The predictions came during comments following VeriSign’s third-quarter earnings were announced. The firm met its estimates, which were lowered following high subscriber churn in its UK ringtone business, but was bullish on the future.
VeriSign chief executive Stratton Sclavos told analysts that one growth area next year will be its authentication tokens business, barely a year old, which will move beyond enterprises and into the consumer space.
The amount of discussions we’re having about potential consumer deployments has probably escalated 5x in the last 60 to 90 days, he said. My bet is this materializes as pilots in the first half of next year and deployments in the second half.
Consumer banking will be the target vertical, because the US Federal Financial Institutions Examination Council recently issued security guidance for banks that offer internet banking services.
The FFIEC essentially came out and said single-factor authentication, a username/password logon, is not sufficient for systems where there’s a real risk of identity theft or just plain theft.
The agencies consider single-factor authentication, as the only control mechanism, to be inadequate in the case of high-risk transactions involving access to customer information or the movement of funds to other parties, the FFIEC said.
While the council did not endorse any particular technology, the choices it presented were something you have which means a token, or something you are which means biometrics, which is probably a bit unwieldy for consumer internet banking.
It’s being broadly interpreted as a new regulation, one which banks will have to fulfill by the end of 2006, and security companies are already all over it the same way they were HIPAA, Sarbanes-Oxley, and data security other regulations.
Sclavos said a route into this sector will be the VeriSign’s new relationship with eBay and its payments-processing subsidiary PayPal, under which eBay has agreed to deploy up to one million VeriSign tokens to its users.
A lot of the banks that fund those PayPal accounts very interested in how to potentially latch onto that, Sclavos said.
Sclavos said a lot of thought has already gone into the business model. He said consumer banking will be a very different model to two-factor authentication in the enterprise space.
We’re likely to not see the consumer paying for these services, he said. We’re likely to see it being subsidized and leveraging a network-like effect very much the way credit card and A card networks have come to allow sharing and subsidizing through multiple parties and through the same credentials.
He added: We have a very different idea about how this will roll out, and eBay and PayPal on board with us in terms of how to push that forwards.
The reference to credit cards seems to suggest smartcard-based tokens, but those have microchips in them and require hardware readers. A traditional one-time password token or a USB token seem like cheaper options.
While VeriSign is of course not the only company in the token space – RSA Security Inc is the market leader, and companies including Aladdin, ActivCard and Vasco also play there – it may have a couple of advantages if Sclavos’s model comes to fruition.
The company has been a leading proponent of standards in OTP tokens, which an ATM-style authentication network would surely require. But RSA is also pushing standards, some of which would arguably be more useful in this scenario.
VeriSign does have the distinct advantage of already specializing in running large networked authentication services, such as its SSL certificate authorities, which are the industry’s largest.
The company has also pushed for the overall cost of tokens to be lowered. Like most of RSA’s would-be usurpers, VeriSign has played the price card as it started carving out a piece of the market for itself.
Its activities in domain names, managed security, telecommunications and mobile content all contribute to its financials, and it has less of a worry about propping up token prices than its main competitor.
VeriSign yesterday reported third-quarter net income rose 10% to $44.6m, on revenue that was up 28% at $414.8m. The security and domains portion of the business accounted for about 43% of the total.
