Cementing Security into Software

Size: px

Start display at page:

Download "Cementing Security into Software"

Darren Barker
5 years ago
Views:

1 Cementing Security into Software Raj Gopalakrishna, Vice President Engineering 09 November 2012

2 Innovative Security Solutions Real-time Analytics Cloud & SaaS Delivery Smartphones Multi-channel Banking Collaboration Advancements in Cryptography

X Consumers don t want special security gadgets.

3 Some things do not change User Convenience is still the fundamental driver for Internet, ATM, POS and Mobile services. X Consumers don t want special security gadgets. Consumers don t want 5 Banking passwords Consumer want single, strong credential. Consumers want convenience. X X

4 Still need protection from Phishing attacks The malware discovered within Operation High Roller is the first to work-around the smartcard/physical reader + PIN combination. Source: APWG

5 Always need a good balance Convenience Security Cost

6 Mobile Phones Convenient for Consumers

7 Mobile phones Mobile phones make great security devices for User Authentication for Transaction approvals for getting Transaction Alerts X Convenient for Consumers Cost effective for FIs Widely available

Advancements in Cryptography Protection of Crypto Keys in software is a hard

device ArcotID - PKI EMV CAP QR Codes Dr.

Since the invention of public key cryptography, people have been struggling

CA Arcot s innovative Cryptographic Camouflage* has solved this problem.

8 Advancements in Cryptography Protection of Crypto Keys in software is a hard problem CA Arcot made a break-through with Cryptographic Camouflage Algorithm. CA Software smartcard technology makes Mobile Phones and Laptops a security device ArcotID - PKI EMV CAP QR Codes Dr. Martin Hellman Professor Emeritus Stanford University Inventor of PKI NFC Since the invention of public key cryptography, people have been struggling to secure the private key without the assistance of hardware. CA Arcot s innovative Cryptographic Camouflage* has solved this problem. Finally there is a cost-effective and convenient means to strongly authenticate users and transactions over the internet without the need for cumbersome hardware. * patent 7,170,058 Virtual Private Session

9 ATM/POS Transactions : Card Skimming Fraud moved to CNP transactions EMV Chip & Pin did nothing for CNP transactions Cross-border fraud increased Magnetic Stripe still required on EMV chip cards. EMV chip needs coordinated world-wide adoption to be effective. Big countries like USA, China, India, Middle East have yet to migrate to EMV chip technology. EMV Chip & PIN solution

CloudPass protects the Debit PIN and ATM

10 CloudPass protects the Debit PIN and ATM PIN Anti-skimming solution **** Financial Industry Standard Challenge response mode Transaction Signing No change to ATM device No change to Card MasterCard EMV CAP and Visa EMV DPA compliant Technology

11 Consistent security for multiple channels Mobile/IVR Banking ebanking login Card Not Present 3D Secure Payment Card Present ATM/POS EMV DPA/CAP compliant software token Anti-phishing and antiskimming solution Secure edocument

12 Multi-Channel Banking Need consistent security across channels

Multiple Channels : Need layers of Security Strong

Transaction Verification of User, Device, Card,

Need good User Experience Need cost effective

Real Time Need consistent policy across multiple

Ensures transaction integrity Explicit approval for

13 Multiple Channels : Need layers of Security Strong Authentication (2FA) Risk & Fraud Monitoring Transaction Verification of User, Device, Card, edocument, Need protection across multiple channels Need good User Experience Need cost effective solutions Silently Monitor and Block transactions in Real Time Need consistent policy across multiple channels Need to leverage per channel attributes Ensures transaction integrity Explicit approval for transactions across multiple channels Protection from transaction replays and Man-in-the- Browser (MITB)

14 Real-time Analytics

15 Real-time, multi-channel Fraud Monitoring Internet Channel Online Commerce ebanking mbanking ecommerce mcommerce IVR Consistent security across channels Transparent to User/Consumer Need Multi-channel Monitoring Real-time monitoring Enterprise ATM/POS Portals IAM VPN

16 Cloud and SaaS Agility and Collaboration

Cloud and SaaS Fighting Organized Criminals requires Agility Fraud Management requires Agility 1 year to upgrade on-premise security software is 364

17 Cloud and SaaS Fighting Organized Criminals requires Agility Fraud Management requires Agility 1 year to upgrade on-premise security software is 364 days too late! Financial Institutions use CA AOK SaaS service for 3-D Secure, FRM and 2FA solutions. Security Solutions are best delivered via SaaS

18 Collaboration via Cloud Collaboration is very effective in fighting payment and banking frauds. M5 M1 Partner Financial Institutions across the globe share fraud data with Cloud service. Enables quick detection and stoppage of emerging fraud patterns. M10 M20 Fraud Prevention Network M50 M100 M90 0

19 Take Away Mobility, Cloud, Real-time Analytics, Collaboration and Cryptography have enabled innovative software-based security solutions CA provides Market Leading security solution to cement security into Software CA Arcot co-invented 3-D Secure with Visa. Today 3-D Secure is used by millions of cardholders. Good security no longer has to mean high cost or create a barrier to a good customer experience.