Re: Protecting Client Identity

Depending on the risk associated with client authentication, two factor may be warranted if it's practical. The number of clients and/or third parties contacting you will be part of the "practical" assessment.

This is why credit card companies typically want card number, expiry, and sometimes security code from the back of the card in addition to a secret word or challenge/response pair. "Something you have + something you know" has become a cliche for a reason. :)

I hope this helps.

------Original Message------
From: brookerj@xxxxxxxxxxxxxx
To: security-basics@xxxxxxxxxxxxxxxxx
Sent: 25 Mar 2008 3:18 PM
Subject: Protecting Client Identity

What are the best practices generally used to authenticate a client or external advisor that is calling in to get information regarding a client's account? We have discussed the use of non-specific client questions that would be stored in our CRM however I would like to hear what other corporations are doing. Specifically in the financial industries area.

Thank you,

Sheldon Malm
Security Research and Development
nCircle VERT

Sent from my BlackBerry Wireless Handheld

Relevant Pages

  • Re: Best practices for internal/external servers
    ... >less of a security risk than does an inbound VPN. ... >> anyone anywhere in the world to attempt to attack the IMAP server. ... Then if a client machine is compromised the only thing it'll be ...
  • Re: outlook on server
    ... I review each client individually. ... accept the risk, and willing to pay the bill to fix it, that's one thing. ... It's his server, his business. ...
  • Re: [fw-wiz] VPN endpoints
    ... > 1) Some VPN products default to allowing the Null encryption algorithm. ... The cost of compromise is a function of the risk that the data may be ... > most of the benefits are in the fact that practically any client can be ...
  • Re: What is the futur of Native Code ?
    ... >> driveup banking... ... That's because the risk is down ty $50, ... > efficiency and convenience of client-based software, ... the client is under complete control of the client owner. ...
  • Re: XP Requirement Analysis?
    ... >> So sitting down with the client and trying to understand what his ... while I'm trying to get my head around how someone business works. ... >> spec and doesn't. ... but the people/process risk is probably more difficult to mitigate. ...