Posts

How to comply with PSD2 authentication without a headache

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


The European Union’s Payment Services Directive 2 (PSD2) regulation finally came into full force in most countries this year, putting the burden on companies to meet authentication requirements for payments. Regulations like these often come with additional security hoops consumers have to jump through. But it doesn’t have to be that way.

With the right strategy, companies can provide frictionless online experiences while remaining compliant with constantly changing regulations, including PSD2. Using passive behavioral biometrics, you can seamlessly verify that the right person is behind the device, meeting requirements without the need for additional authentication steps. Find that hard to believe? Well, read on.

How not to do PSD2: knowledge questions

While PSD2 has technically been on the books since September 2019, one rule didn’t actually go into effect until December 31, 2020: the requirement that payment service providers (PSPs) use Strong Customer Authentication (SCA). Using SCA means a payment must satisfy two of three authentication factors:

  1. Knowledge: Something the consumer knows (e.g., PIN or password)
  2. Possession: Something the consumer has (e.g., device or credit card)
  3. Inherence: Something the consumer inherently is (e.g., fingerprint or facial recognition)

To remain PSD2-compliant, many companies are using one-time passcodes (OTPs) to verify logins and payments. With OTPs, users receive a code on their device to ensure it’s in their possession — fulfilling the possession requirement for SCA. But that leaves one verification step unfulfilled. Most companies opt to have users fulfill the knowledge requirement by typing in a password. But this adds an extra step — and unnecessary friction — to the user experience.

The looming question: What will the second authentication factor be?

This is where passive behavioral biometrics comes into play by verifying user identity without the need for additional step-ups. Imagine you are logging in to your mobile banking app. When you enter the OTP code sent to your device, instead of having to manually verify your credentials a second time, there’s technology that can detect whether it’s you just by the way you…

Source…

Cisco Patches Critical Authentication Bug With Public Exploit – Threatpost

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360



Cisco Patches Critical Authentication Bug With Public Exploit  Threatpost

Source…

T-Mobile hack is every reason you need two-factor authentication. How and why to use it

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


T-Mobile has spent the last week doing damage control after the wireless carrier admitted it’d been hacked. Thus far, T-Mobile has discovered that 54 million customers have had their personal information, including names, addresses, birth dates, and social security numbers accessed. 



The T-Mobile hack is exactly why you should use two-factor authentication. You can never be too careful with your online accounts. Sarah Tew/CNET


© Provided by CNET
The T-Mobile hack is exactly why you should use two-factor authentication. You can never be too careful with your online accounts. Sarah Tew/CNET



The T-Mobile hack is exactly why you should use two-factor authentication. You can never be too careful with your online accounts. 


© Sarah Tew/CNET

The T-Mobile hack is exactly why you should use two-factor authentication. You can never be too careful with your online accounts. 


Whenever breaches like this happen, it’s common to wonder what more you can do to help protect your personal information from any scenario that could expose your sensitive information to hacking and fraud. The answer is: A lot. Start by creating and using complex passwords stored in a password manager, and then enable two-factor authentication for every account you have that supports boosting the security of your account. You should also check to see if your account passwords are already on the dark web, and then change them; again, using a password manager. 

Two-factor authentication may sound technical, but it’s more time-consuming to set up than anything. Below I’ll explain what two-factor authentication is and how it works, offer some best practices, and provide a shortlist of popular websites that support your accounts’ added layer of security. Trust me, it’s worth it. 

T-Mobile data breach: What you need to know

UP NEXT

UP NEXT

What is two-factor authentication?

Two-factor authentication (also sometimes written as 2FA) is also commonly referred to as two-step verification or multi-factor verification. For simplicity’s sake, I’m going to refer to it as 2FA or two-factor authentication for the duration of this post. 

Loading...

Load Error

Think of two-factor authentication as an extra layer of security for your online accounts. If you’re not using 2FA on an account, your login process involves entering your username and password, and that’s it….

Source…

Effectively closing entry gates for hackers: How strong authentication protects against ransomware

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Ransomware is a problem that is here to stay and that will in time become an even bigger issue – that is a fact that is clear to everyone involved in IT security. According to the international study “The State of Ransomware”, more than half of all organizations have experienced a ransomware cyberattack in 2020. Once hit, giving in to criminal demands or restoring the system wholesale is an expensive strategy, if it can be deemed a strategy at all. True risk mitigation should first ask what the main attack vectors exploited by this type of malware actually are. This is the only solution that not only staves off the problem of ransomware, but ideally minimizes the risk permanently. 

The three main attack vectors of ransomware  

Attack vector number 1 – the technology: As in many other attack scenarios, hackers exploit vulnerabilities and backdoors of infrastructure for their ransomware attacks in order to smuggle malware into a system. Infrastructure is especially vulnerable when it is based on unpatched systems. For example, the well-known Wannacry ransomware – which gained notoriety by taking out entire universities and hospitals – directly targets computers running outdated versions of Microsoft Windows. It exploits a known programming flaw in the SMB implementation to create crashes and persistent bluescreens (hence the name “Eternal-Blue”), spying on computers and locking users out of systems. The Wannacry ransomware attack shows just how virulent the problem of unpatched computers is. The attack spread to 150 countries and infected more than 230,000 computers. 

Source…