SecureDrives offers new GateKeeper Proximity passwordless authentication

SecureDrives has launched the latest version of the GateKeeper Proximity passwordless authentication solution, which uses a wireless key to help companies automate password management and lock PCs when unattended.

This new launch extends SecureDrives’ partnership with product developer Untethered Labs, and enables organisations in the UK, mainland Europe and the US to benefit from a range of new features which increase ease of use while maintaining the highest levels of security.

Demand for passwordless authentication is growing rapidly. According to Microsoft, more than 150 million people use passwordless authentication every month, and analysts Gartner predict that by 2022 60% of large and global enterprises and 90% of midsize enterprises will implement passwordless methods in more than 50% of use cases.

The updated GateKeeper Enterprise platform, available in both cloud and on-premise versions, adds three key features:

• a desktop password manager/vault which allows users to save passwords for all their desktop applications in their GateKeeper profile. This speeds up access to applications such as VPN clients, electronic health records etc. while maintaining security.
• a backup login method which enables users to log in securely even if they do not have their GateKeeper token with them. Users scan a QR code using Google Authenticator or a similar app and use it to generate a One Time Passcode (OTP) on their phone. They can then log in to their computer using their email address and the OTP code.
• the ability for users to share passwords from their GateKeeper profile to other users registered on the GateKeeper enterprise system, reducing the need to make passwords public by insecurely writing them on paper.

GateKeeper includes continuous two-factor authentication and uses AES256 encryption. It is compatible with both Windows and Mac and integrates with Active Directory. For enterprises or multiple installations of 5 to 5,000 workstations, GateKeeper is provided as a subscription service, with price dependent on features and number of users. It is also available as a single-user version.

“What makes GateKeeper so attractive is that it’s designed to provide security based on how people actually work, such as leaving their desk without logging out, and sharing computers in sectors such as healthcare and manufacturing,” explains SecureDrives CEO Paul Norbury. “These new features will save users even more time and further improve their security. No-one can possibly remember all their passwords – a survey by Accenture found that in healthcare, an astounding 21% of employees write down their usernames and passwords on paper – so this is the ideal solution for the way we work today.”

CEO of Untethered Labs, Dr Sid Potbhare, shares his experience with clients preferring stronger security measures: “A study by Google and several universities testing 2FA methods against automated bots and bulk phishing attacks found that only hardware tokens were 100% effective against these attacks. So, if you’re looking for security, hardware tokens are the way to go. If you misplace your token, admins can disable them instantly. Passwords are not stored on the key itself.”

GateKeeper is already used at hospitals, law enforcement agencies, and offices of all kinds, saving users both time and money. At Iron Country Medical Center, for example, each department of 20 people is gaining 75 to 95 minutes every day by using continuous proximity login and logout.

Digital Identity Expert Steve Pannifer Joins EEMA Board of Management

EEMA has announced the appointment of Steve Pannifer  – Chief Operations Officer at Consult Hyperion – to  its Board of Management. A well-respected expert in the field of digital identity, he has worked on leading initiatives for card schemes, banks and governments around the world.

Steve Pannifer joined Consult Hyperion in 1999, a company that is highly regarded for its expertise in the areas of digital identity, payments and smart ticketing. “Through my work at Consult Hyperion I am fortunate to be involved in many interesting developments around the world, especially in identity and payments,” comments Pannifer. “My hope is that this will enable me to bring ideas and connections that will help to shape and guide EEMA’s future activities.”

Pannifer has been part of the EEMA community for many years, including collaborating on the Horizon 2020 project, FutureTrust, as an advisory board member. Recently, he has chaired panel sessions with ENISA and EEMA Board of Management members – Kim Cameron and Dave Birch – during the EEMA Annual Conference in June 2020, and EEMA’s ISSE 2020 webinar ‘The European Single Identity System’ in November 2020.

He adds: “EEMA presents a fantastic way to connect into the many digital identity and related developments across Europe and beyond. The combination of conferences, fireside sessions and projects is unique. As well as meeting people EEMA offers the chance to work with those people on forward looking projects.”

