Implementing improved user security for Stock broking firms - PowerPoint PPT Presentation

About This Presentation
Title:

Implementing improved user security for Stock broking firms

Description:

AuthShield is the only Multi-Factor Authentication solution available in the world today that can provide you seamless Authentication security across all trading technology platform used by brokers and stock exchanges across the globe. – PowerPoint PPT presentation

Number of Views:49

less

Transcript and Presenter's Notes

Title: Implementing improved user security for Stock broking firms


1
Implementing improved user security for Stock
broking firms A CTO STANDPOINT
CERTIFIED
WHITEPAPER
AuthShield Labs Pvt. Ltd. contact_at_auth-shield.com
91.11.470.65.866
2
Overview
Evolving consumer habits Online trading The
Internet Revolution has changed the way, trading
takes place today. All over the world, online
transactions are moving beyond the nascent stage.
Increased Internet penetration and the very
convenience of the process attract more and more
people to resort to online transactions.   In
modern day stock exchanges today there is a large
amount of technology in place that allows
customers to access their demat accounts from
virtually any location in the world at any time
of the day. This remote accessibility over great
distances is a great asset that allows customers
to buy, sell or transfer shares, equities etc in
a quick and easy manner.   Though exciting, the
potential of online trading is fraught with
challenges. With the onset of the Internet
Revolution, the scams that were till to date
conducted by mail, phone and wire transfer can
now be found on the World Wide Web and in email,
with new cyber scams emerging almost on a daily
basis. A recent survey across ten major cities
in the world indicates that ninety one percent
of internet users have experienced some case of
cyber fraud, such as phishing, key logging,
identity theft and account takeover.


3
Overview
"The chances of a criminal getting arrested and
convicted for identity theft-related fraud are
much less than a half of 1 percent" Recognizing
the importance of safeguarding Investors money,
legitimate brokerage firms should take steps to
ensure that their transactions are secure.
However, online brokerages and the investors who
use them are appealing targets for attackers. The
amount of financial information in a brokerage's
database makes it valuable this information can
be traded or sold for personal profit. Also,
because money is regularly transferred through
these accounts, malicious activity may not be
noticed immediately. To gain access to these
databases, attackers may use Trojan horses or
other types of malicious code Attackers may also
attempt to collect financial information by
targeting the current or potential investors
directly. These attempts may take the form of
social engineering or phishing attacks. With
methods that include setting up fraudulent
investment opportunities or redirecting users to
malicious sites that appear to be legitimate,
attackers try to convince investors to provide
them with financial information that they can
then use or sell.   With the advancement of
computer technology and the connectivity afforded
by the Internet, it is increasingly easy for
criminals, either independently or in organized
gangs, to manipulate holding accounts in order to
commit fraud against exchange or to deceive
innocent victims.   The adverse impacts of
financial fraud, not only on individuals and the
commercial sector but even on national economic
and security systems, are increasing rapidly
worldwide. Left unchecked, financial frauds using
the Internet or Internet driven
4
Overview
technologies could lead to the financial ruin of
people and commercial enterprises as well as
seriously damage multiple economies. 78 of
all information security breaches are conducted
by internal employees

