Security

The Security Encryption Features That We Deploy, Ensure That The Integrity of Your Data Remains Private & Uncompromised

Traditional identity authentication solutions are expensive and highly unsuited for mass deployment. Anti-virus software, personal firewalls and intrusion detection systems are not enough to keep pace with the bad guys, being limited in their ability to stop today’s sophisticated hackers and scam artists since these solutions are reactive and rely on signatures or patches that are available only after an attack has started. Because, these utilities focus on protection of the network rather than the identity of the end user. Attackers generally monitor vendor patch announcements then reverse-engineer the patch to discover its vulnerability. Protecting a user’s identity requires a methodical approach that evolves through the relationship. Protecting the identity of both an end-user and/or a computing device therefore requires an end-to-end approach that provides total assurance across the entire lifecycle of a trusted relationship.

Today, the rise of the Internet as a standard medium for conducting business has resulted in a staggering series of identity management challenges that are dwarfing the capabilities of information technology departments across virtually every industry. Identity theft and credit card fraud are the top two concerns of consumers who shop and make purchases online.

This site has security measures in place to protect against the loss, misuse or alteration of the information under our control. As well as total identity assurance solutions protecting our business partners, suppliers and customers from malicious hacking and online theft, that guards both businesses and consumers from phishing, keylogging, malware, spyware and other identity attacks and scams.

The utmost precision is afforded every ADC client, with respect to security. Using the strongest authentication platform in the world. Built using the concept of ‘Out-of-Band,’ usernames and passwords are separated and sent to the host server via separate channels. While layers of protective firewalls assure customers that their transactions are safe and secure, with constant administrative monitoring 24 hours a day, 7 days a week.

The open platform architecture seamlessly integrates into any existing computing environment, and verifies the “real” identity of the end user or applicant by asking a series of ‘out of wallet’ questions that only the “real and true” person would know. These records are based upon years of public data and a unique inquiry methodology, the system leverages 20+ billion user records gathered over a 30-year time period. While validating the authenticity of any computer trying to login to the network, providing a “trusted computing environment”. The system works by checking the device “ID” that is machine specific and protects the environment from being spoiled by malware/spyware, and further secures the trusted computing environment by the use of 128-bit encryption that separates the pathway for information delivery from a keyboard to a targeted application. Eliminating end user data from being secretly transmitted to spyware servers, any chance of spyware/malware being used to collect user information. And stays in effect during an application session so that “ALL” entered information is encrypted and protected.

ADC utilizes four encryption standards for secure file transmissions. PGP (Pretty Good Privacy), and 128-bit encryption, both are methods that many have some familiarity with. Triple DES (Data Encryption Standard) is more secure, followed by AES, recognized as the most secure of all, and both identity verification technology for all ADC users and Out-of-Band transaction authentication technology.

The latter two are based upon securing every participant that enters the site to register as a member, both merchants and cardholders alike. And, securing “Key” transactions of those users. The “Fraud Scrub” will deploy as members (merchants and/or cardholders alike) register, validating an applicant’s real identity with a secure self-service enrollment feature that eliminates the threat of online account fraud from hackers using stolen information and registering fraudulently, by establishing the true identity of an end user prior to the issuing of an online authentication credential. The transaction authentication techniques apply as members conduct transactions both online and off-line, via the program service features, enabling multi-factor authentication by utilizing separate pathways for authenticating the transaction and a user’s identity.

The Advanced Encryption Standard (AES) is the new (2001) Federal Information Processing Standard (FIPS) that specifies a cryptographic algorithm for use by U.S. Government organizations to protect sensitive (unclassified) information. AES is also widely used on a voluntary basis by organizations, institutions, and individuals outside of the U.S. Government.

Adoption of AES is the culmination of a four-year effort involving the cooperation between the U.S. Government, private industry and academia from around the world, to develop an encryption technique that can be used securely by millions of people, now, and in the years to come.

Identity Challenges

Account Fraud: the best phishin' hole around these days is the World Wide Web. A study by a leading research firm finds that checking account theft is the fastest-growing consumer fraud in the country -- and most of it occurs on the Web. Based on a poll of 5,000 U.S. adults online, a Gartner study shows that some 1.98 million consumers have been victimized by checking-account fraud, resulting in $2.4 billion in losses.

Some 57 million U.S. Internet users have received fraudulent, phishing emails, according to Gartner, and about 1.7 million of them may have been tricked into divulging personal information. It has been documented that approximately 80% of all online account fraud stems from hackers using stolen information and registering online for loans or new credit card accounts. In 2003, the Federal trade Commission (FTC) received more than a half million fraud and identity theft complaints and projects that number to rise significantly over the coming years.

Most of the losses occur through "phishing" expeditions, in which counterfeit emails appearing to be from banks and other financial institutions are sent to millions of Internet users, asking the user to verify his or her account balance, Social Security number and other information.

The user clicks on a link in the email and is taken to a site that, through the use of stolen logos and carefully copied color schemes, looks just like the real thing. The consumer provides the information requested and thereby gives the scam artists access to the consumer's checking account.

