounts and our identity we must turn on two-factor authentication for every account that requires a password. Take O'Reilly's advice and turn on 2FA for all the accounts he references and any others that offer this protection.
-
-
January 3, 2013
Social Networks: The Real Cost of Hacking and Spam (Part 2)
Last time we talked about how much fraud costs an individual user when an online account is compromised. What happens to a social network’s user once they leave? Do they ever come back or are they forever a lost customer? In a digital age where the newest thing is always one step away, the answer is usually geared towards the latter – customers part ways permanently.
-
December 21, 2012
A New Type of Resolution
It’s almost that time of the year, when millions of people decide that a flip of the calendar is a good time to make personal commitments. The tradition of New Year’s resolutions has been around since ancient times, so has the tradition of breaking resolutions by the first week of February. In 2013, instead of letting your gym membership go to waste or instead of paying off your credit card bills (okay you should still do that), I am proposing to make a New Year’s resolution for better online security. Here are a few suggestions that are easy and can take just a few minutes:
-
December 11, 2012
Beyond Username & Password: Building an Intelligent Cloud Registration
Websites need to go beyond traditional verifications for new account registration. Without any checks or balances, fraudsters will exploit sites by creating bogus accounts. They’ll also take over existing accounts by simply guessing their passwords, using over-the-counter hacking tools or leveraging social engineering.
-
December 4, 2012
Barbarians at the Gate
Across the Internet, sites of all sizes are increasingly beset with malicious and criminal users perpetrating social spam, fraud, and cybercrime to a staggering degree. From social networks, to messaging platforms, to ecommerce merchants, once these hackers gain access to a site, the harm they can do is nearly unlimited. Said one ecommerce CEO whose recent success led almost immediately to a flood of new fraud, "When did my site become a haven for thieves looking to cash in their stolen credit cards?"
-
December 3, 2012
Happy Birthday and “Merry Christmas” SMS
The first ever SMS, wishing a friend, “Merry Christmas” was sent on December 3, 1992. That was 20 years ago, which is 100 in technology years. I think my first SMS was, “Did you get this?” A friend and I discovered SMS one afternoon and sent several SMSes while sitting next to each other until we discovered that they cost 10 cents to send and receive.
-
November 20, 2012
Cyber (Criminal) Monday
On the Monday after Thanksgiving, millions of internet users will scour the web looking for a deal on a multitude of holiday deals. Cyber Monday is also a day full of calculations. What’s the savings on the HDTV? Does the addition of sales tax at one merchant offset the shipping savings at another?
-
November 15, 2012
Fraud in Emerging Channels
There is no doubt that new commerce channels and methods of alternative payments will continue to be a big storyline. A recent Javelin Strategy and Research report concluded that four out of five consumers are more likely to make a purchase if alternative payment options are available . Several innovative and disruptive channels are satisfying this consumer demand and presenting merchants with new revenue opportunities.
-
November 12, 2012
‘Tis the Scammy Season
This holiday season it is important to keep an eye out for some common scams circulating the web.
-
November 9, 2012
Ask the Right Questions, Find the Right Solution
The world of two-factor authentication is a bit complicated. There’s literally hundreds of solutions that offer some type of two-factor authentication. There are the physical tokens that display random numbers cycling every 60 or so seconds. Other types include, user or device certifications, out-of-band authentication via SMS, and image-based authentication.
-
November 2, 2012
Malware Sandy
It seems like after every national disaster a secondary storyline is always the new scams that appear almost immediately to take advantage of victims even outside the disaster epicenter. Unfortunately, Hurricane Sandy was the latest reminder that online scammers and cybercriminals will continue to leverage national disasters for their own financial gain.
-
October 31, 2012
Beware of the Halloween Cyber Tricks
Like any other holiday, the fraudsters have taken it upon themselves to divulge in some deceiving trickery for Halloween. It was just this morning that I received a bogus Halloween eCard from my friend Peter, but if only I had a friend named Peter.
