Usually applications run into unknown and malicious environment, with no possibility to manage directly the devices in which they are installed. “Trust your App” is the suggested security approach to protect mobile apps in autonomous way, independently from the device and without admin privileges. MORE® implements “Trust your App” approach allowing the highest level of security when apps run.
It is in growth the provisioning of IoT system, but the correlated security risks are undervalued. IoT systems are distinguished for two factors: does not exists a standard rule (heterogeneous environment); and they are not developed caring about security best practices. XTN® also works on Domotic and Automotive problems, in order to provide a complete offer of security, management and analysis about IoT. XTN® solutions automate the security analysis of applications to detect code vulnerabilities and anomalous behaviours, which could impair devices.
For XTN® it is important to guarantee usability and users experience. A continuous request of user login and authorization code, it isn’t necessary. Thanks to the user biometriccontrolbased on behaviour analysis and on risk analysis into the end-point, it is possible to reduce the user activity. MORE® and SMASH® guarantee the highest level of service and data protection, choosing when an authentication is truly necessary.
Statistics and analysis about frauds, confirm the need from financial institution to provide themselves with advanced solutions of transaction’s monitoring, against the increasingly number of online frauds. Year by year, statistic confirms the trend: the major offering of services and their increasing use by a growing number of users, are the perfect scenario of action for the criminal groups, which are day by day more experienced.
An adapted level of defense, cannot disregard from evolved systems of transaction monitoring able to self-learn and in according with the attack pattern evolution. In this way, the requisites imposed are set by EBA (European Banking Authority), which imposes the use of advanced transaction monitoring systems for online payments.
The evolution of SMASH® is based on the growing needs of EFM’s (Enterprise Fraud Management) solution, in order to provide a unique framework able to manage antifraud processes across different channel. This is the reason why SMASH® capabilities was evolved in order to enlarge monitored perimeter also to Credit/Debit card transaction and SWIFT channel.
Have you ever done the math on fraud in your business? Fraud can be very costly: the costs can be calculated in merchandise or services lost, shipping and handling, time to process the order, processing chargebacks and your time and effort to investigate the fraud. SMASH® protects merchant by typical e-commerce frauds, providing Anti-Fraud checks before the payment processing phase, scoring the information provided within the credit card, the geolocation of the transaction, the shipment and the information regarding the order.
EBA published the guidelines for the security of Internet Payment in 19/12/2014 (EBA/GL/2014/12) published by European Bank Authority, in which it imposed to financial institution and PSP (Payment Service Provider) to improve instruments, process and awareness in order to guarantee a stronger level of security regarding their payment services provided to the its customers. Requirement number 10:
“Transaction monitoring mechanisms designed to prevent, detect and block fraudulent payment transactions should be operated before the PSP’s final authorisation; suspicious or high risk transactions should be subject to a specific screening and evaluation procedure. Equivalent security monitoring and authorisation mechanisms should also be in place for the issuance of e-mandates.”
In details, EBA asks to financial institutions and PSP to implement the following kind of controls:
Such systems should be based, for example, on parameterized rules (such as black lists of compromised or stolen card data)…
… and they should monitor abnormal behaviour patterns of the customer or the customer’s access device (such as a change of Internet Protocol (IP) address or IP range during the internet payment services session, sometimes identified by geolocation IP checks, atypical e-merchant categories for a specific customer or abnormal transaction data, etc.)