- Email: [email protected]
Avoid the cost of fraud
news
Italy to introduce legally binding digital signature Italy is set to become the first European country to introduce a legally binding digital signature, once the government authorizes a number of organizations to act as digital key holders. Four organizations have applied for official approval as registrars of digital signatures, and the Italian Authority for Information Technology in Public Administration (AIPA) is due to rule on their requests. One such organization is the Societa Interbancaria per l’Automazione (SIA), which is expected to be given responsibility for a national system of oversight for the various local key holders. Participants in the new system will be able to obtain a private key from one of the official registrars, probably in the form of a smart card, and security will be supplemented by a personal access code. At the same time a public key will be deposited with the registrar. The AIPA has contacted representatives of the European Commission and colleagues from other countries with a view to extending a similar system throughout Europe.
UK companies leave security to chance The latest survey from NCC shows that only 52.9% of organizations have an IT security policy. Furthermore, the survey has
found that companies are missing the opportunity to maximize the value of risk management, with only 16% of those polled viewing security as a business enabler — 24.6% believed it to be nothing more than ‘a necessary evil’. The government and finance sectors performed best, with over 80% of organizations in their fields having information security policies. The construction sector faired worst with under 10% of companies adopting one. The survey also looked into the main causes of the failure of information security policies. Inadequate end user training was isolated as the main cause for this type of failure with over half of companies naming it as a problem. Budget and skills constraints were also high ranking.
Product News
Encrypt and authenticate E-mail Viasec Inc. has announced the US availability of Consus, an innovative secure E-mail gateway that protects and authenticates messages sent over the Internet. With Consus in place, all outgoing messages are encrypted and digitally signed while incoming messages are decrypted and verified. Most end-users are not comfortable managing encryption as a desktop application, so Consus places this function at the server level where a transparent, centrally controlled interface eliminates
any need for desktop software installation, user training or help desk support. Because Consus is a scalable, serverbased solution, administrators can efficiently manage and enforce a company’s centralized E-mail security policy to ensure end-user compliance. In addition, a built-in Certificate Management System/Certificate Authority (CA) automatically generates certificates and allocates digital identities to individual users. Consus can also be configured to use LDAP protocol to publish these certificates on a local server. For purposes of long-term storage and retrieval, incoming and outgoing messages can be archived to any ODBC-driven relational database. The product incorporates strong international encryption algorithms while retaining the ability to communicate seamlessly with any SMTP compliant internal E-mail system that supports S/MIME, including Microsoft Outlook, Netscape, Lotus Notes and Novell GroupWise. In addition, Consus supports standard virus protection software including Norton Antivirus, Network Associates Webshield SMTP and Trend Interscan 3. Viasec has designed Consus to be deployed on multiple servers to facilitate load balancing. As a result, if one server fails, the others will automatically take over to distribute the workload and ensure that secure messaging is not interrupted. For further information, contact Neil White at Viasec, on Tel: +1 617 621 7177; Fax: +1 617 621 7178; E-mail: [email protected].
Avoid the cost of fraud ClearCommerce has announced the addition of merchant-configurable fraud detection capabilities to their FraudShield merchant fraud protection module. FraudShield allows merchants to build rules that block industry-specific or merchant-specific fraudulent transactions. Merchants can enter any combination of more than 50 data fields into Boolean ‘if–then’ expressions to check for fraud. For each rule, the merchant defines an Eaccept, Ereject or Econtinue outcome. FraudShield also offers the merchant the capability to receive an E-mail alert when a particular FraudShield rule is triggered. For example, the following could be programmed: if it is between 12 a.m. and 5 a.m., and an order for more than $10 000 is placed with a credit card that will expire in less than one month, aler t the merchant to examine the order before shipping. FraudShield performs automatic lockouts when repeated fraud attacks are detected. It also performs built-in preventative checks such as checking for duplicate orders, validating E-mail addresses and verifying post code and area matches. For further information, contact Alan Scutt, ClearCommerce Europe, on Tel: +44 (0)1784 497 054; Fax: +44 (0)1784 497053; E-mail: [email protected]; Web site: www.clearcommerce.com.
