Stop social engineering attacks against your service desk with FastPass Identity Verification solutions
Hackers impersonate real users' identities to get a password from the service desk
FastPass Identity Verification Manager (IVM) controls the Help Desk's identity verification of the user's identity through a dynamic and secure workflow.
Perfect for identity verification solution for password reset
Hackers use social engineering methods to con the service desk supporters to issue passwords for real users. Hackers can’t fool FastPass Identity Verification Manager to trust anything but facts. Give control to FastPass and stop the hackers!
IVM controls the entire identity verification process, to know your customer more. Instructing the service desk supporter what questions and tests to do depending on the user’s security profile. Remove the Service Desk privileged password. Trusted identity verification can be implemented fast based on FastPass templates.
Contact FastPassCorp to discuss solutions to your situation
The IVM Process
When a user calls the service desk to get a password reset then the service desk supporter uses IVM to verify the identity of the caller.
For each correct or trustworthy answer, IVM credits point to the call. When enough points have been reached, then IVM will release a new password, to be passed on to the user.
To reduce the risk of identity fraud all information related to the user will be logged for monitoring and analysis in our user verification solutions. All details can be configured individually for the verification steps to fit the organization’s data and infrastructure and security policies.
IVM Features
Management Approved Process
Identity Verification Manager can be configured individually to the organization’s security requirements. Improve user experience in the identity verification process
Different identity verification processes for different groups
IVM can provide an unlimited number of different processes linked to user groups and you don't even have to compromise on user experience to maintain system integrity
Identity Verification options
IVM can use many different tests to verify the identity of the person such as secret personal information, company information, contextual & dynamic info, tokens & more
Delivering passwords to the user
Can be delivered over the phone or to the user via SMS or private e-mail
Monitoring
Every step of the process is logged and available for monitoring and reporting to protect the users
Integration to ITSM tools
Identity verification manager can be integrated into most modern ITSM tools, so the service desk agent sees IVM as a natural, integrated tools of the different services they provide to users
IVM Implementation
To achieve rapid results, IVM is delivered with templates that can be used as basic processes immediately. They correspond to a simple process, an average process, and a heavily secure process to protect its users from a wide range of identity fraud.
The templates can then gradually be altered or new ones can be added, as the service desk and IT security agree that adjustments need to be made.
This means that IVM can be installed and implemented very quickly.
The FastPass Identity Verification Manager suite currently covers
- FastPass Self-Service Password Reset (SSPR)
- FastPass Identity Verification Manager (IVM)
Identity verification benefits from the data and components of SSPR, so we recommend a combined solution.
Identity verification manager increases security and reduces the risks of social engineering, while SSPR delivers productivity and efficiency for both users and the service desk.
The combination of SSPR and IVM is a security solution with a strong business case.
IVM Functional Details
Identity Verification Manager controls the verification process – the service desk supporter assists IVM. This is crucial to prevent skilled hackers with good social engineering techniques take control via the supporter. See table below.
| - | Identity Verification Manager |
|---|---|
| Workflow per-user group | YES |
| Workflow per operator-user group | YES |
| Transfer call to other agent | YES |
| Standard templates | YES |
| Access to user secrets | YES |
| Hide user secrets | YES |
| SMS for verification | YES |
| Other Token types - Email, TOTP, etc. | YES |
| Manager approval | YES |
| Match PC-identity to user's PC(s) | YES |
| Check user's geo-location | YES |
| Check user's login pattern | YES |
| Check user's logon time | YES |
| Check user's failed logon time | YES |
| - | Identity Verification Manager |
|---|---|
| Check user's last password change time | YES |
| Define proofing process | YES |
| Check user's last Self-service operation | YES |
| Check user's last IVM call | YES |
| Check user's lock time | YES |
| Check user's expiry date | YES |
| Check user's manager data | YES |
| Mandatory elements | YES |
| Render password to user | YES |
| Integrate to ITSM | YES |
| Check user's data in external system | YES |
| Warn operator of possible fraud calls | YES |
| Automatic logging of all proofing | YES |
FastPass is Technology Partner with ServiceNow
FastPassCorp offers a secure and forced workflow certified by ServiceNow. The integration is available from the ServiceNow Store.
Frequently Asked Questions
In situations where it is important to verify user identity of a person phoning in. Service desk supporters have lots of situations where they need to know for sure, who they are giving service. Rendering a password to the wrong person might be a disaster. Staff in HR and Finance have the same need for secure verification of employees.
Even the best staff can be manipulated by a good social engineer to help and deviate from the procedures.
The most important and secure elements in IVM are the Dynamic and Contextual tests. Even though the user is not logged in – IVM gets information from the workstation, and then knows if this is the user’s own PC or not. We can see the geo-location and we can see if she is asking at her normal workhours. This
is close to impossible for a hacker to produce. IVM tests for a multitude of tokens – and the hacker can’t prepare.
Yes.
Yes. However some verification tests are only available when SSPR is implemented.
Yes – but the supporter will not notice it. IVM can be integrated seamless with the ITSM tool, so the supporter will not see or know when the process switches to IVM and back to ITSM.
Using the IVM template it can be done fairly quick. Some organizations will however make their own verification process and even different processes for different groups and then it will take more time. Please see the IVM Implementation guide.
Technical implementation can be done in a day. Using FastPass templates then organizational implementation can be done fast too: Less than a week. When the customer wants to design an individual workflow then the decision process will take time. The technical implementation is relatively short.
With FastPass a POC can be up and running within a day. With additional target systems (SAP/Oracle etc.) expect to add some more days.
IVM integrates based on ticket-number and returns status to ITSM system. Easy integration with most major ITSM systems.
With IVM data from back-office systems can be utilized easily through either AD, direct insert into the FastPass database, or from specific database tables.
FastPass V4 has been penetration tested by Backbone Security.com Inc. - 811 Ann St. Stroudsburg PA 18360
The IVM client is in responsive design and works with Major browser versions (e.g. Chrome / Edge).
IVM is only used by administrators and supporters and the language is in English. Questions for user verification can be translated to local languages. Labels/Buttons etc. will be localized in late 2021.
Notifications can be setup to notify on unusual number of access from individual users having multiple failed attempts.
Has been tested with 100,000+ users.
The FastPass solution is available for on-premise as well as for FastPass Cloud. Service Providers can operate their own multi-tenant cloud solution.
IVM knows what PC the user normally uses and will flag if the user comes from a new device. Location- based information is planned for release in early 2022 it will also learn the user’s normal behavior and use it as a baseline.
With IVM, users don’t have to be enrolled. Enrolling users will however increase the number of verification tests and the quality. Users already being enrolled in an earlier version will immediately be able to benefit from the Enrollment.
If we want to take human error out of identity verification solutions, we must have an IT workflow controlling the agent. The process must be designed according to security specifications from IT security. There should be different processes for user groups with different security profiles. The tests must include many different items: data, tokens, and even manager approval, where needed.
The password reset process at the service desk can be an excellent industry-leading gateway for hackers to breach IT systems.
Learn more about how IVM can help your organization
Get in touch with us today by filling up the form and our team will get back to you as soon as possible.