Others include the use of "spyware." These programs are installed surreptitiously on consumers' computers, often by clicking on a pop-up ad. Once installed, the program records key clicks, enabling crooks to learn the consumers' user IDs and passwords.

Trojan Horse attacks pose one of the most serious threats to computer security. According to legend, the Greeks won the Trojan War by hiding in a huge, hollow wooden horse to sneak into the fortified city of Troy. In today's computer world, a Trojan horse is defined as a "malicious, security-breaking program that is disguised as something benign". For example, you download what appears to be a movie or music file, but when you click on it, you unleash a dangerous program that erases your disk, sends your credit card numbers and passwords to a stranger, or lets that stranger hijack your computer to commit illegal denial of service attacks like those that have virtually crippled the DALnet IRC network for months on end.

Trojans are executable programs, which means that when you open the file, it will perform some action. In Windows, executable programs have file extensions like "exe", "vbs", "com", "bat", etc. Some actual Trojan filenames include: "dmsetup.exe" and "LOVE-LETTER-FOR-YOU.TXT.vbs"

Trojans can be spread in the guise of literally anything people find desirable, such as a free game, movie, song, etc. Victims typically downloaded the Trojan from a WWW or FTP archives, got it via peer-to-peer file exchange using IRC/instant messaging/Kazaa etc., or just carelessly opened some email attachment. Trojans usually do their damage silently. The first sign of trouble is often when others tell you that you are attacking them or trying to infect them!

Phishing: (sometimes called carding or brand spoofing) uses email messages that purport to come from legitimate businesses with which the user may have a relationship. The messages may look quite authentic, featuring corporate logos and formats similar to the ones used for legitimate messages. Typically, they ask for verification of certain information, such as account numbers and passwords, allegedly for auditing purposes. And because these emails look so official, up to 20% of unsuspecting recipients may respond to them.

Keyloggers: occur when a malicious program installs itself through a pop-up. The program can then read keystrokes and steal passwords, PINS and other personal information when victims visit targeted sites such as major financial institutions.

If the program recognizes that a person is on one of these sites, it does keystroke logging. Even though all financial sites use encryption built into the browser to protect login data, this Trojan Horse program can capture the information before it gets encrypted by the browser software. This occurs because the browser does not encrypt data between a victim’s keyboard and computer -- encrypting commences only when the data goes out onto the Internet.

Identity thieves have more than 12,000 keylogging programs on the Internet to capture everything you type. Keylogging programs capture and steal your keystrokes in these common online activities:

E-mail
Banking
Shopping
Bill payment
Loan or credit applications
Searches

Targeted confidential identity data includes:

Names
Bank accounts
Credit card accounts
Passwords & PINs
Social Security numbers
Contact information

Spyware: is a generic term typically describing software that “sneaks” onto your system or performs other activities hidden to the user. Spyware is usually bundled as a hidden component in mislabeled freeware and shareware applications downloaded from the Internet. These modules are almost always installed on the system secretively, suggesting that spyware companies know how users feel about such software.

Spyware exists as an independent, executable program on your system, and has the capability to do anything any program can do, including monitor keystrokes, arbitrarily scan files on your hard drive, change your default homepage, interface with your default Web browser to determine what websites you are visiting, and monitor various aspects of your behavior, "phoning home" from time-to-time to report this information back to the spyware author.

Malware: is typically used as a catchall term to refer to any software designed to cause damage to a single computer, server, or network, whether it's a virus, a Trojan Horse, spyware, etc.

Viruses are computer programs or scripts that attempt to spread from one file to another on a single computer and/or from one computer to another, using a variety of methods, without the knowledge or consent of the computer user. A worm is a specific type of virus that propagates itself across many computers, usually by creating copies of itself in each computer’s memory. The most common method used for spreading a virus is through email attachments.

A Trojan Horse meets the definition of a virus in the sense that it attempts to infiltrate a computer without the user’s knowledge or consent. A Trojan Horse, similar to its Greek mythological counterpart, often presents itself as one form while it is actually another. Trojans typically do one of two things: they either destroy or modify data the moment they launch, such as erase a hard drive, or they attempt to ferret out and steal passwords, credit card numbers, and other such confidential information.

Account Takeover: occurs when a fraudster obtains your personal information. Often they do not need your actual card number. Once the fraudster has your information, he or she will contact your credit card company and change the address on your account.

Next, the fraudster will call and report your card lost or stolen and request a new card replacement. The new card is then sent to the new billing address on the account. The fraudster has successfully taken over your account - hence the term "account takeover". This is currently the most popular type of credit card fraud. It doesn't require the technology of a counterfeit card, or the waiting time of a fraudulent application.

Also, companies often link PIN numbers and other information to the new card automatically. The fraudster can access cash, and sometimes even have access to the checking account information that you provided to your credit card institution. Despite all the new security measures that many card companies have initiated, the occurrence of account takeover fraud is on the rise.