A system and method that detects and mitigates zero-day exploits and other vulnerabilities by analyzing event logs and external databases, forcing reauthentication of at-risk and comprised systems and accounts during an identified threat or potential security risk.

A computer-implemented method for validating the origination of an incoming customer call on a wireless communication network may include receiving a SIP invite message at the wireless communication network when the call is initiated, determining whether the SIP invite message includes one or more indicators indicating that the call originated within the wireless communication network from a device with a SIM registered in the wireless communication network, and writing a classification code to a database indicating that the call is validated if the SIP invite message includes the one or more indicators. The method may further include receiving the call at an agent computer device with caller identification information, querying the database via the agent computer device according to the caller identification information to obtain the classification code of the customer call, and suppressing a step used for call authentication if the classification code indicates that the call is validated.

A system is provided that allows users to execute a secure transaction that is authenticated by their user device. Personally identifiable information (PII), such as, but not limited to, biometric authentication data, is locally stored on the user's device so as to protect the PII. A user device private key is associated with the particular user device and the user, and the corresponding public key is registered with a User Device Authentication Alliance server (UDAAS) system. In an online transaction, a LoginID server or an Access Control server interact with the UDAAS to confirm the user is authentic and has confirmed the transaction.

Various embodiments of the present technology use a combination of static and rotating access credentials to access target devices. Some embodiments start with a multi-factor authentication (MFA) token that can be used to log into the platform head-end. If approved, a landing page requesting login credentials can be presented to the user. The user can provide a username and password via landing page and select a PAM or CASB target. The system then issues a secondary access credential (e.g., a pin/token) that is unknown to the user and is placed into a vault. A dynamic credential can be dynamically generated at each request. The target device can use the static access credential from the vault and the dynamic access credential for access to the device. As such, even if the vault is comprised, the target device would be inaccessible without the dynamic token which constantly changing.

A system for verifying a user operating an Automated Teller Machine (ATM) receives a first image of the user from the ATM, captured by a camera associated with the ATM, when the ATM receives a transaction request. The system compares the first image of the user with a second image of the user stored in a user profile associated with the user. The system compares the first image of the user with the second image of the user. The system determines whether the first image of the user corresponds to the second image of the user. The system approves the transaction request if it is determined that the first image of the user corresponds to the second image of the user.

The techniques described herein related to methods, apparatuses, and computer readable media configured to provide automatic mitigation of security threats. The automatic mitigation includes monitoring network switch traffic that is associated with a port of the network switch, a MAC address of a connected device, or both. Based on a set of switch traffic rules, it is determined whether the network switch traffic is indicative of a potential network security threat. When is indicative of a potential network security threat, the network switch traffic associated with the port of the network switch, the MAC address of the device, or both, is restricted. Identification information for a user associated with the port of the network switch is provided to an authentication process that the user associated with the port may access. Upon receiving a valid authentication from the authentication process, derestricting the network switch traffic associated with the port.

In particular embodiments, a Cross-Border Visualization Generation System is configured to: (1) identify one or more data assets associated with a particular entity; (2) analyze the one or more data assets to identify one or more data elements stored in the identified one or more data assets; (3) define a plurality of physical locations and identify, for each of the identified one or more data assets, a respective particular physical location of the plurality of physical locations; (4) analyze the identified one or more data elements to determine one or more data transfers between the one or more data systems in different particular physical locations; (5) determine one or more regulations that relate to the one or more data transfers; and (6) generate a visual representation of the one or more data transfers based at least in part on the one or more regulations.

Embodiments of the present disclosure relate to utilizing an existing login process of a data repository to enable the data repository to delegate MFA functionality to an external MFA system. When a purported user attempts to log in to the data repository, a delegation module within the login process may insert a record into a table associated with the login process. A program executing on a security device external to the data repository may periodically poll the table for new records and upon detecting the new record, may call the external MFA system to verify the login attempt. The external MFA system may indicate to the program whether the login attempt was verified and the program may update the table with the indication. Upon detecting the indication, the delegation module may complete or terminate the login attempt based on the indication.

The present invention relates to a computer implemented financial management application which is installed in an electronic device and allows a customer to manage a complete financial portfolio easily and conveniently. The application allows users to view, track, allocate and communicate all financial assets across multiple accounts with any financial institution simultaneously in a single place to easily manage the total financial portfolio. The application accesses multiple financial platforms for simultaneous, real-time updates. The application uses two or more payment networks, debit networks, or a wire transfer of two or more financial institutions and/or insurance institutions to perform the transfer and allocation of funds. The application provides recommendations, graphs, and charts that summarize the financial portfolio and are updated in real time along with the asset allocation. The application provides for a two-factor authentication for logging in to the application.

A system for verifying a user operating an Automated Teller Machine (ATM) sends an authentication media item to a user device associated with the user when the ATM receives a transaction request. The system receives, from the ATM, a first image of the authentication media item when the authentication media item is presented to the ATM. The system compares the first image of the authentication media item with a second image of the authentication media item stored in a user profile associated with the user. The system extracts a first unique code from the first image of the authentication media item, and a second unique code from the second image of the authentication media item. The system determines whether the first unique code corresponds to the second unique code. The system approves the transaction request if it is determined that the first unique code corresponds to the second unique code.