Chair of EEMA, Jon Shamah, comments on the appointment: “I am delighted to welcome Steve to the EEMA Board of Management. He is very well respected in the field of digital identity and has long been a generous contributor to our community, sharing his wealth of experience and expertise.”

Steve  joins EEMA’s strong Board, whose members are world class experts in their fields and together form a strong, knowledgeable and vibrant body. The EEMA Board of Management are:

• Kim Cameron, Contributor and Advisor on Digital Identity
• Jon Shamah, EJ Consultants
• Rick Chandler, Advanced Office Systems
• Lorraine Spector, LS Consultants
• Dave Birch, Global Author and Advisor on Digital Financial Services
• Ronny Bjones, Microsoft
• Robert Garskamp, IDentity.Next
• Steve Glagow, DeveloperProgram.Com
• Alessandro Guarino, StAG
• Hugo Kerschot, IS-practice
• Arkadiy Kremer, RANS
• Arthur Leijtens, FLIGHTMAP.com
• Herbert Leitold, A-SIT
• Ulf Linnarsson, Volvo Group
• Prof Bart Preneel, KU Leuven
• John Erik Setsaas, Signicat AS
• Dr George Sharkov, European Software Institute
• Hans Graux, Timelex
• Steve Pannifer, Consult Hyperion

NEWS: As Businesses Reopen Physical Locations, New TransUnion Research Shows Fraudsters Decrease Online Schemes Against Companies

TransUnion’s latest quarterly analysis of global online fraud trends found that fraudsters are decreasing their schemes against businesses, but increasing COVID-19 focused scams against consumers online.

TransUnion came to its conclusions about fraud against businesses based on intelligence from billions of transactions and more than 40,000 websites and apps contained in its fraud prevention solution, IDVision® with iovation®. It found the percentage of suspected fraudulent digital transactions against businesses worldwide decreased 9% from the beginning of the pandemic (“phase 1,” 11th March – 18th May) to when businesses began reopening (“phase 2,” 19th May – 25th July). In contrast, TransUnion’s Consumer Financial Hardship surveys found consumers targeted by digital COVID-19 schemes increased 10% from the early days of the pandemic (week of 13th April) to more recently (week of 27th July).

“With the rush for businesses to go digital as many were forced to go completely online

Shai Cohen, Senior Vice President of Global Fraud Solutions at TransUnion

almost overnight, fraudsters tried to take advantage,” said Shai Cohen, Senior Vice President of Global Fraud Solutions at TransUnion. “They were most likely unsuccessful in their attempts and took their scams elsewhere as those businesses ramped up their digital fraud prevention solutions while providing a friction-right consumer experience. Conversely with consumers, fraudsters are increasingly using COVID-19 to prey on those persons who are facing mounting financial pressures.”

In contrast to the recent suspected fraud decrease against businesses, when comparing phase 1 (11th March – 18th May) to right before the pandemic (1st Jan  – 10th March), there was a 6% rise in suspected digital fraud against businesses. When comparing digital transactions pre-pandemic to during the pandemic (11th March – 25th July), suspected fraud against businesses remained relatively flat, increasing 1%.

Examining Fraud Types and Their Impact on Industries

TransUnion analysed the below industries for a change in the percent of suspected fraud against them, comparing the periods of 11th March – 18th May and 19th May 25th July.

Suspected Fraud Post-Pandemic Declaration

Industry	Suspected fraud change	Top type of fraud	Top country for suspected fraud origination
Travel & Leisure	47%	Credit card	Bangladesh
Logistics	27%	Shipping	Egypt
Insurance	8%	Ghost broking	Bangladesh
Communities (online dating, forums, etc.)	-1%	Profile misrepresentation	Saint Martin
Gambling	-1%	Promotion abuse	Gambia
Gaming	-3%	Gold farming	Grenada
Retail	-10%	Promotion abuse	Tajikistan
Financial Services	-13%	Identity theft	Syria
Healthcare	-18%	Identity theft	Finland
Telecommunications	-60%	Credit card	Syria

“It appears fraudsters assume travel & leisure companies are scrutinising transactions less in order to capture more revenue as the pandemic continues to severely negatively impact their business,” said Melissa Gaddis, senior director of customer success, Global Fraud Solutions at TransUnion. “Another interesting note is that telecommunications, e-commerce and financial services companies – all industries that have fared relatively well during the pandemic – were targeted with the most digital fraud early in the pandemic but are now among the least targeted. This shows us that fraudsters initially targeted the hottest industries with the most money to be had early in the pandemic in order to hide behind the rush of transactions but have now made an obvious shift.”