-
October 10, 2012
The Never Ending Quest for Data
Our customers are passionate about data. Each additional data point that our customers can leverage adds an extra fraud signal or provides advanced intelligence for any transaction. This passion becomes obsession when we talk about international data with our clients.
-
October 5, 2012
WARNING: Bogus Password Reset Notifications from Skype
This is one variation of an email circulating Inboxes which looks like an authentic message from Skype, encouraging users to reset their password by clicking on a link in the email. Unfortunately, it's a spoof email. Skype would NEVER email customers asking them to do this via email links.
-
October 2, 2012
Preventing Online Fraud (Infographic)
The holidays are a time to give, relax, and spend time with loved ones. To retailers, the holidays represent the opportunity to turn the corner and see their income statements move out of the red and into the black. For online merchants, the season also brings an enormous threat to their bottom line in the form of online fraud.
-
September 28, 2012
‘Tis the Season for Call Center Fraud
More and more of us are shopping online. And so are the fraudsters. The coming holiday season is once again expected to break records for eCommerce sites, and with more shoppers comes more fraudsters. In order not to get scammed this holiday season, companies have to get more vigilant about protecting their users, their brands, and their hard-earned revenues.
-
September 27, 2012
Protecting User Accounts in Online Gaming
Hackers break into everything these days. From Small and Medium Business web games, to online gaming monoliths, to entire networks. User accounts are scattered across the Internet, waiting for the next hacker to catch them with their pants down. Players and game companies, I'm here to tell you how to zip up your fly.
-
September 25, 2012
Forgot Your Password?
Over the weekend I was killing time at a Hallmark store looking for a birthday card. It was probably my first time in a Hallmark store in years, but I needed to kill 15 minutes at a mall and I would rather browse aisles of birthday cards than be chased down the mall by people trying to get me to sign up for a new credit card to get a free shirt.
-
September 6, 2012
Customers Demand Verification
A recent survey by CIFAS, the UK's Financial Fraud Prevention Service found that 43.5% of surveyed consumers feel that companies should do a better job of verifying customer details. The report also found that 25% of respondents thought that better online security would prevent fraud.
-
August 24, 2012
10 Reasons NOT to Work at TeleSign
Research shows that investing in a high-trust workplace culture yields real business benefits like better financial performance, lower employee turnover, and higher quality job applicants. For us it’s pretty simple, it’s a bit more self-serving. We’re passionate about what we do and we like having fun.
-
August 21, 2012
Gaming Essentials: Keyboard, Computer, Security
It’s no secret that online gaming has experienced explosive growth over the past few years. With a plethora of games to choose from, it is essential for companies to do everything possible to keep current players and attract new ones. Nothing can compromise a company's ability to keep and attract players more than security flaws that lead to account takeover and transactional fraud.
-
August 21, 2012
Social Networks: The Real Cost of Hacking and Spam (Part 1)
A prominent blogger’s social networking account was hacked earlier this year. According to the article, the account was hacked, and the blogger’s username, password, and phone number listed on the website were used to set up another fake account to spam her friends with fake solicitations for branded goods. To top it off, the hackers also managed to cash checks linking to the blogger’s credit cards.
-
August 10, 2012
5 Easy Password Best Practices to Protect Yourself from a Hack!
In light of Mat Honan’s recent hacking nightmare, it has become apparent that we all need to be more proactive about their personal account security. Here are 5 Password Best Practices:
-
August 9, 2012
Go Phish?
While going through my Inbox this morning I was concerned to find a notification that I paid a bill for $1136.27, a charge I never authorized. Upon closer look I realized it was a cleverly designed phishing attempt.
-
August 1, 2012
Can Biometrics be Fooled?
In the movies, iris scanning protects high-security vaults and super-secret labs while personalizing billboard ads. In the real world, it helps New York City police track prisoners, screens employees of Bank of America Corp. and travelers at London’s Heathrow Airport.
