View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
March 1, 2006

RSA Cyota delivers layered online authentication system

RSA Security Inc has said it has completed some important integration work to more closely integrate the anti-fraud technology it acquired last year with its own systems, and which has resulted in a system that broadens authentication choices for banks wanting to deploy different levels of security to different online customer segments.

By CBR Staff Writer

RSA paid $145m for online anti-fraud products company Cyota Inc last year in a bid to accelerate its move into consumer identity protection services. Chris Young, ex head of security at AOL and the man who led the acquisition of Cyota, is now the general manager of the RSA Cyota Consumer Solutions arm.

The integration work has led to the development of an Adaptive Authentication scheme, which builds on the Cyota products and allows banks apply layers of online security.

These are founded on the use of a core risk engine that scans against IP address or a device fingerprint, or digital watermarks for reverse authentication. It then moves to the use of a collaborative, cross-bank eFraudNetwork to defend against phishing attempts, and on to using the business intelligence from that to build a risk-based authentication process which uses an appropriate form of authentication to control the access of users with different levels of risk.

The choices available go from authenticating users with a one-time password generated via an RSA SecurID hardware token, to a software token, a SMS text message, or to the use of secret life questions and out-of-band phone calls.

The Bedford, Massachusetts-based vendor points to a latent demand among financial services companies for security systems that supplement single-factor user-name and password-authentication processes.

In October 2005, the Federal Financial Institutions Examination Council of five US federal banking regulators said it considered single-factor authentication inadequate for online banking. It is now strongly recommending that all financial institutions adopt multiple-factor authentication, layered security, or other controls that strengthen the use of username and passwords for online banking and other web-based financial transactions.

The company said that as part of the integration, RSA Cyota has added a feature that allows financial institutions to shift between authentication methods and change the segmentation of their users based on some inbuilt profiling analytics of the product. The system can use what it knows about a user, the chosen access channel, the location of the access point, and proposed transaction type to apply an appropriate level of security using different methods of authentication. That choice is based on a risk profile generated by the Adaptive Authentication system.

Content from our partners
How Midsona accelerated efficiency and reduced costs with a modern ERP system
Streamlining your business with hybrid cloud
A hybrid strategy will help distributors execute a successful customer experience

RSA said that eTrade, the online banking and brokering business, is one of the first customers to use such a risk-based authentication systems, with the bank’s customers given a free or low-cost hardware token that generates a one-time password for them to securely access their accounts.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.