Globally across industries, TransUnion found the countries with the highest percentage of suspected fraudulent transactions were: 1) Kazakhstan, 2) Greece and 3) Cyprus. In the U.S. overall, TransUnion found the cities with the highest percent of suspected fraudulent transactions were: 1) Livonia, Mich. 2) Akron, Ohio and 3) Jackson, Miss.

Consumers Targeted By COVID-19 Schemes

To better understand the impacts of COVID-19 on consumers, TransUnion surveyed 8,265 adults in Canada, Colombia, Hong Kong, South Africa the U.K. and the U.S. the week of 27th July. More than three out of 10 respondents (32%) said they had been targeted by digital fraud related to COVID-19, with Gen Z (age 18-25) being the most targeted at 36%. Among consumers reporting being targeted with digital COVID-19 schemes globally, the top pandemic-themed scam is phishing with 27% saying they were hit with it. Despite the survey showing Baby Boomers were the generation least targeted with Digital COVID-19 scams, among consumers reporting being targeted they were the age group saying they faced the highest percentage of COVID-19 themed phishing scams.

“Phishing shows fraudsters aren’t after a quick hit, but rather looking for the long haul,” said Gaddis. “Once a fraudster steals consumer credentials, the wave of disruption they can cause with a stolen or synthetic identity is endless from compromising multiple online accounts to significantly impacting credit scores.”

Consumers can learn how to protect themselves from fraud and identity theft with the TransUnion Fraud Victim Bill of Rights.

TransUnion will discuss the findings in a webinar with Aite Group, Fiserv and Ping Identity on 15th September.

ARTICLE: The missing ingredient in digital certificate management

How a simple integration can safeguard trust in tomorrow’s digital economy

The world’s digital economy owes much to the enabling properties of digital certificates.

Stephan Wolf, Chief Executive Officer at the Global LEI Foundation

This latter point exposes yet another problem. Entities’ circumstances change; digital certificates do not. Should an entity rename itself, move premises or change its legal status, for example, these vital updates can not be reflected in their live certificates. Updating them effectively means starting again: legacy certificates are revoked. Updated certificates are reissued. However, this process only works in some circumstances. In case a downstream application can’t access the relevant revocation list, outdated information persists.

This, of course, assumes that the entity does what it should. In reality, a fair number of organisations will allow their active certificates to persist unchanged until their natural expiration date, and only then update their data. Whether this occurs deliberately or unwitting is, to some extent, immaterial, since the result remains the same: certificate information held about that organisation is not kept up to date in a systematic way, or at all, by the information holders. The broader implication is that certified information is in circulation when it is out of date, and that organisations may also often have multiple certificates under different names, each with varying and inconsistent information. In short, the trust system is undermined.

This ‘maintenance problem’ intensifies as entities expand their use of digital certificates across a broader range of business activities, such as approving business transactions and contracts, client onboarding, transacting within import/export and supply chain business networks, or submitting regulatory filings and reports.

In response, entities urgently need a fast and simple way to ensure the information they are obtaining through digital certificates is suitably reliable.

An elegant solution: Integrate the LEI into digital certificates

Integrating the Legal Entity Identifier (LEI) into digital certificates at the point of issuance addresses these issues head-on. The LEI is a 20-character, alpha-numeric code based on the ISO 17442 standard that connects to key reference information to enable clear and unique identification of legal entities, globally. Each LEI contains information about an entity’s ownership structure, answering the questions of ‘who is who’ and ‘who owns whom’ – crucial for those operating to mitigate risk.

If the LEI can be embedded into digital certificates, it can become the common link between them that is so urgently needed. This would allow anyone to easily tie together all certificate records associated with an entity, determine which certificates are current, and clear up variances. In this way, it can provide certainty of identity and trust in any online interaction between entities, making it easier for everyone to participate safely in the global digital marketplace. It also significantly reduces the complexity and cost, both people and technology-related, associated with due diligence and validation of customers, partners and suppliers.

