Yearly Archives: 2017

EZMCOM Recognised in Market Guide for User Authentication

EZMCOM, Inc. (“EZMCOM”), an emerging leader in Fraud & Risk Management, Identity Access Management solutions has been recognised in Gartner’s Market Guide for User Authentication. Earlier this year, Gartner had featured EZMCOM in “Hype Cycle for Risk Management, 2017”, “Hype Cycle for Identity and Access Management, 2017” and “Technology Insight for Public-Key Authentication Tokens”.

According to market definition,

User authentication is the real-time corroboration (with an implied or notional con dence or level of trust) of a person’s claim to an identity previously established to enable their access to an electronic or digital asset.

According to Gartner Recommendation, Security and risk management leaders responsible for delivering effective identity and access management capabilities should:

  • Seek user authentication methods that best provide the necessary balance among trust, TCO and UX/CX in each use case. Identify candidate vendors that can deliver these methods across multiple use cases.
  • Look for vendor differentiation in breadth of capability and in experience and expertise in a relevant vertical market, such as retail banking and healthcare, rather than focusing on legacy products and services that are increasingly commoditized and horizontal.
  • Seek products and services that integrate rich analytics and adaptive techniques with robust orthodox, credential-based authentication methods, especially in enterprises taking a lean- forward stance to address advanced threats that exploit user credentials.

According to Ant Allan, research vice president at Gartner,

“Although device-embedded fingerprint modes are commonly integrated in mobile banking apps, face and voice are emerging as the modes of choice, with some adoption of scleral vein and camera-based fingerprint modes. These will likely gain traction in other mobile use cases in the near future. Behavioral modes are typically consumed as familiarity signals by fraud detection and other analytics-focused tools.”
EZMCOM provides a comprehesive suite of emerging technologies such as Biometric Authentication (Face, Voice, Behavioural), Phone-as-a-Token, X509v3 Public Key Token Identity and Access Management technologies that integrate with various industry leading IdaaS, IDAM platforms.

EZMCOM has been featured for its breadth and depth of offerings in the “Wide-Focus User Authentication Vendors”, providing customers a choice to adopt a user convenient security approach.

Gartner Market Guide for User Authentication

Check out our earlier blog coverage of Gartner Reports here.

Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About EZMCOM

EZMCOM is an Identity Fraud & Risk Management solution provider with innovative and easy-to-use technology that can be deployed to protect users, data, and applications from credential theft, account takeover and breaches. EZMCOM is working with companies worldwide to change the way we authenticate and authorize – across mobile devices, servers, workstations within enterprise and cloud services.

If you have questions, or would like a demo of EZMCOM’s authentication solutions, talk to an EZMCOM representative today!

sales@ezmcom.com | 1 (510) 396-3894 | 60 (0) 12 570-1114 | 44 (0) 7483-214871

Meet us @ Gartner Security & Risk Management Summit 2017

EZMCOM team would be present at Gartner Security & Risk Management Team 2017. Implementing PSD2 or GDPR or MiFID(II), our team can help you find right solutions to meet your requirements.We will be represented by:

  Deepak Panigrahy, Head of UK & Europe, EZMCOM and  Anupam Ratha, CTO, EZMCOM

You can schedule a 1-1 meetings by dropping an email to sales@ezmcom.com

Our product suites include:

  • Biometric Authentication (Face, Voice)
  • Behavioural Biometrics Authentication
  • ID Proofing for remote eKYC and AML
  • 2FA/MFA: Support all integrations with 360-degree coverage of form factors
  • Risk based Adaptive Authentication
  • 3D Secure 2.0 Authentication
  • Financial Fraud Risk Management
  • PKI Tokens

We have been covered by Gartner in their reports for Hype Cycle for Risk management 2017 and Hype Cycle for Identity and Access Management last month.

Venue of the Event: InterContinental London – The O2, Waterview Drive, London, United Kingdom – SE10 0TW

Date:  18-19 September, 2017

Local Contact Number: +44 (0) 74832 14871

3-Steps for Compliance with “SWIFT customer security controls framework 1.0”

A deadline of Jan 2018 looms upon Banking & Financial Institutions for compliance with the Security Guidelines issued by SWIFT. This guidance from EZMCOM provides a concise summary of controls that can be implemented for compliance.

