1 Introduction

When Internet fraud occurs, consumers and the enterprise lose. Online fraud is impacting our business in the following ways:

• Consumers are wary of legacy security's ability to prevent fraud

• Industry and government regulations are setting a higher standard

• Access management solutions do not have integrated strong security

• Stronger security without negative impact to user experience is needed

• Fraud costs business and consumers money

With the increasing sophistication of fraudsters and regulations governing online data privacy, organizations need a robust security solution.

• Stronger, adaptable security is needed for online applications

• Mutual authentication between site and user can prevent phishing

• Protect passwords and PINs from being stolen by malware

• More than a password is needed to protect users from attack

• Keep costs low and the complexity manageable in-house

• Deploy and integrate quickly without production delays

Adaptive access systems can provide the highest levels of security with context-sensitive online authentication and authorization. Thus, situations are evaluated and proactively acted upon based on various types of data.

Oracle Adaptive Access Manager (OAAM) is Oracle Identity Management's solution for web access real-time fraud detection and multifactor online authentication security for the enterprise. Oracle Adaptive Access Manager does not store any sensitive/meaningful data on the end user's machine (secure cookie and Flash object). Oracle Adaptive Access Manager also provides the customer flexible encryption options which are standards certified. Oracle Adaptive Access Manager uses 128 bit 3DES encryption (by default) for storing the KBA answers. But the encryption infrastructure is pluggable. E.g. Customer A can use 256 bit AES encryption if they choose.

Out-of-the-box, Oracle Adaptive Access Manager is designed to support complex, heterogeneous enterprise environments.

Delivering the next generation of risk-based evaluation, Oracle Adaptive Access Manager

• Enables real-time blocking of fraudulent access requests

• Delivers advanced alerting mechanisms

The product protects your business and your customers from a full range of attacks. Such types of attacks can include phishing, Trojans, viruses, fraudulent transactions, and Man-in-the-Middle attacks.

1.1 What Is Oracle Adaptive Access Manager?

Oracle Adaptive Access Manager is a product to protect the enterprise and its customers online.

Oracle Adaptive Access Manager

• Provides multi-factor authentication security

• Evaluates multiple data types to determine risk in real-time

• Research and develop fraud policies in offline environment

• Integrates with access management applications

1.2 What Components Are Provided With Oracle Adaptive Access Manager

Oracle Adaptive Access Manager includes two core components. Adaptive Strong Authenticator includes a suite of highly secure virtual authentication devices. Adaptive Risk Manager works in real-time or offline to detect and prevent fraud.

1.2.1 What Is The Adaptive Strong Authenticator?

Adaptive Strong Authenticator is Oracle Adaptive Access Manager's user-facing "front-end" product with fraud protection against online Identity theft.

Oracle Adaptive Access Manager is an authentication agnostic security mechanism that incrementally protects sensitive credentials and data from phishing, pharming, trojans, and proxy-based fraud without the need for proprietary software downloads. It secures the data inputs at the point where they are first entered into an Internet browser; this ensures maximum protection because the raw information never resides on a user computer or anywhere on the Internet where it can be vulnerable to theft.

1.2.2 What Is The Adaptive Risk Manager?

Adaptive Risk Manager is Oracle Adaptive Access Manager's back-end, proactive real-time fraud detection product.

Adaptive Risk Manager provides a comprehensive anti-fraud software solution which works behind the scenes to provide second and third factors of security by verifying a host of factors used to confirm identity-from the computer and mobile device used to login to a user's location and online behavioral profiles. Based on these factors, Adaptive Risk Manager scores risk and alerts the organization of potential fraud in real-time. Adaptive Risk Manager can also trigger numerous actions, such as challenging or blocking the user.

The Adaptive Risk Manager comes with built-in web-based administration tools including Adaptive Risk Manager (Online and Offline), Customer Case Management, Security Monitoring, Reporting, and System Administration functionality.

1.2.2.1 What Is The Adaptive Risk Manager Online?

Adaptive Risk Manager Online is the administration and monitoring user interface of Oracle Adaptive Access Manager. It is used to configure and monitor the system in real-time, as well as run reports on the Adaptive Risk Manager database.

Adaptive Risk Manager Online provides sophisticated fraud monitoring, analysis, and tracking by user location, device, time of day, type of transaction, as well as a host of other factors, and evaluates these factors against a set of customizable rules.

1.2.2.2 What Is The Adaptive Risk Manager Offline?

Adaptive Risk Manager Offline is an offline fraud analysis product that evaluates existing transaction data for two main purposes:

• First, Adaptive Risk Manager Offline can be used as a stand alone security tool to analyze, detect and alert high risk transactions.

• Secondly, Adaptive Risk Manager Offline can be used in conjunction with Adaptive Risk Manager Online as a supplemental offline analysis tool and as a way to pre-visualize rules against real customer data without impacting customers in a real-time environment.