-
July 25, 2012
Quality Data Equals Quality Leads
Lead generation companies’ success is reliant on the quality of the data the sell to its customers. The competitive nature of this industry has created a large appetite for accurate, real-time data on businesses and consumers.
-
July 23, 2012
Two-Factor Authentication vs. The State of Texas
Increasingly, it’s becoming a fact of life that you need to prove your identity. This is nothing new. For years, you’ve needed some type of ID to get a driver’s license or simply apply for a job. And now, the state of Texas is requiring voters to present photo identification at the polls to combat a culture of election fraud plaguing the state (according to supporters of the Texas law).
-
July 13, 2012
Fraud, There’s an Address for That
Online shopping offers customers the convenience of purchasing their favorite products from their home, their office, or practically anywhere in the world. This has created a boon for eCommerce and invited new threats for online merchants. With limited access to customer data, it is incredibly difficult for merchants to confirm the identity of their online users.
-
July 5, 2012
Voice vs SMS for Authentication
In a recent deployed customer review, TeleSign found that 49.2% of their users chose SMS, while 50.8% chose Voice transactions. In the US, customers preferred Voice significantly to SMS, while many Latin American and European countries preferred SMS.
-
June 29, 2012
The Problem with Passwords
Password security is a prevalent subject among companies and users who are concerned with account compromise, yet many companies still fail to acknowledge the security concerns rising from password use. Recent examples include password hacking incidents against Mitt Romney, a well-known dating site, and the largest professional networking site—all related to password hacking.
-
June 11, 2012
TeleSign Super Heroes
Each month we will feature one of our employees so you can get to know the TeleSign team! Today we start with Bill Carr, Senior QA Engineer, as he answers a fun questionnaire.
-
June 5, 2012
Educating Users on Account Protection
Protecting user’s online accounts is a main concern for businesses right now. Yesterday, when I received this email from Tom Sullivan at the Merchant Risk Council I felt compelled to share it with others. It’s imperative that customers need to be more cautious with their online accounts and the only way for this to happen is through information sharing and educating customers. This MRC letter provides some helpful tips and insights for keeping your customer’s accounts secure.
-
June 1, 2012
Top Security Questions to Ask Your Cloud Provider
I’ve received a lot of questions lately about security in the Cloud and what CTO’s should be considering when they are evaluating it. Here’s my advice, treat the Cloud like an extension of your corporate or production network, don’t treat it or hold it to a lower standards assuming that your cloud provider knows more than you.
-
-
May 24, 2012
A Win-Win Scenario for Domain Registrars and ICANN
In a recent meeting to update the current Registrar Accreditation Agreement (RAA), Registrars and ICANN staff reviewed suggested changes to the RAA which could impact the domain registration process. Law enforcement representatives produced updates to their recommendations with respect to two core issues: Data maintenance and WHOIS validation.
-
May 10, 2012
2FA and What it Means for Businesses
Fraud caused by the compromise of trusted accounts was the hot topic at both the Merchant Risk Council European Congress last week in Dublin and the event in Las Vegas in March. eCommerce Merchants are starting to see types of fraud that have plagued financial services, enterprise, and Cloud for years.
-
May 1, 2012
May is User Authentication Awareness Month
Authentication Awareness Month was created to inform customers and businesses about the benefits of turning on two-factor authentication. Two-factor authentication can prevent user accounts from being hijacked and act as a real-time alert for users whose username and passwords have already been compromised.
-
April 30, 2012
Securing the Convenience of the Cloud
The Cloud market size continues to grow from its current level of $10-25B with expected double-digit compounded growth over the next couple years. In fact, Gartner estimates the cloud market to be $150B by 2013. However, there is one major concern holding CIOs and CTOs from adopting the Cloud. Security.
-
April 20, 2012
Achieving CJIS Compliance in a Timely, Cost-Effective Manner
There's been a lot of buzz lately around agencies becoming CJIS compliant. Before explaining how companies can achieve this, let me give a brief background of what the CJIS division does and why they are requiring this policy.
