Blog
-
May 10, 2012
2FA and What it Means for Businesses
Fraud caused by the compromise of trusted accounts was the hot topic at both the Merchant Risk Council European Congress last week in Dublin and the event in Las Vegas in March. eCommerce Merchants are starting to see types of fraud that have plagued financial services, enterprise, and Cloud for years.
-
May 1, 2012
May is User Authentication Awareness Month
Authentication Awareness Month was created to inform customers and businesses about the benefits of turning on two-factor authentication. Two-factor authentication can prevent user accounts from being hijacked and act as a real-time alert for users whose username and passwords have already been compromised.
-
April 30, 2012
Securing the Convenience of the Cloud
The Cloud market size continues to grow from its current level of $10-25B with expected double-digit compounded growth over the next couple years. In fact, Gartner estimates the cloud market to be $150B by 2013. However, there is one major concern holding CIOs and CTOs from adopting the Cloud. Security.
-
April 20, 2012
Achieving CJIS Compliance in a Timely, Cost-Effective Manner
There's been a lot of buzz lately around agencies becoming CJIS compliant. Before explaining how companies can achieve this, let me give a brief background of what the CJIS division does and why they are requiring this policy.
-
April 18, 2012
Phishing 101
Phishing, the sport of tricking Internet users into clicking through to what looks like a legitimate link, is becoming more personalized and harder to detect. Instead of sending mass emails, fraudsters are posing as companies of which you are actually a customer. This can make it much harder to distinguish phishing emails from legitimate emails.
-
April 12, 2012
Hackerproof Passwords
I’ve been getting a lot of questions lately about creating hackerproof passwords. While I don’t think any method is 100% secure, here are some password tips to prevent an account from being hacked:
-
March 30, 2012
Phone Verification: A Critical Fraud Prevention Tool
TeleSign Phone Verification is fast becoming a critical piece of fraud prevention strategies and increasingly helping organizations automate the manual review process. Interestingly, based on CyberSource’s recent 2012 Online Fraud Report, it was estimated that $3.4 Billion were lost to online fraud in 2011 alone and merchants were rejecting an average of 2.8% of their orders.
-
March 26, 2012
Stupid Password Reset Procedures
I couldn't agree more with Rik Ferguson and Davey Winder - the password reset process is stupid. Worse than being stupid, it is often the loophole in good account security. We recently demoed how easy it is to guess or search for the answer to someone's password reset question at RSA. Players were given a series of typical password reset questions and access to a standard social profile page. We didn't even think to ask something as simple as birthday but I can tell you we should have brought more gift cards and prizes because just about everyone could guess or search the answers with about a 90% hit rate.
-
March 20, 2012
A Convenient Checkout
Shopping online can be quick and painless, but it can also be tedious and frustrating. If I feel that I'm getting the "third degree" before I buy something, I'm going to bail out and go somewhere else.
-
March 6, 2012
My Week at RSA 2012
This year at RSA the TeleSign team was introduced to a lot of new faces. The show floor was packed with different security vendors educating the audience on the newest trends and threats facing the cyberworld. Being able to attend RSA is always enjoyable and makes me come home thinking about new innovations for TeleSign. One interesting person I got to meet was Dr. Zen Kishimimoto, check out my live chat with Dr. Kishimimoto about TeleSign's global delivery of verification messages.
-
February 21, 2012
TeleSign Introduces REST APIs
One of the things TeleSign is working on in Q1 is making our APIs available via a REST interface. Today all of our customers access our APIs via SOAP and we’ve definitely heard that folks want us to provide our APIs in an alternative form since almost all Web Services today use REST.
-
February 17, 2012
Expanding the TeleSign Team
I am extremely excited to announce that TeleSign plans to grow tremendously in 2012! Our team is expanding at a rapid pace and we plan on doubling in size by 2013. Our current open career opportunities are spread across the board and include a Headquarters Sales Director, a Senior Software Engineer, several QA Engineer roles, Business Development Associate, and a Telco Analyst.
