Unauthorized access countermeasures and IP Geolocation technology

~Technology supporting safe and secure online transactions~

Online transactions such as internet banking and online shopping are becoming more and more familiar to us. On the other hand, from the point of view of handling money on the Internet, which can be accessed by anyone, strong security measures are required.

Impersonation login countermeasures for Internet banking

In a real bank, transactions cannot be made without a passbook or card. However, in the case of Internet banking, you can log in anytime and anywhere by entering authentication information such as your ID and password. While it is convenient, there is a risk of “spoofing” by a third party who obtained the authentication information illegally.

Internet banking companies use various methods to prevent spoofing, such as combining multiple authentication methods and using disposable one-time passwords. One of them is an authentication method called ” risk-based authentication ” that is being introduced. Based on the user’s access history, etc., it is possible to detect access that deviates from the normal usage pattern, perform additional authentication, and temporarily restrict operations.

In addition to behavioral patterns such as “time period of use,” “transaction amount,” and “transaction frequency,” data such as “access source area” and “provider used” determined from IP address are useful for detecting login spoofing. It is

The figure below is an image diagram of an access log for Internet banking. If a user who usually logs in from Tokyo suddenly logs in from Osaka, it can be determined that this is different from the normal usage pattern and additional authentication can be performed.

Countermeasures against session hijacking

It’s not just when you log in that fraud can happen. There is also an attack method called a “man-in-the-middle attack” that intrudes into communications between a user who has logged in through legitimate procedures and the bank’s server to perform fraudulent actions. At first glance, both the user and the bank appear to be communicating normally, making it difficult to detect.

As one of the countermeasures against man-in-the-middle attacks, the detection of session hijacking (taking over a session) using IP addresses is attracting attention. By acquiring the user’s IP address information not only during user authentication but also after authentication, it is possible to detect sudden changes in the IP address.

As shown in the figure below, if the IP address or the location information obtained from the IP address suddenly changes, it is possible to determine that there is a possibility of session hijacking and take urgent measures.

Detect fraud when opening an account

IP Geolocation technology may also be used as a means of preventing fraudulent account openings.

For example, if it is possible to open an account online, there is a possibility that some users may attempt to open an unauthorized account by falsifying personal information. These types of accounts are at high risk of being used for fraudulent purposes, such as fraudulent deposit accounts, and must be carefully guarded against.

This is where IP Geolocation technology comes into play. For example, if a user who applied with an address in Tokyo accessed from the United States… something is wrong. In this way, it is possible to detect high-risk account openings by using the discrepancy between the location information determined from the IP address and the input information as a mark.

Accuracy and unauthorized access detection of IP Geolocation technology

IP Geolocation technology consists of a database that links IP addresses and various types of information. The high accuracy of the database is directly linked to the expansion of usage situations. A database with low accuracy cannot be used in high-risk situations such as security measures.

The accuracy of the IP address database “SURFPOINT™” provided by our company is maintained and improved through a framework of improving data quality through continuous research and verification. Through this effort, it is used in various solutions that require high accuracy, such as unauthorized access countermeasures, risk-based authentication, and cybercrime investigations.

Leave a Comment