-
April 18, 2012
Phishing 101
Phishing, the sport of tricking Internet users into clicking through to what looks like a legitimate link, is becoming more personalized and harder to detect. Instead of sending mass emails, fraudsters are posing as companies of which you are actually a customer. This can make it much harder to distinguish phishing emails from legitimate emails.
-
April 12, 2012
Hackerproof Passwords
I’ve been getting a lot of questions lately about creating hackerproof passwords. While I don’t think any method is 100% secure, here are some password tips to prevent an account from being hacked:
-
March 30, 2012
Phone Verification: A Critical Fraud Prevention Tool
TeleSign Phone Verification is fast becoming a critical piece of fraud prevention strategies and increasingly helping organizations automate the manual review process. Interestingly, based on CyberSource’s recent 2012 Online Fraud Report, it was estimated that $3.4 Billion were lost to online fraud in 2011 alone and merchants were rejecting an average of 2.8% of their orders.
-
March 26, 2012
Stupid Password Reset Procedures
I couldn't agree more with Rik Ferguson and Davey Winder - the password reset process is stupid. Worse than being stupid, it is often the loophole in good account security. We recently demoed how easy it is to guess or search for the answer to someone's password reset question at RSA. Players were given a series of typical password reset questions and access to a standard social profile page. We didn't even think to ask something as simple as birthday but I can tell you we should have brought more gift cards and prizes because just about everyone could guess or search the answers with about a 90% hit rate.
-
March 20, 2012
A Convenient Checkout
Shopping online can be quick and painless, but it can also be tedious and frustrating. If I feel that I'm getting the "third degree" before I buy something, I'm going to bail out and go somewhere else.
-
March 6, 2012
My Week at RSA 2012
This year at RSA the TeleSign team was introduced to a lot of new faces. The show floor was packed with different security vendors educating the audience on the newest trends and threats facing the cyberworld. Being able to attend RSA is always enjoyable and makes me come home thinking about new innovations for TeleSign. One interesting person I got to meet was Dr. Zen Kishimimoto, check out my live chat with Dr. Kishimimoto about TeleSign's global delivery of verification messages.
-
February 21, 2012
TeleSign Introduces REST APIs
One of the things TeleSign is working on in Q1 is making our APIs available via a REST interface. Today all of our customers access our APIs via SOAP and we’ve definitely heard that folks want us to provide our APIs in an alternative form since almost all Web Services today use REST.
-
February 17, 2012
Expanding the TeleSign Team
I am extremely excited to announce that TeleSign plans to grow tremendously in 2012! Our team is expanding at a rapid pace and we plan on doubling in size by 2013. Our current open career opportunities are spread across the board and include a Headquarters Sales Director, a Senior Software Engineer, several QA Engineer roles, Business Development Associate, and a Telco Analyst.
-
February 10, 2012
Protect Customers from Online Fraud without Losing Orders and Profit Margins
"Forewarned is forearmed, says the old adage, and that's certainly the case for solution providers specializing in the area of Internet security. Fixing a breach and dealing with its consequences is costly and time consuming. Brenna Lenoir, marketing manager of TeleSign Corp., discusses intelligent authentication with your phone." — Jennifer Bosavage | CRN Magazine
-
January 19, 2012
Bypassing the Mess of Manual Review
When I started at MaxMind six months ago, I took it upon myself to engage with practically every operational task at our office in Waltham, MA so that I could better understand the company’s moving parts. Eventually, I began assisting with the manual review credit of card transactions placed through our website. (We manually review orders that aren’t clear — accepts or rejects in order not to lose valuable sales.)
-
January 12, 2012
The Critical Role of Client Services
There are many teams that contribute to making TeleSign the global leader in phone-based authentication and verification services. I am proud to be a part of one of them – the Client Services team.
-
January 5, 2012
Password Pains
It’s pretty obvious that passwords have become ingrained in our online experience at virtually every level. For me, I have the same password for nearly everything. When I turn on my computer, when I check my email, even when I buy a new dress off of my favorite clothing site, I use this password. In the online world there is really no escaping using a password to protect your account. Yet, given the current hack attack climate of the Internet, how secure are passwords?
