Control Phishing Attacks using ArrayShield’s IDAS Two Factor AuthenticationMay 9, 2012
In the information age, most corporate applications & data are now accessible across geography & devices. Relying only user’s password is very risky especially for email, ERP, CRM and financial transaction applications. ArrayShield, leading 2FA provider now empowers enterprise applications with innovative and affordable 2 factor authentication for productivity, flexibility without compromise to data security. The ArrayShield’s solution has hit the market at right time, when surveys have revealed that India is in top 5 targeted countries for phishing attacks.
Phishing attacks have lead to a loss of Rs. 5,760 crore or $1.28bn globally in 2011; India Inc alone has lost Rs. 171.94 crore. Approximately one in every 300 emails circulating the web was deemed to contain elements pointing to phishing. Public sectors were the first to be targeted followed by SME businesses. India has also topped the chart of spamming nations in the world, which forms one of the known ways leading to phishing attacks.
ArrayShield’s IDAS two factor authentication product prevents users from potential phishing attacks by making the password dynamic. ArrayShield’s IDAS uses a pattern & a translucent card to derive one-time-passwords (that are dynamic in nature). User chooses a pattern in the matrix as his secret instead of a traditional password. A translucent card is provided to each user which has a similar structured matrix with transparent and opaque cells and some random characters imprinted on the opaque cells. At the time of login, user overlaps the translucent card on the shown matrix in login screen and will key in the characters present in the chosen pattern in the same order as the one-time-password. If a phishing attack is done on an IDAS authentication system, a hacker can only capture one-time-password and the matrix shown to the user. The hacker cannot identify the pattern and use in successive transactions because the hacker cannot capture the translucent card used for deriving the one-time-password. The translucent card being a physical card cannot be captured with any kind of phishing attacks.
Rakesh Thatha, CTO at ArrayShield said “Our IDAS product addresses major security issue concerns with respect to phishing attacks, which forms a big threat to both B2C and B2B sectors. By protecting the data from phishing and spam attacks, enterprises can maximize their ROI by reducing losses caused due to data thefts.”
ArrayShield has solutions for enterprises, BPOs, KPOs, banking & financial institutions, retail, healthcare and also for SMEs.