Typically we can classify the operators of the SWIFT software as – “IT / OS admin” or a “User”. The “IT / OS admin” typically login to the SWIFT server and administer, manage, update, upgrade the SWIFT software and perform general maintenance. The “User” performs the financial transactions/ functional work on the web-based SWIFT Alliance software.

The following security guidelines must be implemented for both these types of users (“operators”).

Compliance for the “Password”

Banks are most likely compliant with this requirement. But if not, here below is the guideline from SWIFT:

The Password should be at least 8 characters long

It should be a combination of digits, special characters, uppercase and lowercase letters

The Passwords should be uniquely used for accessing the SWIFT account (and not a common Password used to generally login to the Bank’s domain)

The Password should not be trivial (e.g. dictionary words)

EZMCOM recommends the use of standard password policies of an Active Directory (AD) server to enforce this compliance. The AD can be integated for OS login as well as a user repository in the SWIFT software.

The Isolated / Dedicated workstation compliance

Typically bank users have access to the internet on their workstations. SWIFT requires you to have a dedicated workstation that is not connected to the internet and preferrably any other external content (e.g. mail, FTP, SFTP etc). This would be an inefficient and expensive approach.

Alternatively, SWIFT recommends that the bank user connect to a JUMP server and then from this jump server the operators connect further to the SWIFT software. The jump server must be isolated from any other network and should not be connected to the internet or have any other mail, ftp, sftp software etc. and be firewalled appropriately.

EZMCOM recommends;

Establish a jump (intermediate) server infrastructure – Viz. Microsoft Windows Server(s) for Remote Desktop of your SWIFT users. If you have a VDI infrastructure (E.g. CITRIX XenApp XenDesktop Receiver), then you can use that as well

Firewall and restrict the access to SWIFT Servers and the URL of the SWIFT Alliance web application so that they are only accessible from the JUMP server(s)

Two-Step Verification (2SV) compliance

2SV or in other words a 2-Factor Authentication is typically the use of an additional credential that is usable One-Time and valid for a limited time duration ensures that a compromise in the Username and Password credential due to any reason doesn’t compromise and provide unauthorized access to the SWIFT software.

The compliance requires the operators to perform a 2SV in at least one of access procedures to SWIFT software.

EZMCOM recommends;

Implementation of 2SV during the remote (desktop) access to JUMP server. Its very unlikely that Banks will allocate additional dedicated and isolated workstation to each SWIFT software operator and the JUMP server access can be a uniform and consistent 2SV experience for all operators (IT/ OS admin as well as the users)

Alternatively, 2SV/ 2FA can be enforced during RDP by the “IT/ OS admin” operators of SWIFT but for the “User”, it can be enforced during the web-based browser login into the SWIFT Alliance software application. With this, the User operator of SWIFT will not be required to perform 2SV/ 2FA during every remote desktop session. Typically such remote connections auto-disconnect after an inactivity period or the lock screen appears and the 2SV/ 2FA can become inconvenient.

You may consider implementaion of some behavioral authentication that monitors the keystroke dynamics of the users during the remote desktop and an Artificial intelligence/ Machine learning based solution grants access to the remote desktop without a 2SV/ 2FA if there isn’t an anomaly in the way the remote desktop connection is getting establish. This will greatly increase the convenience for SWIFT operators while maintaining compliance.

EZMCOM cautions against;

  • Use of free (3rd party/ opensource) OTP/ 2FA/ 2SV authenticators that are natively integrable with SWIFT software’s internal capability of supporting Time based OTP (TOTP) authenticators.
  • Do not assume that by using the built-in 2FA/ 2SV capabilities of SWIFT Alliance software you can get compliance to all of the security guidelines stipulated in the “SWIFT customer security controls framework 1.0” issued by SWIFT. You will need to implement additional 2FA/ 2SV for the “IT/ OS Admin” operators nevertheless even if you chose to use a free/ opensource OTP authenticator that is compliant to SWIFT.

A sample illustration of SWIFT “IT / OS Admin” operator’s experience with 2SV during remote desktop connection to a JUMP server before accessing SWIFT software server for administration. The same experience can be for the “User” operator as well prior to launching the browser for login into the SWIFT web-application.

