Vast Majority of Customers Believes Cookies and Personal Images Used for
Online Authentication are Useless Against Sophisticated Web Threats
SAN MATEO, Calif., Feb. 5 /PRNewswire/ -- TriCipher, a leading provider
of unified authentication infrastructure solutions that protect the online
channel against fraud and identity theft, today announced the results of a
new customer survey administered at TriCipher's Customer Advisory Forum
held in Napa Valley, California in January 2007. Over three-quarters of
TriCipher's customers, hailing from premier state and national banks and
financial services institutions, were polled on the state of current
security solutions, issues impacting security strategies against an
evolving regulatory landscape, and current and future plans for integrating
an authentication platform with critical applications such as electronic
payments and transactions.
Poll respondents uniformly agree on some of the most important security
issues facing the industry today. Not only do most respondents feel that
current security measures such as tokens and pictures are proving severely
inadequate against Web threats, but they view compliance and restoring
consumer confidence as critical drivers of security strategies. Another key
finding is that the market is demanding SOA-based security infrastructures
that are nimble and scalable to address evolving customer risk assessment
needs.
Tokens Break, Cookies Crumble, Pictures Fade
The poll found that over three-quarters of respondents agree that
existing and new web threats easily defeat the combination of cookies and
pictures used for authentication, and that the threat landscape demands a
strong authentication solution. Further, when asked to identify the threat
that will most likely defeat cookies and personal images, the majority (43
percent) weighed in with Man-in-the-Middle attacks, closely followed by
phishing and malware (19% each), pharming (14%), and Man-in-the-Browser
attacks (5%). Although these results highlight the dire need among
customers for stronger security measures, statistics bear out the fact that
industry-wide adoption is nascent: virtually 100% of our network access
today in the channel relies on obsolete methods of authentication such as
tokens.
Embracing The Channel
Not surprisingly, the poll also shows that regulatory compliance (45%)
is the primary driver of security strategies. However, over two-thirds of
customers surveyed feel prepared for upcoming FFIEC Guidance Compliance
audits, having deployed TriCipher's authentication infrastructure. Beyond
compliance, nearly one-third of respondents cite increasing consumer
confidence as the reason for implementing a solid security strategy. These
results corroborate industry evidence suggesting that, although meeting
FFIEC compliance regulations is a key factor in implementing strong IT
security solutions, enterprises are well aware of the need to restore
customer confidence in the online channel, particularly regarding
transactions and electronic payments. In fact, according to a recent
Gartner report, almost nine million US adults have stopped using online
banking, while another estimated 23.7 million won't even start because of
fears over security.*
"Banks will continue to struggle to stay ahead of increasingly
sophisticated online fraud techniques," said George Tubin, senior analyst
with TowerGroup. "Financial institutions are beginning to realize that this
is not a single battle that's won by implementing a single defensive
technology, but an ongoing war where each side eventually learns how to
defeat the other's attack or defense methods. As such, a bank's online
fraud detection and prevention methods must evolve as criminals introduce
increasingly insidious fraud techniques."
What Lies Beneath: It's All About the Infrastructure
The survey also reveals that every single respondent plans to integrate
multiple online applications into a single authentication infrastructure.
Nearly 70% of customer respondents, in fact, plan to integrate five or more
applications, indicating a significant market need for a single
authentication platform as an alternative to 'point solutions' that require
additional IT time and management. More than 80% of respondents plan to
integrate a fraud detection system with their authentication
infrastructure.
TriCipher's standards-based solution can implement an authentication
Web Service for SOA environments, lowering the costs associated with SOA
projects and improving security with strong authentication. The platform
also provides an adaptive solution to changing compliance requirements.
This approach allows users to change authentication methods as the end-user
authentication technologies evolve and enables integration with new
applications through standard interfaces.
"As a compass for the industry, our customers unanimously agree that
the market demands a strong authentication solution at every application
level," said Tim Renshaw, VP, Product at TriCipher. "As one-time passwords
and tokens are rendered obsolete against evolving threats such as
Man-in-the-Middle attacks, more customers will demand the kind of scalable,
mutual authentication that easily integrates within SOA environments.
Securing the online channel with our easy-to-deploy solutions represents a
significant step towards restoring customer confidence in B2B and B2C Web
transactions."
About TriCipher, Inc.
TriCipher, Inc. provides unified authentication infrastructures that
protect the B2B and B2C online channel against fraud and identity theft.
The TriCipher Armored Credential System(TM) (TACS) is the first
authentication system that enables companies to deploy and manage multiple
types of credentials from a single infrastructure. Through this flexible
"Authentication Ladder," TriCipher delivers future-proof security --
protecting customers' investment by enabling authentication strength to
adjust in response to new threats and regulatory changes without the need
to implement a new infrastructure. In addition, TriCipher delivers
risk-based authentication, preventing online fraud through seamless
integration with fraud detection systems, secondary authentication systems,
and the ability to enforce security software presence checks for malware
protection. Founded in 2000, TriCipher is headquartered in San Mateo,
California. The company is backed by The Royal Bank of Canada, ArrowPath
Venture Capital, Intel Capital, Trident Capital, and Wasatch Venture
Partners. For more information, visit TriCipher on the web at
http://www.tricipher.com .
*Gartner Group survey of 5000 online US adults in August 2006
SOURCE TriCipher, Inc.
 back to top
Related links:
http://www.tricipher.com/
CONTACT:
Eileen Leveckis of Trainer Communications,
+1-415-819-4232, for TriCipher; or Jon Brody, VP of Marketing of
TriCipher, +1-202-641-6336
|