-
December 14, 2011
Inside the Mind of a Spammer
I’ve always thought of myself as hacker who chose to be a good guy and through the years I have become quite acquainted with spammers and hackers, their methodologies and their tricks. This morning when I received another pointless email for a free Marc Jacobs bag (which I would have really enjoyed) I decided it was time to revisit the methods behind those responsible for sending out these messages.
-
November 30, 2011
Convenience When You Want It, Security When You Need It
Everyone hates extra steps. Its no secret technology has made life easier: texting, multitasking, saved passwords. The last thing anyone wants to do is enter more than their username and password when logging into an account. Having said that, no one wants to have their accounts broken into. If you have ever had your email, twitter or bank account hijacked, you know what I am talking about. It’s a major invasion of privacy and can cause real damage to you and your friends “Hey Darren, I got your email, I just wired you $500- I hope you make it out of the UK okay.”
-
November 14, 2011
Ready for Black Friday and Cyber Monday?
2011 eCommerce holiday sales are projected to hit a record-breaking $36.5 billion. While this is a boom to online merchants, the holiday season presents some serious fraud challenges. These challenges include a startling increase in credit card fraud and chargebacks. This results in a crippling volume of orders pending a manual review. Merchants need to focus on developing practices that identify basic fraudsters and decrease the number of orders that are sent to the manual review team.
-
October 28, 2011
Hacked Accounts Offer Me iPads, Wealth, and Drugs
This morning I received an email informing me I had won an iPad. While a new iPad would be quite enjoyable, clearly this is just another ploy to make me click phishy link. Commtouch, an Internet Security company, recently published a report about the rise of spam and the current crisis of hacked accounts. “The State of Hacked Accounts” gives insights to why I receive daily offers for drugs I’ll never use, free products I actually want, and proposals from Ethiopia Princes who wish to share their fortune.
-
October 17, 2011
The Damages of Pre-Paid Phones
Last year, Senators John Cornyn and Chuck Schumer introduced a bill to require ID when purchasing a pre-paid phone. This came shortly after the failed Time Square bombing, which was planned entirely using pre-paid phones. “This proposal is overdue because for years, terrorists, drug kingpins and gang members have stayed one step ahead of the law by using prepaid phones that are hard to trace. We caught a break in catching the Times Square terrorist, but usually a prepaid cell phone is a dead end for law enforcement. There’s no reason why it should still be this easy for terror plotters to cover their tracks,” Schumer said.
-
September 30, 2011
99% Reduction in Credit Card Fraud and Chargebacks
In the past two years at TeleSign I have worked with many domain and hosting sites helping them reduce their online fraud. Recently I started working with Vincentas Grinius from Host1Plus.com. He contacted us looking for a better way to prevent credit card fraud and control the sign up process for new users on his site, Host1Plus.com. Host1Plus.com is a web hosting service and provides their clients with domain name registration services, SSL certifications, and hosting and business tools.
-
September 27, 2011
Customer Account Security
If you were to ask me about the trends that have emerged over the last six months I can tell you with hand on heart that nearly every prospect I have spoken to mentions their concern about customer account security. Generally speaking these are organizations that provide online account access to YOUR very confidential information. These accounts can be banking, pension, web mail, social media, gaming, and other web accounts.
-
September 27, 2011
Passwords That Say “Hack Me”
Ian Sherr of Dow Jones Newswires in San Francisco just published Beyond the Password in The Wall Street Journal. Sherr's article focuses on the vulnerabilities of passwords and the necessity of augmenting password protected accounts with two-factor authentication. I couldn't agree more with Sherr's assessment.
-
September 23, 2011
Fraud managers are used to clashing with different departments
I just got back from the Merchant Risk Council Fall Platinum Meeting in Chicago. It was an incredibly interesting event with fascinating speakers and content. One of the themes that kept arising in conversations with merchants is the intersection between security and privacy.