-
February 10, 2012
Protect Customers from Online Fraud without Losing Orders and Profit Margins
"Forewarned is forearmed, says the old adage, and that's certainly the case for solution providers specializing in the area of Internet security. Fixing a breach and dealing with its consequences is costly and time consuming. Brenna Lenoir, marketing manager of TeleSign Corp., discusses intelligent authentication with your phone." — Jennifer Bosavage | CRN Magazine
-
January 19, 2012
Bypassing the Mess of Manual Review
When I started at MaxMind six months ago, I took it upon myself to engage with practically every operational task at our office in Waltham, MA so that I could better understand the company’s moving parts. Eventually, I began assisting with the manual review credit of card transactions placed through our website. (We manually review orders that aren’t clear — accepts or rejects in order not to lose valuable sales.)
-
January 12, 2012
The Critical Role of Client Services
There are many teams that contribute to making TeleSign the global leader in phone-based authentication and verification services. I am proud to be a part of one of them – the Client Services team.
-
January 5, 2012
Password Pains
It’s pretty obvious that passwords have become ingrained in our online experience at virtually every level. For me, I have the same password for nearly everything. When I turn on my computer, when I check my email, even when I buy a new dress off of my favorite clothing site, I use this password. In the online world there is really no escaping using a password to protect your account. Yet, given the current hack attack climate of the Internet, how secure are passwords?
-
December 14, 2011
Inside the Mind of a Spammer
I’ve always thought of myself as hacker who chose to be a good guy and through the years I have become quite acquainted with spammers and hackers, their methodologies and their tricks. This morning when I received another pointless email for a free Marc Jacobs bag (which I would have really enjoyed) I decided it was time to revisit the methods behind those responsible for sending out these messages.
-
November 30, 2011
Convenience When You Want It, Security When You Need It
Everyone hates extra steps. Its no secret technology has made life easier: texting, multitasking, saved passwords. The last thing anyone wants to do is enter more than their username and password when logging into an account. Having said that, no one wants to have their accounts broken into. If you have ever had your email, twitter or bank account hijacked, you know what I am talking about. It’s a major invasion of privacy and can cause real damage to you and your friends “Hey Darren, I got your email, I just wired you $500- I hope you make it out of the UK okay.”
-
November 14, 2011
Ready for Black Friday and Cyber Monday?
2011 eCommerce holiday sales are projected to hit a record-breaking $36.5 billion. While this is a boom to online merchants, the holiday season presents some serious fraud challenges. These challenges include a startling increase in credit card fraud and chargebacks. This results in a crippling volume of orders pending a manual review. Merchants need to focus on developing practices that identify basic fraudsters and decrease the number of orders that are sent to the manual review team.
-
October 28, 2011
Hacked Accounts Offer Me iPads, Wealth, and Drugs
This morning I received an email informing me I had won an iPad. While a new iPad would be quite enjoyable, clearly this is just another ploy to make me click phishy link. Commtouch, an Internet Security company, recently published a report about the rise of spam and the current crisis of hacked accounts. “The State of Hacked Accounts” gives insights to why I receive daily offers for drugs I’ll never use, free products I actually want, and proposals from Ethiopia Princes who wish to share their fortune.
-
October 17, 2011
The Damages of Pre-Paid Phones
Last year, Senators John Cornyn and Chuck Schumer introduced a bill to require ID when purchasing a pre-paid phone. This came shortly after the failed Time Square bombing, which was planned entirely using pre-paid phones. “This proposal is overdue because for years, terrorists, drug kingpins and gang members have stayed one step ahead of the law by using prepaid phones that are hard to trace. We caught a break in catching the Times Square terrorist, but usually a prepaid cell phone is a dead end for law enforcement. There’s no reason why it should still be this easy for terror plotters to cover their tracks,” Schumer said.
-
September 30, 2011
99% Reduction in Credit Card Fraud and Chargebacks
In the past two years at TeleSign I have worked with many domain and hosting sites helping them reduce their online fraud. Recently I started working with Vincentas Grinius from Host1Plus.com. He contacted us looking for a better way to prevent credit card fraud and control the sign up process for new users on his site, Host1Plus.com. Host1Plus.com is a web hosting service and provides their clients with domain name registration services, SSL certifications, and hosting and business tools.
-
September 27, 2011
Customer Account Security
If you were to ask me about the trends that have emerged over the last six months I can tell you with hand on heart that nearly every prospect I have spoken to mentions their concern about customer account security. Generally speaking these are organizations that provide online account access to YOUR very confidential information. These accounts can be banking, pension, web mail, social media, gaming, and other web accounts.
