Online and Mobile Device Identification: Is Your Online Authentication Security Strategy Ready to Go Mobile?

  • ID: 1409384
  • October 2010
  • 42 Pages
  • Javelin Strategy & Research
1 of 4


  • 41st Parameter
  • Apple
  • Digital Resolve
  • iovation
  • Mozilla
  • RSA
  • MORE

Device identification is a relatively inexpensive authentication process that provides a low to medium layer of protection with high ease of use for consumers. But is this online security strategy ready to go mobile? In this report, Javelin reviews the advantages and disadvantages of device identification and its ability to extend from online to mobile authentication. The need for better account authentication in financial services, retail, medical, social networks and gaming is urgent and growing. While mobile threats are still nascent, online attacks on nationwide financial institutions are increasing. At the same time, more consumers are purchasing smartphones and are also connecting to online and mobile sites through their mobile devices. Security vendors reviewed are Digital Resolve, 41st Parameter, Iovation, RSA and ThreatMetrix.

Primary Questions

- Why is there a need for a passive layer of security, such as device identification?

- What online authentication methods transfer to mobile authentication?

- What are the advantages and disadvantages of device identification?

- Will device identification work with mobile handsets?

- How does READ MORE >

Note: Product cover images may vary from those shown
2 of 4


  • 41st Parameter
  • Apple
  • Digital Resolve
  • iovation
  • Mozilla
  • RSA
  • MORE

Primary Questions
Executive Summary
Urgent Need for Better Authentication
More Online Fraud and Sophisticated Attacks
Shift in Attacks to National Financial Institutions
Decline in Consumers’ Faith in Online Banking Protection
Proliferation of Mobile Devices
Growth of Mobile Banking
Not Enough Security
Authentication: A Two-Step Process
Medium Security with High Ease of Use Through Device Recognition
Planning for Mobile Security
WiFi vs. Cellular Internet Access
Smartphone-Based Mobile vs. Online Banking
Authentication System Overview
Sources of Account Holder Information
Static vs. Dynamic Information
Network Authentication
TCP/IP Analysis
JavaScript and Flash Cookies
Proxy Piercing
Software Layer
Hardware Level
Device Identification
Device Differences
Hash Algorithms
Geolocation: WiFi, Cell Tower, GPS
Device Identification to Stop Cybercriminals
Man-in-the-Browser Attack
Botnet Detection
Trojan Detection
Reputation- Based Systems
Mobile Security Vendor Profiles
Digital Resolve
41st Parameter
Comparison of Profiled Vendors
Related Research
Companies Mentioned

Table of Figures

Figure 1: Annual Amounts of New Accounts Fraud, Existing Non-Card Account Fraud and Existing Card Fraud, 2005–2009
Figure 2: Fraud from Online Purchases, 2008–2010
Figure 3: Fraud Attacks on National and Regional Banks and Credit Unions, August 2009–August 2010
Figure 4: Consumers’ View of Their Banks’ Ability to Provide Mobile Security
Figure 5: Smartphone Users, 2008–2010
Figure 6: Mobile Banking Adoption, 2008–2010
Figure 7: Top Reasons Cited by Consumers for Not Using Mobile Banking
Figure 8: The Enrollment Process for New Accounts
Figure 9: Difference in Authentication Processes for New and Returning Account Holders
Figure 10: Consumers’ Ratings of Effectiveness and Ease of Use of Authentication Technologies
Figure 11: Consumer Preference for Mobile Authentication
Figure 12: Comparison of WiFi and Cellular Access to the Internet
Figure 13: Smartphone Applications Offered by FIs
Figure 14: FIs’ Typical Behavioral System for Authentication
Figure 15: Diagram of Unique Device Attributes
Figure 16: Attributes Related to Network Authentication
Figure 17: TCP/IP Data From a Browser Without Privacy Control
Figure 18: TCP/IP Data From a Browser with Privacy Control
Figure 19: Spoofing TCP/IP Information
Figure 20: Simplified Proxy Scenario
Figure 21: Attributes Related to Software Authentication
Figure 22: Attributes Related to Hardware Authentication
Figure 23: Attributes Related to Location
Figure 24: Process for Thwarting Cybercriminals
Figure 25: Multiple Computers Logging into One Account
Figure 26: One PC and Multiple Accounts
Figure 27: Indicators of Possible Fraudulent Activity on an Account
Figure 28: Mobile Security Vendors’ Features

Note: Product cover images may vary from those shown
3 of 4

- 41st Parameter
- Mozilla
- Adobe
- Apple
- AT&T
- Skyhook
- Digital Resolve
- Sprint
- Google
- ThreatMetrix
- iovation
- T-Mobile
- Microsoft
- Verizon

Note: Product cover images may vary from those shown
4 of 4
Note: Product cover images may vary from those shown


  • Quick Help: The report will be emailed to you. The report is sent in PDF format. This is a single user license, allowing one specific user access to the product.


If you have a more general question about our products please try our



Our Clients

  • Synaptics Incorporated
  • Apple, Inc.
  • Nokia Oyj
  • Groupe Speciale Mobile Association
  • Mozilla Corporation
  • L.M. Ericsson Ltd.