When two parties need to ensure the other party
is trusted, digital signatures are great. The shared key is established after
both parties have been authenticated, but the initial authentication is essential
to the transaction.Using a shared secret or out-of-band
authentication method only verifies an account holder. But what if the account
was set up fraudulently? Authenticating digital signatures with
out-of-wallet KBA (knowledge based authentication) ensures
proper verification of all parties involved.
Standardizing how e-mail receivers perform identity
authentication is the main goal of DMARC
(the Domain-based Message Authentication, Reporting and Conformance initiative).
If you sign an outbound email and someone receives an email from a similar
domain but you havent signed it, they should know to reject it. The problem
is, DMARC only blocks e-mails if theres a corresponding DMARC record and the signature
doesnt match. If there is no record, the email is sent.
There are a few technical challenges and
solutions in combating phishing.One of the most prevalent
solutions is a digital signature, but they do come with inherent roadblocks. A lot of institutions are relying on old
ways like end-user education, training, web-filtering black lists and hiring
services and organizations to help take down phish. There is also a problem
with consumers not knowing or caring where their e-mails come from. Attackers will
keep coming back until an institution has taken proper measures. A lot of
conventional phishing prevention practices assume DMARC is the answer and they
wont need to do anything to contribute to the monitoring and authentication.
To overcome these
challenges we recommend your institution build the right countermeasure by
identifying the sources and the nature of each phishing attack. Using big data
will allow you to potentially tie together the financial loss to specific
phishing sites and enhance your business fraud prevention.
[Contributed by EVS Marketing]