3
Italy to introduce legally binding digital signature Italy is set to become the first European country to introduce a legally binding digital signature, once the government authorizes a number of organizations to act as digital key holders. Four organizations have applied for official approval as registrars of digital signatures, and the Italian Authority for Information Technology in Public Administration (AIPA) is due to rule on their requests. One such organization is the Societa Interbancaria per l’Automazione (SIA), which is expected to be given responsibility for a national system of oversight for the various local key holders. Participants in the new system will be able to obtain a private key from one of the official registrars, probably in the form of a smart card, and security will be supplemented by a personal access code. At the same time a public key will be deposited with the registrar. The AIPA has contacted representatives of the European Commission and colleagues from other countries with a view to extending a similar system throughout Europe.
UK companies leave security to chance The latest survey from NCC shows that only 52.9% of organizations have an IT security policy. Furthermore, the survey has
found that companies are missing the opportunity to maximize the value of risk management, with only 16% of those polled viewing security as a business enabler — 24.6% believed it to be nothing more than ‘a necessary evil’. The government and finance sectors performed best, with over 80% of organizations in their fields having information security policies. The construction sector faired worst with under 10% of companies adopting one. The survey also looked into the main causes of the failure of information security policies. Inadequate end user training was isolated as the main cause for this type of failure with over half of companies naming it as a problem. Budget and skills constraints were also high ranking.
Product News
Encrypt and authenticate E-mail Viasec Inc. has announced the US availability of Consus, an innovative secure E-mail gateway that protects and authenticates messages sent over the Internet. With Consus in place, all outgoing messages are encrypted and digitally signed while incoming messages are decrypted and verified. Most end-users are not comfortable managing encryption as a desktop application, so Consus places this function at the server level where a transparent, centrally controlled interface eliminates
any need for desktop software installation, user training or help desk support. Because Consus is a scalable, serverbased solution, administrators can efficiently manage and enforce a company’s centralized E-mail security policy to ensure end-user compliance. In addition, a built-in Certificate Management System/Certificate Authority (CA) automatically generates certificates and allocates digital identities to individual users. Consus can also be configured to use LDAP protocol to publish these certificates on a local server. For purposes of long-term storage and retrieval, incoming and outgoing messages can be archived to any ODBC-driven relational database. The product incorporates strong international encryption algorithms while retaining the ability to communicate seamlessly with any SMTP compliant internal E-mail system that supports S/MIME, including Microsoft Outlook, Netscape, Lotus Notes and Novell GroupWise. In addition, Consus supports standard virus protection software including Norton Antivirus, Network Associates Webshield SMTP and Trend Interscan 3. Viasec has designed Consus to be deployed on multiple servers to facilitate load balancing. As a result, if one server fails, the others will automatically take over to distribute the workload and ensure that secure messaging is not interrupted. For further information, contact Neil White at Viasec, on Tel: +1 617 621 7177; Fax: +1 617 621 7178; E-mail: [email protected].
Avoid the cost of fraud ClearCommerce has announced the addition of merchant-configurable fraud detection capabilities to their FraudShield merchant fraud protection module. FraudShield allows merchants to build rules that block industry-specific or merchant-specific fraudulent transactions. Merchants can enter any combination of more than 50 data fields into Boolean ‘if–then’ expressions to check for fraud. For each rule, the merchant defines an Eaccept, Ereject or Econtinue outcome. FraudShield also offers the merchant the capability to receive an E-mail alert when a particular FraudShield rule is triggered. For example, the following could be programmed: if it is between 12 a.m. and 5 a.m., and an order for more than $10 000 is placed with a credit card that will expire in less than one month, aler t the merchant to examine the order before shipping. FraudShield performs automatic lockouts when repeated fraud attacks are detected. It also performs built-in preventative checks such as checking for duplicate orders, validating E-mail addresses and verifying post code and area matches. For further information, contact Alan Scutt, ClearCommerce Europe, on Tel: +44 (0)1784 497 054; Fax: +44 (0)1784 497053; E-mail: [email protected]; Web site: www.clearcommerce.com.
3