| Question: | What is ACUTrust™ Technology? |
| Answer: | ACUTrust™ Technology is a two-way identification technology. Read our ACUTrust™ Technology white paper for a detailed overview. |
| |
| Question: | What is ACUTrust™ Web Service Anti-fraud Service? |
| Answer: | ACUTrust™ Web Services Anti-fraud Service verifies the authenticity of a Service Provider's Website to the Website's customers using secure services. |
| |
| Question: | I live outside of the United States. Can I purchase your products? |
| Answer: | Not at this time. Please contact sales@isblanket.com to discuss opportunities. |
| |
| Question: | Can any Website use ACUTrust Service Anti-fraud Service? |
| Answer: | Generally speaking, yes. |
| |
| Question: | How much does ACUTrust™ Web Service Anti-fraud Service cost? |
| Answer: | The product license cost is per user, and volumn discounts are available. For example, a 40,000 user environment will cost $1 per year per user. |
| |
| Question: | Why should I select ACUTrust™ Anti-fraud Technology? |
| Answer: | The most important reason is customer satisfation.
ACUTrust™ Anti-fraud Technology -
- Deters fraud (Identity Theft and Phishing)
- Identifies your Website to your customers using secure services
- Guards against Website counterfeiting and protects your brand
- Protects customers and restores customer confidence
- Gains a significant ROI from an inexpensive and easy to implement software solution
|
| |
| Question: | May I select the hosting environment or install ACUTrust™ internally? |
| Answer: | Yes. |
| Question: | Will my customers still be able to access my Website from any computer or location? |
| | Answer: | Yes. ACUTrust™ Technology was designed with flexibility and integration in mind. |
| |
| Question: | How is the token encrypted? |
| | Answer: | The token is encrypted using 128 bit AES encryption. |
| |
| Question: | Why is ACUTrust™ Web Services Anti-fraud Services a more secure method than my existing logon ID and password process? |
| | Answer: | The root of the problem is the traditional username-password authentication method. It is a one-way authentication method. By entering the correct username-password, the Website verifies identity but you have no way of knowing the identity of the Website. Many online scams use fraudulent Websites that are made to look like the real thing and online an average of 6 days. When unsuspecting users login to the fraudulent Websites, the scammers immediately capture their username and password, which they in turn use to gain access to legitimate online accounts.
The answer is ACUTrust™ Technology's two-way identification technology. ACUTrust™ Technology builds on the username-password method that everyone knows, and adds a token confirmation for the users to proactively verify the identity of your Website. |
| |
| Question: | Can the ACUTrust™ token be reused? |
| | Answer: | The time and date stamp encoded into the token will give away the fact that it was reused. |
| |
| Question: | What could someone do with a stolen ACUTrust™ token? |
| | Answer: | The token is using strong AES encryption. While a dictionary attack is plausible, we recommend the use of passpharses, which make a dictionary style attack much more difficult. |
| |
| Question: | I read an article that claims that ACUTrust™ is susceptible to an Entropy attack. Is this true? |
| | Answer: | No. The pixels displayed in the token DO NOT cluster to form letters as they are attempting to decrypt. All pixel movement per token is random and decryption is near instantaneous. |
| |
| Question: | What does ISBlanketSM recommend as a deterrent to dictionary attacks? |
| | Answer: | While a dictionary attack is possible it is also easily thwarted by having users select strong passphrases. Passphrases should be grater then 16 characters, contain numbers, upper and lower case letters and special characters. A good passphrase should limit the use of dictionary words, not contain easily guessed personal information (birthdates, social security number, children names, phone numbers, etc). In addition, avoid the use of repeating characters.
Finally, the passphrase should be changed according to you company's password change policy.
Example Passphrase:
- Passphrase - I enjoy eating milk and cookies too
- Strong passphrase - ! Enjoy eating milk and cookies 2
- Stronger passphrase - ! Enjoy eTng M^lk & c**kies 2
Take a look at the Attack Matrix.
|
| |
| Question: | What platforms do ACUTrust&trade Web Services Anti-Fraud Services support? |
| | Answer: | It works in a Web enabled environment. |
| |
| Question: | What browsers do ACUTrust&trade Web Services Anti-Fraud Services support? |
| | Answer: | It works with IE 5.X/6.X., Mozilla 1.X, Safari 1.X |
| |
| Question: | Will ACUTrust work with your existing authentication system? |
| | Answer: | ACUTrust™ is an add-on to your existing authentication technology. |
| |
| Question: | How does ACUTrust™ protect against "Man-in-the-middle" style attacks? |
| | Answer: | By encoding information relating to the client computer into the encrypted token a "Man-in-the-middle-attack" would be detected. |
| |
For example: A valid ACUTrust™ token will show that is was requested from the client's system.
The token relayed by a Man-in-the-middle attacker will show that it was requested from the Man-in-the-middle's system.
PRODUCTS
