000031022 - Impact of Disabling Flash from Web Applications using Adaptive Authentication On-Prem (AAOP)

Document created by RSA Customer Support Employee on Jun 14, 2016
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000031022
Applies ToRSA Product Set: Adaptive Authentication (OnPrem)
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.x
 
IssueAAOP uses a Flash Shared Object (FSO) along with a Cookie to identify returning end users. Some organizations have made the decision to disable or not use flash in their web applications and want to know the impact.
ResolutionBased on feedback from RSA Engineering, you can inform the Customer of the following points:
FSO is one of the strong device identifiers used in the risk model and is known to have a positive contribution to the accuracy of the risk score and fraud detection rate. For customers sending both FSO and cookie, we see that FSO is more persistent which means it provides better indication than the regular cookie in identifying if the user is using the same device as used in the past. So, we do recommend customers to send FSO for web traffic.
For customers already using FSO, the impact of disabling it may cause spikes in challenge rates and may impact fraud detection rates.
NotesFSO is one of the strong device identifiers used in the risk model and is known to have a positive contribution to the accuracy of the risk score and fraud detection rate. For customers sending both FSO and cookie, we see that FSO is more persistent which means it provides better indication than the regular cookie in identifying if the user is using the same device as used in the past. So, we do recommend customers to send FSO for web traffic.
For customers already using FSO, the impact of disabling it may cause spikes in challenge rates and may impact fraud detection rates.

Attachments

    Outcomes