-
September 27, 2011
Passwords That Say “Hack Me”
Ian Sherr of Dow Jones Newswires in San Francisco just published Beyond the Password in The Wall Street Journal. Sherr's article focuses on the vulnerabilities of passwords and the necessity of augmenting password protected accounts with two-factor authentication. I couldn't agree more with Sherr's assessment.
-
September 23, 2011
Fraud managers are used to clashing with different departments
I just got back from the Merchant Risk Council Fall Platinum Meeting in Chicago. It was an incredibly interesting event with fascinating speakers and content. One of the themes that kept arising in conversations with merchants is the intersection between security and privacy.
-
September 23, 2011
Not All Vendors are Created Equal
In my last blog post I shared the development of TeleSign from a real-time, mission-critical business need to reduce fraud on an eCommerce site. I mentioned that they began with SMS. As time went on and our customer base grew and diversified, an additional element became clear. To provide a complete solution, SMS is simply not enough.
-
September 21, 2011
Identity Insecurity
Identity management and the protection of one’s identity are critical on the internet and in the cloud, unfortunately even with new technology being developed in this area we still have a long way to go in making the user experience a better one
-
September 16, 2011
Born from Business Need
Not all services are created equal. In the phone messaging market, there is a broad spectrum of use cases, ranging from bulk marketing messages, peer-to-peer messaging and non-mission critical notifications - to mission critical security and authentication communications. Varying customer expectations across that broad range of use-case needs drive vendor priorities as it relates to cost vs. performance.
-
September 13, 2011
Salesforce Demos TeleSign’s Two-Factor Authentication
Last week I had the pleasure of attending Dreamforce in San Francisco, where Salesforce demoed TeleSign's Two-Factor Authentication. Demoed by Chuck Mortimore, Salesforce's Product Management Director for Security and Identity, two-factor authentication provides Salesforce users with higher levels of account security.
-
August 22, 2011
SMS Verification: It Has to Work
Our clients are Global Enterprises who have users in “all four corners” of the world. Deliverability and network reachability of our partners are crucial - We need to reach all end users who need a PIN Code to access their accounts anytime, anywhere. Today, we have coverage to 800+ networks in more than 200 countries. More importantly, our system is set up such that we have at least 4-5 different routes to reach a user wherever she/he is located. This allows us to mitigate the risk associated with a single point of failure (i.e. carrier’s network down). Although redundancy is a good and logical idea to adopt, it is not uncommon to come across vendors who only have one route into a market – a very, very risky proposition!!
-
August 9, 2011
PhoneID: an idea, a product, a patent
In 2005 we noticed that higher rates of fraud were associated with certain types of phone numbers: specifically prepaid mobiles phones and non-geographic VOIP phones. Additionally, we recognized that if we could prevent fraudsters from purchasing bulk VOIP numbers we could drive fraud rates even lower. Acknowledging the market need, we set about creating a product that could flag these risky types of phone numbers. Late in 2005 we successfully launched PhoneID. Early results were extremely promising, as we were flagging well in excess of 95% of non-geographic VoIP phone numbers. This means that websites can flag or exclude people from with risky phone types. Fast forward 6 years and the PhoneID product is a linchpin for many of our client’s fraud preventions strategies.
-
August 9, 2011
Blocking Fraud Globally
In addition to quality of service and price, global coverge is one of the biggest reasons clients choose TeleSign. About 60% of all transactions are international with a high concentration in Western Europe and emerging countries like Brazil and India. The heat map at the bottom of our website shows the volume at which we are fighting fraud globally, with high traffic volume in darker blue countries.
-
August 6, 2011
A Better Way to Block Fraud
TeleSign allows our customer to integrate our API into their authentication stream. The primary use case today for TeleSign is either allowing websites to verify users (e.g. take the users phone number and see if it actually belongs to them) or for one time passwords (OTP). When using our OTP technology the user almost doesn’t care anymore what their password is. Really the password is just a gate that causes an OTP to be sent to a user’s phone. When the user get their OTP then enters it into the site, the site then puts an encrypted cookie on the users machine for a certain period of time (usually 30 days) at which point the user is verified and then secured for that session and ones moving forward.
-
August 3, 2011
Memorability v. Security: The Problem with Password Reset Questions
This challenge to create the “perfect” password reset question can be solved by introducing telephone verification as the password reset mechanism. When a user forgets a password, they are sent a one-time code via voice or SMS to their pre-registered phone. Once the code is entered correctly online, they can create a new password.