-
September 23, 2011
Not All Vendors are Created Equal
In my last blog post I shared the development of TeleSign from a real-time, mission-critical business need to reduce fraud on an eCommerce site. I mentioned that they began with SMS. As time went on and our customer base grew and diversified, an additional element became clear. To provide a complete solution, SMS is simply not enough.
-
September 21, 2011
Identity Insecurity
Identity management and the protection of one’s identity are critical on the internet and in the cloud, unfortunately even with new technology being developed in this area we still have a long way to go in making the user experience a better one
-
September 16, 2011
Born from Business Need
Not all services are created equal. In the phone messaging market, there is a broad spectrum of use cases, ranging from bulk marketing messages, peer-to-peer messaging and non-mission critical notifications - to mission critical security and authentication communications. Varying customer expectations across that broad range of use-case needs drive vendor priorities as it relates to cost vs. performance.
-
September 13, 2011
Salesforce Demos TeleSign’s Two-Factor Authentication
Last week I had the pleasure of attending Dreamforce in San Francisco, where Salesforce demoed TeleSign's Two-Factor Authentication. Demoed by Chuck Mortimore, Salesforce's Product Management Director for Security and Identity, two-factor authentication provides Salesforce users with higher levels of account security.
-
August 22, 2011
SMS Verification: It Has to Work
Our clients are Global Enterprises who have users in “all four corners” of the world. Deliverability and network reachability of our partners are crucial - We need to reach all end users who need a PIN Code to access their accounts anytime, anywhere. Today, we have coverage to 800+ networks in more than 200 countries. More importantly, our system is set up such that we have at least 4-5 different routes to reach a user wherever she/he is located. This allows us to mitigate the risk associated with a single point of failure (i.e. carrier’s network down). Although redundancy is a good and logical idea to adopt, it is not uncommon to come across vendors who only have one route into a market – a very, very risky proposition!!
-
August 9, 2011
PhoneID: an idea, a product, a patent
In 2005 we noticed that higher rates of fraud were associated with certain types of phone numbers: specifically prepaid mobiles phones and non-geographic VOIP phones. Additionally, we recognized that if we could prevent fraudsters from purchasing bulk VOIP numbers we could drive fraud rates even lower. Acknowledging the market need, we set about creating a product that could flag these risky types of phone numbers. Late in 2005 we successfully launched PhoneID. Early results were extremely promising, as we were flagging well in excess of 95% of non-geographic VoIP phone numbers. This means that websites can flag or exclude people from with risky phone types. Fast forward 6 years and the PhoneID product is a linchpin for many of our client’s fraud preventions strategies.
-
August 9, 2011
Blocking Fraud Globally
In addition to quality of service and price, global coverge is one of the biggest reasons clients choose TeleSign. About 60% of all transactions are international with a high concentration in Western Europe and emerging countries like Brazil and India. The heat map at the bottom of our website shows the volume at which we are fighting fraud globally, with high traffic volume in darker blue countries.
-
August 6, 2011
A Better Way to Block Fraud
TeleSign allows our customer to integrate our API into their authentication stream. The primary use case today for TeleSign is either allowing websites to verify users (e.g. take the users phone number and see if it actually belongs to them) or for one time passwords (OTP). When using our OTP technology the user almost doesn’t care anymore what their password is. Really the password is just a gate that causes an OTP to be sent to a user’s phone. When the user get their OTP then enters it into the site, the site then puts an encrypted cookie on the users machine for a certain period of time (usually 30 days) at which point the user is verified and then secured for that session and ones moving forward.
-
August 3, 2011
Memorability v. Security: The Problem with Password Reset Questions
This challenge to create the “perfect” password reset question can be solved by introducing telephone verification as the password reset mechanism. When a user forgets a password, they are sent a one-time code via voice or SMS to their pre-registered phone. Once the code is entered correctly online, they can create a new password.
