RealTime IT News

Symantec Launches Online Fraud Protection

Banks, retail chains and other enterprises that sell products or services online spend billions on fighting online fraud.

For example, eBay has an entire team of fraud investigators, who teamed up recently with US and Romanian law enforcement agencies to crack down on organized crime groups specializing in Internet fraud. And online bank E*Trade has promised customers full coverage if their personal information is used for fraud.

Financial services customers were exposed to 60,000 phishing e-mails in February 2008, according to the NetNames quarterly fraud report, and about 64 percent of marketing executives believe that security is significantly affecting corporate brands.

To leverage this market, Symantec (NASDAQ: SYMC) has launched Symantec Online Fraud Protection, a B2B program comprising services, education and ongoing monitoring and management capabilities to protect businesses from various online threats, including phishing and pharming .

"Our customers were complaining that their brands were being eroded and being misused in the marketplace, with people leveraging their brands to perpetrate phishing attacks," Ted Donat, Symantec's director of product management in its global consulting group, told InternetNews.com.

Symantec's response was to wrap its best practices into a program and offer it to corporate customers.

One of the services included is risk assessment, where Symantec looks at risk areas, quantifies the risk in dollar terms and offers customers a customized program that will bring them to "a maturity level for online fraud that'd proportionate to the best practices in the industry," Donat said.

That includes ensuring enterprises have proper authentication for users: working with call centers to ensure they respond correctly to phishing attacks; 24x7 monitoring of the brand; alerting the client; suggesting countermeasures; working with the ISPs of rogue servers from which attacks originate to shut down the servers; working with law enforcement; incident response; and "working with the customer's public relations team to make sure they have a story for the press," Donat explained.

The solutions will be tailored to how much the customer wants to spend.

For intelligence, Symantec leverages its global intelligence network, which consists of sensors around the world sharing information about threats and vulnerabilities, its information systems group and the online fraud resident who is running the response at the time of an incident.

The program is aimed at "any sort of marketplace where there's money changing hands," Donat said.

This B2B approach is a good idea, Pat Dane, founder and chief revenue officer at IdentitySweep, a B2C identity protection service that has 255,000 customers, told InternetNews.com.

IdentitySweep works with large companies to offer identity protection to their customers as an insurance policy "because it takes 600 hours to get your identity back and employees spend most of that time during work," Dane said, adding that "these kind of services need to be offered to employees by big players like Symantec, Trend and McAfee."

Ted Julian, vice president of strategy at database security vendor Application Security, said that new measures need to be taken because "more of the same isn't working. Legacy security issues like firewalls aren't sufficient because hackers are more resourceful than they were."

He advocates measures that go "far beyond software or applications or packaged solutions and include the processes used to secure sensitive information, staff used and the skill sets required."