CERT In statistics.
Information security within the
organization Most businesses can no longer
afford to ignore the threat from within. However,
the IT infrastructure of most Sri Lankan and
multinational organizations are yet to address
the full complexity of internal threats. Unlike
external information threats to an organization,
internal information breaches are
multidimensional. The threats may range from
misuse of official email, information for insider
trading or inserting backdoors into critical
applications. More importantly, these threats
come from the most trustworthy of sources
companys internal employees. These actions may/
may not be deliberate but they do take place.
5
Problem Area
1
ONLINE BUYING VIA LINKED BANK ACCOUNTS
The rise of online banking, trading and
electronic money transfers have brought with it a
new breed of criminals, malware, and online
financial scams. Fraudsters have developed
elaborate cross-account, cross-channel, and
cross-institution schemes to transfer shares from
compromised online accounts to controlled
accounts. The shares / equities are then sold
disappear with the money before the illegal
transfer is discovered.
2
IDENTITY THEFTSPHISHING
One Hack attack at a Bank / Online Portal /
store/ BPO /online trading etc can lead to a loss
of thousands of Identities in one step With the
tremendous growth of the Internet in the world,
more and more people are vulnerable to phishing
and Trojan attacks. The growth of E-commerce and
the growing lifestyle changes, presents a unique
challenge for exchanges as increasingly more
people are logging on for buying, selling or
maintaining their portfolio.
3
INTERNAL FRAUDS
A lot of incidents involving internal breaches
are simply not reported, simply because the
institutions reputation is at stake. Most of
the cases that come to light involve a third
party which handles transactions or data
processing (financial BPOs). However studies
indicate that Internal Bank Fraud Accounts for
60 of Cases Involving a Data Breach or Theft of
Funds.
6
AFTER EFFECTS Of Online trading fraud
  • As a merchant/Broking Firm, being a victim of
    fraud can have a range of effects on your
    business. These effects include
  • Immediate financial loss due to stolen
    stock/earnings
  • Damaged reputation
  • Loss of customer trust
  • Loss of investor confidence
  • Lowered sales
  • Extra costs of time/money to manage each fraud
    incident
  • Lowered staff morale
  • Possible legal costs
  • Lowered value of your stock/services
  • Additional bank fees for transaction reversal
  • Potential problems retaining your merchant's
    bank account after too many reversed transactions
  • Single factor authentication and Vulnerability
  • A major facilitating factor for all most of these
    attacks is the single factor authentication in
    vogue today (using just a password and user
    name).
  • It becomes quite easy for an individual to
    capture user names and passwords of other
    individuals using the same IT infrastructure.
    There are multiple techniques like Sniffing,
    installing Keylogger, MIM (Man in Middle attacks)
    or zombie attacks for the same.
  • In such a scenario multifactor authentication
    offers a much safer approach. It is a fool proof
    way to authenticate and verify the identity of
    the person or any other entity requesting access
    under security constraints.

7
Preventing Financial Fraud
  • Prevention is always better than cure. It is
    truer for exchanges, keeping in mind the changing
    commercial climate. Financial fraud can occur in
    multiple forms and shapes. The time of physically
    cracking into a safe, conducting a bank robbery
    or carrying out an act of dacoit etc is passé.
    Today the theft is conducted on the net with no
    physical threats and with less cost to the
    perpetrator of the crime. The only challenge that
    remains is to cover ones tracks and considering
    the massive flow of information on the net almost
    on a daily basis, it is not much difficult
    either.
  • Multifactor Authentication Why do you need it ?
  • The best way to beat a thief is to think like
    one
  •  
  • Phishers try to obtain personal information such
    as your password or PIN-code by pretending to be
    a legitimate entity. Using Phishing, static
    passwords can be easily hacked providing
    fraudsters easy access your demat accounts and
    other confidential information.  
  • The current technology used by a lot of
    organizations today has a static password, which
    again is risky if a fraudster is able to lay
    hands on someones password. There is a need to
    bring dynamic passwords in picture, because
    static password ceases to be secure once stolen.
  •  
  • Multifactor Authentication maps the physical
    identity of the user to the server and increases
    the security of financial and other critical
    systems. It helps the merchant firm to Know
    their customer.
  •  
  • Integrating Stronger User Authentication system
    not only helps prevent Online Credit Card fraud,
    Card Cloning, Identity theft but also helps in
    the capture of habitual cyber criminals.
  • MFID authenticates and verifies the user based on
  • something only the user has (mobile phone/ land
    line/ hard token)
  • something only the user knows (user id and
    password)

8
  • AUTHSHIELD
  • ONLINE TRADING SECURITY SOLUTIONS
  • AuthShield is the only Multi-Factor
    Authentication solution available in the world
    today that can provide you seamless
    Authentication security across all trading
    technology platform used by brokers and stock
    exchanges across the globe.
  • AUTHSHIELD PROCESS
  • MF-ID follows a centralized architecture where
    all IT systems can be integrated centrally.
    Distributed IT systems can have their own
    controlling architecture
  • The user logs into the LAN/VPN/Web Application
    / Database server etc and provides his
    credentials
  • Based on users credentials, a
    One-Time-Password is generated and sent to the
    users mobile number. The user meanwhile is taken
    to the OTP authentication application (integrated
    with the AAA server). Once the users identity is
    verified, the user is then provided access to the
    application
  • All logs are stored in a secured database
    (completely encrypted) for future analysis.
  • ADVANTAGES OF AUTHSHIELD MULTI FACTOR ID
  • For Users
  • Using INNEFUs two factor authentication can
    help prevent-
  • Online fraudulent equity transfers
Write a Comment
User Comments (0)
About PowerShow.com