03:20 PM
Banks Benefit as Authentication Providers Duke It Out
Is emerging security threats cause confidence in online services to wane, financial services firms are searching for ways to restore users' faith. Rival providers of online authentication technology, RSA Security (Bedford, Mass.) and Vasco Data Security International (Belgium), are leveraging the opportunity to spread their technology across the globe.
RSA announced in January that Sumitomo Mitsui Banking Corp. (Tokyo) and its Japan Net Bank unit have selected the vendor's SecurID two-factor authentication technology to protect online banking customers against threats including fraud and phishing. Japan Net Bank, which launched in 2000 as an online financial institution, is deploying RSA SecurID tokens to more than 1 million online banking customers. Sumitomo Mitsui, meanwhile, has deployed SecurID as part of the bank's One's Direct Internet banking service, which has more than 6 million users.
As RSA spreads to the Far East, Vasco's sights are set on the North American market now dominated by RSA. Vasco announced that it has delivered 20 million Digipass token authentication devices, with 7 million of those sales coming in 2005. While Europe is Vasco's largest market, the Americas and Asia are the fastest growing.
In January, Vasco introduced its Digipass 860, an authentication device that plugs into a USB port. The 860, developed in conjunction with Italian security device maker Eutron Infosecurity Srl and scheduled to ship by June, can be used to provide secure remote LAN log-in and for public key infrastructure, or PKI, authentication.
Vasco also recently introduced its Digipass 300 Comfort Voice device for the blind and visually impaired. The 300 Comfort Voice features extra-large buttons and LCD display, and has a speech component that can audibly read authentication codes to the user in a variety of languages.
A Little Guidance Goes a Long Way
A major development pushing the growth of two-factor authentication technologywhich requires users to input a password or PIN that they create for themselves and one they are assigned randomly through a token deviceis the Federal Financial Institutions Examination Council's publication last October of recommendations to improve security in online banking. The FFIEC recommends that financial services companies create two-factor authentication for online applications.
Both Sovereign Bank (Wyomissing, Pa.) and LaSalle Bank Corp. (Chicago), a subsidiary of Netherlands-based ABN AMRO Bank, are Vasco clients looking closely at the FFIEC guidelines. ABN Amro is treating the FFIEC guidelines as though they were regulations, according to John Scully, first VP of electronic banking products for ABN Amro, who spoke at a Vasco-sponsored event in New York in January. LaSalle Bank has been using Vasco Digipass token technology for the past seven years to provide customers with authentication when performing sensitive online transactions, such as wire transfers and stop payments. "Tokens are extremely portable, easy to use and their life expectancy is more than seven years," Scully said. LaSalle also uses RSA SecurID tokens.
Speaking at the same event, Leonard Goodman, SVP and product management director of Sovereign's global solutions group, said, "We have a project to evaluate our different online services, what the risks are and what security needs to be implemented as a result of the guidelines." Since 2003, Sovereign Bank has been using Vasco Digipass tokens to provide 2,500 of its 12,500 corporate customers with authentication security during wire transfer online payments, which totaled $60.4 billion in 2005. One reason customers like tokens is because they are a physical representation of digital security, Goodman said.
Broadband and cheap PCs have primed users to take advantage of a wide variety of online services, in particular online banking, according to Vasco chairman and CEO Ken Hunt. But the growth of online services is not a given. "We can't allow security problems to undermine trust," Hunt said at the company's event. "And banking is all about trust." --Larry Greenemeier, InformationWeek
Courtesy of InformationWeek, a CMP Media property.