Home News Covelight Systems and StrikeFo ...

News by WebKnowHow

Covelight Systems and StrikeForce Partner to Offer Risk-Based Authentication for Web Applications


Friday, June 23, 2006; 03:06 AM

StrikeForce Technologies, a leader in solutions that prevent identity theft, and Covelight Systems, an innovator of solutions for passive, real-time identity-based monitoring of Web applications to detect fraud and identity theft, today announced a strategic partnership that will deliver a comprehensive risk-based authentication solution to financial institutions by securing their Web applications without slowing down transactions for the end-user by only requiring multiple authentication when necessary during their online experience.

The integrated solution consists of the StrikeForce ProtectID and the Covelight Percept Web application fraud management system, which together provides a complete, easy-to-deploy solution that meets the FFIEC Guidance for online banking protection and delivers proven security to combat online threats to customer data. Combining authentication technology from StrikeForce and passive, real-time monitoring outside of the data stream from Covelight, financial institutions will be able to provide secure online banking experiences for their customers without degrading their transaction experience. With Covelight Percept in place, users will only have to go through additional authentication processes when Covelight Percept detects unusual or risky behavior. Benefits to financial institutions include:

  • Easy-to-deploy and maintain
  • Strong authentication with multiple layers and multi-factors
  • Device flexibility for financial institutions and their customers
  • Network-based fraud management not reliant on server logs or agents
  • Right-sized authentication based on real-time assessment of online user risk -- from the first click through final transaction
  • A fraud investigation platform, including a complete session audit trail attributed to the individual application users

StrikeForce Technologies' ProtectID multi-factor authentication platform offers third-party technology providers and banks the flexibility to select from numerous authentication methods, including cell phones, PDAs, soft and hard tokens, smartcards, and biometric devices. In the most common implementation, users answer an "Out-Of-Band" phone call and enter a PIN on the keypad of the phone to verify their identity and authorize each transaction. As an alternative or back up, StrikeForce can e-mail one-time passwords, or turn a PDA, blackberry, or computer into a one-time password generator, eliminating the need to carry or purchase new technology. By bundling multiple authentication methods together, ProtectID permits choice by consumers, reinforcing bank security policy while providing the type of redundancy banks expect of their operational systems.

"In response to the FFIEC Guidance, financial institutions are seeking to implement a simple, layered, user authentication experience," said StrikeForce CEO Mark Kay. "Through the integration with Percept, banks will be able to easily tie the user authentication to user behavior and dynamic events, providing the real-time solution that put consumers in control of their accounts and transactions while mitigating attacks and fraud."

Beginning with the initial access, through login and during the entire session, Percept monitors each user and their online patterns, and automatically builds behavioral profiles allowing real-time detection of suspicious or high-risk activity. In addition, Percept maintains detailed session and transaction logs and offers an incident investigation console to facilitate fraud case management and on-demand session audits.

The Covelight Percept Web application fraud management system incorporates network-based monitoring, multi-dimensional fraud detection and scoring to evaluate each user's session risk in real-time. If at any time during the user's session the Percept risk score exceeds a threshold, ProtectID will invoke the appropriate method of authentication.

"Covelight Percept is a proven fraud management solution that has been successfully deployed in leading financial institutions since 2004," said Covelight CEO Spencer Snedecor. "By integrating Percept with ProtectID, we are delivering a complete risk-based authentication solution for protecting their sensitive online customer base."



Related Resources

Other Resources