Disclaimer

EZMCOM is not endorsing any vendor, product or service mentioned in its guidance document, and does not advise Banks and Financial institutions to refer to this document only for compliance. This publication from EZMCOM consist of the opinions of EZMCOM’s own experience in working with Banks and Financial institutions for attaining comnpliance and should not be construed as statements of fact. EZMCOM disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About EZMCOM

EZMCOM is an Identity Fraud & Risk Management solution provider with innovative and easy-to-use technology that can be deployed to protect users, data, and applications from credential theft, account takeover and breaches. EZMCOM is working with companies worldwide to change the way we authenticate and authorize – across mobile devices, servers, workstations within enterprise and cloud services.

If you have questions, or would like a demo of EZMCOM’s authentication solutions that help you establish compliance to SWIFT security guidelines, please talk to an EZMCOM representative today!

1 (510) 396-3894 | 60 (0) 12 570-1114 | 44 (0) 7483-214871

For more information, please visit www.ezmcomcom or follow @ezmcom on Twitter, LinkedIn

EZMCOM recognised in Gartner Hype Cycles for Risk Management 2017 & IAM 2017

EZMCOM, Inc. (“EZMCOM”), an emerging leader in Fraud & Risk Management, Identity Access Management solutions has been recognised in two of Gartner’s 2017 Hype Cycle reports including “Hype Cycle for Risk Management, 2017”, “Hype Cycle for Identity and Access Management, 2017”. EZMCOM was also mentioned earlier in the year in the Gartner publication for “Technology Insight for Public-Key Authentication Tokens”.

According to Gartner’s Hype Cycle for Risk Management, 2017, “Risk management is rapidly maturing as a discipline to harness the benefits of digital business innovation in a safe and secure way.” EZMCOM’s innovative integrated approach to risk managaement comprising of – Identity Proofing, Biometric Authentication, Behavior & Risk-based Authentication as well as Predictive Analytics based fraud detection platform provides notional level of trust in the claimed identity of any user — employee, partner or customer — accessing an organization’s systems and data. Thus, they add value to security and risk management initiatives, such as monitoring, reporting, analytics, identity governance, enforcement of segregation of duties and fraud prevention.

Gartner Hype Cycle for Risk Management 2017
In addition, according to Ant Allan, research vice president at Gartner,

“No user authentication technology is infallible. Session-hijacking attacks can succeed regardless of the authentication method used. Invest in complementary safeguards within a multilayered approach.”
Since EZMCOM has an integrated multi-layered platform for fraud and risk management, users don’t have to stitch fragmented solutions to build a multi-layer defense in depth protection.

Gartner’s Hype Cycle for Identity and Access Management Technologies, 2017, mentions that “Phone-as-a-token authentication methods continued to have a strong adoption trend due to increased mobile device presence as well as their advantages over legacy hardware tokens. Mobile push methods have become broadly available and adopted. IAM as a service (IDaaS) adoption is beginning to accelerate due to a mixture of organizations truly finding faster time to value, and due to Microsoft’s seeding of the market with Azure Active Directory, which is included in enterprise deals for other products.”.

Gartner Hype Cycle for Identity & Access Management 2017

According to Ant Allan, research vice president at Gartner,

“Although device-embedded fingerprint modes are commonly integrated in mobile banking apps, face and voice are emerging as the modes of choice, with some adoption of scleral vein and camera-based fingerprint modes. These will likely gain traction in other mobile use cases in the near future. Behavioral modes are typically consumed as familiarity signals by fraud detection and other analytics-focused tools.”
EZMCOM provides a comprehesive suite of emerging technologies such as Biometric Authentication (Face, Voice, Behavioural), Phone-as-a-Token, X509v3 Public Key Token Identity and Access Management technologies that integrate with various industry leading IdaaS, IDAM platforms.

Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About EZMCOM

EZMCOM is an Identity Fraud & Risk Management solution provider with innovative and easy-to-use technology that can be deployed to protect users, data, and applications from credential theft, account takeover and breaches. EZMCOM is working with companies worldwide to change the way we authenticate and authorize – across mobile devices, servers, workstations within enterprise and cloud services.

If you have questions, or would like a demo of EZMCOM’s authentication solutions, talk to an EZMCOM representative today!

sales@ezmcom.com | 1 (510) 396-3894 | 60 (0) 12 570-1114 | 44 (0) 7483-214871

EZMCOM to demonstrate at Temenos Innovation Jam

EZMCOM IS AMONG THE SELECTED FINTECH COMPANIES TO PITCH AT THE TEMENOS INNOVATION JAM IN SINGAPORE.

