Access your Pro+ Content below.
Knowledge-based authentication poses privacy issues
This article is part of the Information Security magazine issue of March 2010
Long, frigid winters and tough regulations forbidding utility companies from shutting off customers during the cold winter months drove a Midwestern oil company to use knowledge- based authentication (KBA) to root out fraudsters. The company, which didn't want to reveal its identity, experienced a sudden influx of new customers just before the winter. Once it got a KBA system up and running, call center operators posed a series of multiple choice questions to people seeking new accounts. Those who could answer the questions verifying their identities were set up with service while fraudsters trying to activate delinquent accounts under fake names were quickly rooted out. "People with large unpaid bills were trying to get their service turned back on for the winter," says Joram Borenstein, senior product marketing manager in RSA's identity and access assurance group; RSA the security division of EMC, provides the authentication service. "While it's tough to deny heat to someone, you can't stay in business if people are trying to ...
Access this PRO+ Content for Free!
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Features in this issue
HIPAA security compliance has been a mixed bag but HITECH ups the ante
Integrating security information management systems with identity management systems ties policy violations and vulnerabilities to user activity
Learn how to develop an effective information security metrics program and pitfalls to avoid.
Knowledge-based authentication helps catch fraud, but the authentication technology poses customer privacy issues.
Columns in this issue
The HITECH Act increases penalties for a lack of HIPAA security compliance but will it really improve health care security?
A successful career in information security requires an effective information security career plan
Organizations must enhance network intrusion detection systems with supporting processes to uncover genuine threats