Tag Archive for: identity

Africa: Why Digital Identity Verification is on the rise

/in


In Africa, there are a plethora of banking prospects. The area is a “sleeping giant” when it comes to having access to conventional bank accounts, online banking, and reasonably priced financial services. Identity Verification APIs are now providing resolutions to the finance sector with their old customer onboarding woes in Africa.

The World Bank estimates that 57% of Africans still don’t have a bank account of any type, including a mobile money account. According to a recent analysis by BPC and Fincog, this amounts to around 360 million adults in the area and 17% of the world’s unbanked population lacking access to formal financial services.

Many Africans lack official identification cards, making it difficult for people to access banking, education, and healthcare services. This can make it difficult for governments and companies to confirm the identities of their residents and clients.

Only 15 African countries have finished their national cybersecurity strategies for threat monitoring and response, according to a study from the Africa Centre for Strategic Studies, according to South Africa’s Financial Sector Conduct Authority (FSCA), which notes that most of Africa’s banking regulations for digital services are slow to evolve.

Aggressive digital expansion in the Finance Sector

The competitive tech landscape that has contributed to a leapfrogging effect by avoiding conventional channels like landlines and going straight to mobile phones has contributed to the growth of Africa’s technology industry. Over time, this development has made the area an essential market for corporate growth and has sped up the adoption of eBanking and mobile money payment systems.

The high rates of fraud and cyber risks, as well as the dearth of cutting-edge identity verification methods to effectively combat fraudsters, are important obstacles restricting potential in the region.

How Identity Verification helps delivering Financial Services across the continent

Identity verification solutions can help with this problem, bringing huge companies to the area who have been put off by the region’s high levels of fraud and inability to adequately authenticate their clients.

identity-verification-api-cta

Due to the…

Source…

Identity Attack Watch: November 2022

/in


Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD to introduce or propagate malware.

This month, the Semperis Research Team highlights Ukraine ransomware attacks linked to the Russian Sandworm group, LockBit group attacks on Virginia county and German automotive group Continental, and Vice Society strikes on Cincinnati College, one in a string of the group’s attacks on educational institutions.

Ukraine ransomware attacks linked to Russian Sandworm group

Recent attacks on Ukraine have been linked to Russian cybercriminal group Sandworm, which uses RansomBoggs—.NET ransomware distributed from domain controllers—to encrypt files. The Sandworm group, which has been active since the 1990s, is suspected of developing the NotPetya ransomware that targeted Maersk shipping company, among other organizations, in 2017.

Read more

LockBit gang claims attacks on Virginia county and Continental automotive group

Ransomware group LockBit 3.0 claimed responsibility for cyberattacks on Southampton County, Virginia, that compromised personal data, including driver’s license numbers and Social Security numbers. LockBit also claimed an attack on German automotive group Continental.

Read more

Vice Society group claims Cincinnati College attack

Vice Society ransomware group claimed responsibility for a ransomware attack on Cincinnati College that took down the college’s on-campus networks, including email, internet access, and classroom computers. Vice Society, which has targeted educational institutions from K-12 to universities, uses ransomware including BlackCat to compromise Active Directory and gain control of the victim organization’s network environment.

Read more

Black Basta ransomware group targets Canadian food retailer Sobeys

Canadian food retail giant Sobeys suffered a ransomware attack claimed by the Black Basta ransomware group that caused company-wide IT problems. Although stores remained…

Source…

Federal Identity Cards Must Adapt to Changing Security Environments

/in


PIV Cards Are Compatible with Cloud-Based Web Applications

Federal IT managers who have been thinking about zero trust and how it relates to existing FICAM compliant authentication systems need to know about advances in the commercial space that may affect them.

Let’s take a few seconds to review how PIV cards work. PIV cards contain digital certificates and, more important, private keys assigned to each user.

The digital certificate, issued by some certification authority (CA) within the federal PKI tree, describes the user’s identity. The private key is used with public/private cryptography to prove that the user is in control of the PIV card and has it at the moment of authentication.

This certificate-based authentication is widely supported in most enterprise web applications, desktop and laptop operating systems, and VPN applications.

As any PIV user knows, this method of authentication is extremely resistant to credential theft, which makes it very secure.

The main issue with PIV-based authentication is that it is based on a walled garden within the federal PKI tree. This makes enrollment in PIV a cumbersome and time- consuming process, and one which is not friendly to contractors or other third parties.

PIV cards have other limitations that affect both usability and security. They are poorly supported on mobile devices, require some additional reader hardware, and the physical user must be present.

EXPLORE: How agencies are implementing zero trust and modernization.

FIDO2: If PIV Had Been Invented 20 Years Later

While PIV is dominant in the federal private infrastructure, cloud and enterprise application vendors are exploring new ways to combine the passwordless security of certificate-based authentication with other enrollment models.

The FIDO2 standards, coordinated by the Fast Identity Online (FIDO) Alliance, and their interoperability with , coordinated by the World Wide Web Consortium, are the most important new technologies to know about.

The FIDO Alliance made a big splash earlier this year when Microsoft, Apple and Google, along with the Cybersecurity and Infrastructure Security Agency, announced their commitment to pushing FIDO2 into desktop and mobile…

Source…

International Identity Day: The need for Inclusion by Design

/in


September 16 is International Identity Day – a commemoration of the UN Sustainable Development Goal 16.9 which calls for the provision of legal identity for all by 2030.

On this day, you will see many corporations calling out their progress in Diversity, Equity, and Inclusion (DEI). These include their DEI mission statement, the number of Employee Resource Groups they have, the increase in diversity percentages they are aiming for in the near future and other such commitment metrics. Entrust could easily highlight all these initiatives as well. But while these efforts are extremely important, should be tracked, measured, and improved upon and is somewhat linked to the notion of “identity” – is that really the most important aspect of this day?

DevOps Experience 2022

Around the world, according to McKinsey & Company, nearly one billion people have no form of legal ID. That means they have no birth certificate, driver’s license, National ID, or passport – no legal way to interact with their own government for services or aid. Without legal identification, millions are potentially denied access to education, financial services, health care, the recognized labor market, or even the ability to secure property. Nearly 1 in every 8 people do not legally exist in today’s world.

The Role of Government

Governments, the issuers of identity documents, have a large role to play to resolve this global inequality. Accessibility for all government services requires that one be recognized and validated as a citizen – which is not as easy as it might seem. Geographic expanse, differences in socio-economic rates within the population, aging infrastructure, lack of resources, political impacts and competing budgetary priorities can all pose a hinderance to any identity issuance initiative for a government. Multiple forms of identity for every citizen can be very complicated to manage as well.

Recently governments have been looking towards digital identity to help solve some of these challenging issues. A number of countries that have either implemented digital identity systems or are working towards that goal including EstoniaGermany, the U.K., Canada, Australia, the EU, and many more.

Compared…

Source…