The event will:

  • showcase the most advanced and innovative software available to financial institutions
  • through 14 fast-paced, exciting 7 minute demos

How can you balance user convenience with security? You will find the answer in EZMCOM’s Vice President, Deepak Panigrahy and Director of Projects, Kokming Lee.

Presentation Synopsis

Growing adoption of Mobile Banking and Alternate Digital Banking Channels has challenged the existing mechanisms of authentications and have resulted in loss of “Human Touch”. EZMCOM intends to help banks adopt Deep Learning based Behavioural oriented Biometric (Selfie, Voice, Fingerprint) based Authentication, combined with strong ID Verification for identifying users for who they are in true sense. EZMCOM would be demonstrating the experience live on Temenos Internet Banking (TCIB).

What: Temenos Innovation Jam Singapore
When: 23 March 2017
Where: Westin, Singapore
Registration: Register Here

EZMCOM is hiring: C/C++ Developer

We are looking to hire rockstar C/C++ Developer.

Open Positions: 1

Job Location: Kuala Lumpur, Malaysia

Job Description

Who you are…

You’re smart. You build cool things. You can work with a team. EZMCOM is a growing company and every day will throw new challenges your way. You’re excited about that.

In the past, you…

  • Picked up a B.S., B.A. or M.S. in Computer Science or a related field.
  • Good experience in C and C++ Programming on Linux and Windows platforms.
  • Exposure to Microsoft Technologies, Visual Studio platform is an advantage and a differentiator
  • Have worked on server-side projects for at least 2-5 years.
  • Developed and deployed scalable, fault-tolerant, low latency, multi-threaded, distributed systems.
  • Have mastered asynchronous programming and multi-threading in highly concurrent distributed systems.

Oh, and we also have…

  • Awesome benefits coverage.
  • Company holidays and flexible vacation.
  • Monthly team happy hours.
  • Tons of snacks and fancy coffee.
  • Great office in the heart of KL’s financial district.

Email us at info@ezmcom.com with SUBJECT “C/C++ Developer Profile (<Years_of_Experience>)” to know more.

EZMCOM is HIRING – Web Developers

We are looking to hire rockstar Web Developers.

Open Positions: 2

Job Location: Kuala Lumpur, Malaysia

Job Description

Who you are…

You’re smart. You build cool things. You can work with a team. EZMCOM is a growing company and every day will throw new challenges your way. You’re excited about that.

In the past, you…

  • Picked up a B.S., B.A. or M.S. in Computer Science or a related field.
  • Good experience in JavaScript, CSS, HTML5, Java is essential.
  • Exposure and experience in Tools, Frameworks and Databases would be an advantage
  • Experience in Cloud platforms – Amazon AWS/ Azure a big differentiator.
  • Have worked on server-side projects for at least 2-5 years.
  • Developed and deployed scalable, fault-tolerant, low latency, multi-threaded, distributed systems.
  • Have mastered asynchronous programming and multi-threading in highly concurrent distributed systems.
  • Have worked with databases and web services.

 

Oh, and we also have…

  • Awesome benefits coverage.
  • Company holidays and flexible vacation.
  • Monthly team happy hours.
  • Tons of snacks and fancy coffee.
  • Great office in the heart of KL’s financial district.

Email us at info@ezmcom.com with SUBJECT “Web Developer Profile (<Years_of_Experience>)” to know more.

RSA Conference 2017

Request F2F Meeting

Our President and CEO, Pravat Mishra, a serial Entrepreneur would be at RSA Conference, Moscone Centre, San Francisco, USA from Feb 14-17.

If you would like to know new developments and our products, please feel free to request for a F2F meeting by writing to us at sales@ezmcom.com.

We would like to hear from system integrators and partners for Europe, UK, USA, Latin America and Africa on how can we collaborate together.

We would, also, like to hear from technology vendors for interest in partnering/OEMing Authentication and Behavioural Analytics.

Join EZMCOM at KPMG INSURETECH Webinar

EZMCOM would like to invite you to the Online Webinar organised by KPMG and Matchi. Our own Deepak (Deeps) Panigrahy, Vice President – Products & Business, would be a panelist in the webinar covering how addressing frauds is a critical component while automating claims and payments through technology.

TOPIC: Automating Claims and Payments
TIME: 1030 Hours, GMT
Event Details: https://www.facebook.com/events/117335878782769/