FMT Octopus for Web application security

Challenge: The benefits associated with end-user device identification for fraud management and marketing analysis are well documented. Companies want to deploy this technology without long change request delays and application repackaging and testing.

Solution: FMT Octopus readily accesses detailed data on each user, including information that identifies repeat users from the same device. It requires no end-user registrations, downloads or installations. In addition, it enables third-party solution providers to implement their own scripts and device tagging applications without requiring changes to application code. This all translates into drastically reduced deployment time and IT resources required. Click here to read more.

Challenge: Online businesses want to introduce risk-based authentication into their applications without modifying the products via code changes.

Solution: FMT Octopus™ prevents fraud by challenging users with additional authentication when they perform high-risk transactions. If a customer performs specified activities (such as paying a large percentage of an account balance to a third-party beneficiary), FMT Octopus challenges the user's action in real time using a built-in two-factor authentication option (SMS, email, mobile phone, etc.). Alternatively, it can redirect to an organisation's existing two-factor methods. Click here to read more.

Challenge: E-commerce organisations require valuable information about the location of their online customers to make effective decisions in real time.

Solution: FMT Octopus™ enables e-businesses to determine from which countries their online customers are logging in. The software interoperates with geo location information vendors to determine which cities and countries users are located. Using this information, FMT Octopus can customise user experiences to enhance marketing, prevent fraud and ensure trade restriction compliance. Click here to read more.

Challenge: E-businesses must constantly verify information through third-party providers. Implementing the services must be quick, and accessing their data sources must be efficient, to mitigate risks and comply with regulatory requirements.

Solution: FMT Octopus™ easily integrates third-party data services, such as credit bureau, geo location and marketing data look-ups, as well as other data verification services. Its vendor-neutral integration platform significantly improves implementation timeframes and provides a single interface to connect, control and manage strategies for external data sources. Out of the box the solution also delivers a wealth of additional capabilities and has the advantage of application layer data visibility to give organisations a competitive advantage that differentiates them in the marketplace. Click here to read more.

Challenge: Many websites are vulnerable to attacks such as SQL injection, XPath injections and XSS (cross-site scripting).

Solution: FMT Octopus can detect when commands used for website attacks are likely to have been inserted into a browser request. This allows organisations to build up an instant defence capability and respond by logging the perpetrator's details and/or denying the request to access to an application.

Challenge: Many Web applications are vulnerable to cross-site request forgeries. These attacks allow fraudsters to maliciously execute transactions in place of legitimate online users simply by having real users visit a specially crafted website. The request against the vulnerable site comes from a real user's browser, which forwards any current session cookies correctly.

Solution: FMT Octopus can automatically and dynamically insert a second session identifier into all application pages and check this identifier whenever data is posted. This approach makes it impossible for the malicious site to determine the correct structure of a request.

Challenge: E-businesses require intelligence on customers mining their sites for data or conducting automated attacks.

Solution: FMT Octopus™ enables organisations to detect automated attempts to access a website. By timing how long users spend filling in forms, and by checking if they come in from the same IP addresses repeatedly without transacting, FMT Octopus determines if competitors or fraudsters are orchestrating automated attacks or attempting to mine a website for data.

Challenge: E-commerce organisations require intelligence relating to several users coming in from a single browser or IP address to prevent criminal activities.

Solution: FMT Octopus™ tracks many users coming in from a single location to help determine if identity theft has occurred. By knowing that one browser or IP address has been used to access a number of different accounts, organisations receive an early fraud warning. FMT Octopus also proves effective when the same device is used to access accounts where billing addresses are different.

Challenge: Businesses conducting online commerce want to contact customers when specific events take place as a security measure.

Solution: FMT Octopus™ can add alerting features to existing applications based on preset criteria. This allows businesses to email or SMS customers when predetermined activities occur for early detection of fraudulent transactions and higher recovery levels from stolen funds.

Challenge: E-commerce organisations want to be alerted to a wide variety of activities to maximise revenue opportunities and minimise risks.

Solution: FMT Octopus™ automatically generates alerts when specified events take place within an application. Myriad alerts - such as when a customer buys a particular product or conducts a high-value transaction - can be instituted via both SMS and email.

Challenge: Online organisations need to access and maintain blacklists and whitelists for a wide variety of uses, including payment and delivery of products and services and to ensure legitimacy and compliance with legislative requirements.

Solution: FMT Octopus™ works with a wide variety of lists (e.g., OFAC Specially Designated Nationals, Politically Exposed Persons, Banned Company Owners) prior to transaction completion. Its rapid and powerful search capabilities are followed by a probability score that takes into account variables such as nicknames and known aliases. It also enables organisations to maintain blacklists and whitelists for IP addresses, account features, user names, etc., for alternative uses.

Challenge: Businesses conducting Internet commerce require an ability to store and access historical customer behaviour to help mitigate fraud.

Solution: FMT Octopus™ keeps a history of users' past behaviour to detect unusual patterns. For example, it determines a customer's preference for browser type, application features, shipping address, etc. With repeat website users, this information is used to detect anomalous activity and prevent fraud before it occurs.

Challenge: Online organisations must constantly detect and prevent new e-channel threats as they emerge.

Solution: With FMT Octopus™, businesses can access all e-channel data including browser type, device ID, posted data, language packs and IP address. Using this data directly or forwarding it to third-party analytics products enables organisations to identify and thwart today's and tomorrow's threats.

Challenge: During testing, e-businesses are often unable to see all of the information moving between customer browsers and applications. Hidden fields may inadvertently be posted back and forth, resulting in security issues and impacting network and application performance.

Solution: FMT Octopus™ inspects all data travelling between browsers and applications during testing - not just the information an application developer selects from the data stream. It quickly and easily exposes all information during testing to help ensure an application complies with security, privacy and performance requirements.

Challenge: Online organisations must access information in real time to reduce fraud and prevent espionage.

Solution: FMT Octopus™ improves security and stops espionage by checking incoming IP addresses against known compromised servers. It performs reverse Domain Name System (DNS) lookups with lists of compromised servers. This helps combat fraud and prevent botnet-driven access to a website.