Adobe Flash Player Private Browsing May Force Change in Fraud Fight
A report from Gartner highlights how the reliance on Flash cookies as an authentication mechanism by online banks may need to change with the release of Adobe Flash Player 10.1. Flash Player's "Private Browsing" feature will make it easier to clear Flash cookies, and e-commerce businesses will need to adjust, some say.When the final version of Adobe Flash Player 10.1 hits desktops later this year, it will bring with it new functionality designed to allow users to automatically clear Flash cookies after a Web session. But while the feature may be lauded in the name of privacy, it may also force online banks to change how they fight fraud. Flash cookies, also known as LSO (local shared objects), are used by many banks and e-commerce sites to identify legitimate users and block unauthorized or fraudulent access. In a report entitled, "Privacy Collides With Fraud Detection and Crumbles Flash Cookies," Gartner analyst Avivah Litan writes that the practice of using HTTP browser cookies for authentication gained steam roughly three years ago due to guidelines imposed by the Federal Financial Institutions Examination Council.
"Most banks responded by implementing stronger authentication that depended in large part on knowing that their online banking customer was logging in from a known PC," Litan wrote. "Upon entering a user ID to log into an online banking session, the bank Web server would check for the presence of this cookie...If the bank software could not find the cookie - for example because the user was logging in from a different PC - then the bank software would generally challenge the user with a series of questions that only the legitimate user could presumably answer."