In order to facilitate the use of LEIs in digital certificates, the Global LEI Foundation has been working closely with standards setting organisations such as the International Organisation for Standardization (ISO) and ETSI European Telecommunications Standards Institute in the EU. These technical standards are necessary for the certificate authority industry to consistently embed LEIs into certificates.¹

Looking ahead: digital solution adoption, APIs and new use-cases for digital certificates

Global LEI Foundation research that identified KYC challenges in the financial services industry reveals that 61% of stakeholders believe that the growth of digital solutions will actually make identity verification more difficult. As entities continue to adopt digital solutions that utilise emerging technologies, such as IoT and blockchain, their use of digital certificates will increase, not least because digital certificates technology now has consolidated regulatory backing, which enables greater reliability and trust in digital identity. This will continue stimulating further demand for precisely the kind of automated verification that the LEI can enable. To cope with this level of demand, certificate handling has no choice but to become faster, and current information must be obtainable on demand via application programming interfaces (APIs). Here, the LEI could become an essential building block for the usage of digital certificates – and digital signatures – in any kind of distributed supply-chain.

Today, different digital ID systems are based on varying standards, keys and encryption and the only common link between them is the entity name, which can vary widely and change over time. Without a consistent numerical link between IDs, automated methods will always result in errors and further challenges for organisations. The LEI is perfectly poised to provide this consistent link and, by doing so, cement its position as a force for good in the digital economy as a whole.

For more information about how to simplify identification in the global digital economy with the LEI watch this video: https://www.youtube.com/watch?v=SL6gWP7IsVc

Author: Stephan Wolf, Chief Executive Officer at the Global LEI Foundation

 

 

NEWS: Assured Clarity Advises Every Organisation to Press the GDPR Reset Button

Assured Clarity Advises Every Organisation to Press the GDPR Reset Button

Assured Clarity – a consultancy, specialising in risk management, cyber security and data privacy – is today advising every organisation to press the General Data Protection Regulation (GDPR) reset button, as a result of fundamental changes to workplace and practices arising from the response to Covid-19. The Allowlist preferred supplier has outlined a four point plan to help organisations ensure they are not exposing their business to even greater and unnecessary risk through non-compliance, as remote working becomes the ‘new norm’.

Managing Director of Assured Clarity, Carolyn Harrison, states: “The rush to implement

Managing Director of Assured Clarity, Carolyn Harrison

and adjust to new ways of working, functioning at reduced capacity and still remain operational, has resulted in data protection taking a back seat.” Carolyn adds: “This is understandable, as business owners have needed to prioritise survival. However, there is a very real danger that a consequence of pivoting working practices – such as the introduction of cloud-based systems and remote-working – so quickly is that it exposes organisations and the wider supply chains within which they operate to suffer a data breach as well as regulatory risk.

“There is an urgent need to hit the GDPR reset button and focus on the core principles of data protection,” continues Carolyn. “This doesn’t mean starting from square one but taking a very close look at what has changed in the organisations processes, technology and people, (there are many new recruits, having an onboarding process via conference call).  These are all potentially elements impacting compliance as well as exposing organisations to a higher risk of a data breach.  The increase in cyber threats has been widely reported and taking appropriate corrective action now we consider a must.” To support organisations, Assured Clarity has outlined a four-point plan to help businesses take the right course of action.

1. Refresh policies and procedures and update records of processing.
2. Provide education and training in relation to new technologies and ways of working that have been introduced.
3. Document evidence that organisational and technical controls are in place and are tested.
4. Re-evaluate the supply chain to validate the compliance credentials of contractors and other third-party suppliers.

“It isn’t just commercial organisations that are grappling with how the new normal is impacting data protection and privacy. The UK government was scrutinised for its compliance with GDPR during the development of its Track and Trace programmme,” concludes Carolyn.  “We are all accountable and in the same way we have adapted how we live and work, so we must adapt how we safeguard personal data and privacy.”

Assured Clarity is registered as an Allowlist preferred supplier, offering cost-effective practical advice and the application of best practice, in achieving and maintaining compliance with data protection and other relevant compliance regulation.