Security Web Digest: Verisign Provides Fraud Protection

New subscription service helps merchants to spot illicit behavior John McCain to hold Senate hearings on DMCA subpoenas Survey says Spam and security top IT email concerns Security chip market falls short of expectation


VeriSign on Wednesday unveiled VeriSign Fraud Protection Services, a subscription-based service that helps merchants spot fraudulent online transactions. The heart of the service is a new fraud detection engine, developed by VeriSign, that uses information derived from more than $20 billion in online transactions managed by VeriSign to model different kinds of online fraud behavior, according to Trevor Healy, vice president of payment services at VeriSign. The companys announcement included a statement of support from an executive at MasterCard.


Senator John McCain, chairman of the U.S. Senate Commerce, Science and Transportation Committee, on Thursday promised to hold hearings on a part of the Digital Millennium Copyright Act (DMCA) that allows copyright holders to subpoena the names of alleged copyright violators from Internet service providers without even having to talk to a judge. Senator McCain promised hearings on the issue after Senator Sam Brownback withdrew an amendment related to the DMCAs subpoena provision, tacked onto a bill reauthorizing the powers of the U.S. Federal Trade Commission. Brownbacks amendment would have required such subpoenas to be issued only when the copyright holder is engaged in a pending civil lawsuit or other court action. Right now, the DMCA allows copyright owners to subpoena personal information of suspected copyright violators through an order issued by a court clerk.


Reducing spam remains the number 1 concern for IT professionals on the e-mail front, but security and migration issues are also top priorities for 2003, according to a survey released by the Radicati Group this week. According to the survey, roughly 52 percent of the 50 responding corporations said reducing spam is mission number 1 during the next 18 months. Roughly 30 percent of the IT professionals surveyed said improving security against information leaks and hackers is another major objective in the messaging and collaboration space, while 28 percent agreed that migrating and upgrading users to new messaging software is high on the list of things to do over the next year and a half.

Network security gets a lot of lip service but can be hard to put into practice. It doesnt help that the price of a low-end switch has fallen below $40, but it can still cost an OEM $10 or more to add a security processor. But the high cost of built-in peace of mind isnt the only reason that the attach rate for specialized security processors is a paltry 7 to 27 percent, defying earlier predictions that nearly every server, switch, router and virtual private network appliance would have one. Broadcom Corp., for one, thinks chip makers themselves are partly to blame for making it hard for customers to implement hardware security. The result is that a market once projected to be worth $161 million is instead worth $27 million, according to the company, one of a handful of security IC suppliers. Broadcom this week unveiled a new line of chips, along with software and hardware reference designs that it said will shorten development times.

Internal Revenue Service employees used thousands of computers to access prohibited Web sites that included personal e-mail, sexually explicit sites and games, according to a Treasury Department investigation. Treasury investigators said the unauthorized Web surfing opens the agency to computer viruses, leads to productivity losses and requires the IRS to upgrade its telecommunications structure. It also noted the possibility of sexual harassment lawsuits. The results of the investigation disappointed lawmakers who pushed the IRS to revise its Internet policies and block access to prohibited sites after a study in 2001 showed IRS employees spent more than half their workday on the Internet for personal reasons.