How does JUNO use biometrics?
Biometrics once stolen cannot be altered because they are inherent to the user. Therefore, JUNO only leverages biometrics stored locally on the device and only for user convenience.
Does IDEE collect personally identifiable information?
IDEE does not collect any user information. Only a salted hash of the user email address is stored. Additionally, only the sorted hash of the answers to the security questions are stored.
What happens if IDEE’s servers are hacked?
IDEE cannot access any user credentials because the credentials are encrypted and the encryption key is stored on the user wearable. Credentials are only accessible by the user.
What happens if someone steals the JUNO wearable?
Once removed from the user, the JUNO wearable automatically shuts down. The JUNO wearable can only be activated by a pre-registered computer/handheld after it has been unlocked and the JUNO wearable is coupled to the user. JUNO provides true end-to-end multi-factor authentication.
Can the JUNO wearable be used to access my office door?
Yes. JUNO wearables support the high-frequency NFC standard used by card readers. Using this standard, JUNO wearables can be used to open doors or unlock any physical locks.
Bangladesh Central Bank
SWIFT messages that would have transferred $951 million were attempted; $81 million was successfully stolen.
Use of stolen credentials to gain access to the central bank network and install malware to intercept SWIFT messages.
JP Morgan Chase
Personally identifiable information of 83 million accounts were stolen. Stolen employee credentials were used to access over 90 servers while remaining undetected for months.
Private health information of more than 80 million members stolen. Stolen employee credentials were used to remained undetected for months and extract information.
Office of Personal Management U.S. Government
Background investigation applications of more than 21.5 million U.S. citizens and fingerprint records of 5.6 million U.S. citizens were stolen. Social engineering was used to steal credentials, which allowed undeterred access starting in March 2014.
Personally identifiable information for approximately 15 million T-Mobile customers was stolen from Experian servers. Compromised credentials were used to access an Experian server between September 2013 and September 2015.
EC Defines Strong Authentication
Strong Authentication means a procedure for the validation of the identification of a natural or legal person based on the use of two or more elements categorized as:
knowledge, possession, inherence.
These elements must be independent, in that the breach of one does not compromise the reliability of the others and is designed in such a way as to protect the confidentiality of the authentication data.
EU General Data Protection Regulation (GDPR)
Failure to report a breach, for an enterprise within 72 hours, can result in fines up to 4 % of annual worldwide revenue. Enterprises cannot report a breach within 72 hours, when stolen static passwords provide access to anyone.
EU-U.S. Privacy Shield
The EU GDPR applies to all companies providing services in the European Union; encryption is a minimum requirement and multi-factor authentication should be used to protect encryption keys.
European Central Bank
Cyber risk is among the top 5 priorities under the Single Supervisory Mechanism, which oversees banks in 19 countries. Low grades, in Supervisory Review & Evaluation Process, mandates changes and additional reporting.
European Banking Authority
Authentication method must be: “mutually independent… not reusable… non-replicable… and cannot be stolen off the internet.” Financial services companies are mandated to use multi-factor authentication.
U.K. Financial Conduct Authority Regulation
U.K. has adopted all the data protection requirements of the EU GDPR. EU GDPR has become a global standard, because it applies to anyone providing services to EU citizens.