The Internet is a tool for everyday use for everyday types of applications. Businesses are increasingly using the Internet as a method of communicating with customers, vendors, employees and conducting business transactions. Conducting business on the Internet is efficient and cost effective, particularly when services and information can be distributed electronically. At the same time it also creates added risk of loss and damage by hackers, identity theft, stolen credit cards, and fraudulent activities. One of the most fundamental problems with network security is user authentication—are the people gaining network access authentic or who they claim to be.
A number of strategies are commonly employed to make it relatively safer to use the Internet and to facilitate communications and online business transactions. Login names and passwords are one of the most widely used and accepted forms of basic network security. This may be considered a first or primary authentication factor based on something users know or keep in their minds. Online access is provided upon entry of an exact user login/password combination. The identification of valid login names is often trivial, particularly on systems where they are apparently visible or follow a predictable common login format, such as “firstname_lastname” or “firstinitial_lastname.” It is also difficult to secure password information given natural human tendencies. End users often adopt common or simple passwords, share passwords, write down passwords, or select passwords that can be readily guessed. User login and passwords therefore only provide a basic level of security that is not solely relied upon, particularly for financial networks accessible via the Internet such as online banking systems.
A secondary level or factor of authentication may be relied upon for added security based on something users have in their possession, such as a special purpose hardware device. For example, after entering a valid user name and password to access a network, the device such as a token may provide a user with a code as part of the login process. The code may be a six digit number that changes at regularly timed intervals and must usually be entered into a device within a specified amount of time. The token thus provides a secondary code/password for the user to enter as part of the login process. Alternatively, another hardware security device referred to sometimes as a “dongle” may be physically connected to a computer interface such as a USB port. This device may sometimes be used to identify end users connecting from a particular device. A fixed system component serial number and other hardware methods used to uniquely identify specific network devices are also used to limit access to “known” devices. Unfortunately, these methods are plainly visible to the world and can be copied or simulated. These systems provide more security but are not perfect and can be impractical in protecting large networks accessible by a large number of users or customers. There is usually a high cost of ownership for such added security measures which are also intrusive and takes away from the user experience.
Other user authentication solutions are available today involving services provided from third parties. For example, the use of digital certificates and trusted third party Certificate Authorities (CAs) are an increasingly popular way of ensuring that the party connecting to a network is indeed who they claim to be. Unfortunately, digital certificates can be copied and stolen. Moreover, significant trust must be placed in third party verification groups that do not have a direct vested interest in or knowledge of the secured networks that are relying upon them. The requirement for network users to utilize certificates can also create a significant burden on users of large networks, particularly for customers of financial or banking institutions.
An Internet Protocol (IP) address and geographical-location services relying upon IP address are also used to verify end-users or to cross reference likely physical location information related to a user. These methods are limited by the fact that many Internet users obtain a new temporary IP address every time they connect to the Internet instead of maintaining a permanent address (dynamic vs. static IP addresses). The use of IP addresses to pinpoint the location of a connected device is also inherently flawed by the nature in which blocks of IP numbers are distributed and the relative ease of IP spoofing, a technique used by network intruders to make it appear that they are using another device or connecting from a trusted or different IP address.
There is a need for an improved network security fraud detection system. It would be desirable to have a solution that is transparent to the user and implemented alternatively as a standalone solution or as part of an integrated fraud detection and prevention system.