Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A panel at the RSA Conference discussed current and emerging forms of the practice, which involves identifying each device used to access an account with a unique tag or signature.With each device assigned its own 'fingerprint,' administrators can then be instantly alerted to potential fraud.For some companies, the practice is already paying big dividends. Wachovia Bank online customer protection specialist Chris Mathes said the practice is already paying dividends for his company."Device fingerprinting gives us a very powerful tool for us to look at devices as they are coming in," Mathes explained."If I have already identified a device as being owned by a bad guy, I can decide whether or not I even want to let them in the front door."The practice also has its detractors. Electronic Frontier Foundation civil liberties director Jennifer Granick warned that the information banks gather from the digital fingerprints could be used for more than just security."The question is what kind of privacy protection is there, and the answer is very little," said Granick."One thing we really do not want is for this information to be shared with affiliates who do advertising or marketing, because then you have the same problem we have with cookies, but much worse."While the situation appears to put security and privacy at odds, there may be a system that can allow for a compromise.41st Parameter founder and chief executive Ori Eisen suggested that banks look to adopt so-called 'tagless' fingerprinting which uses components such as javascript and system profiling rather than simpler cookie or IP tracking 'tag' components.Eisen said that not only could the tagless system be far more accurate and reliable than tag systems, but the collected data would also be less likely to raise privacy concerns."What we are going to ask is 300 questions that you could ask about the vendor's APIs, but none of it is personally identifiable information. I would never know who is on the other end."
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.