FOR IMMEDIATE RELEASE

TRICIPHER AND CYDELITY PARTNER TO DELIVER THE FIRST COMPREHENSIVE SOLUTION FOR FUTURE PROOF RISK BASED AUTHENTICATION

Joint Offering Allows Banks to Respond to Risk in Real Time to Meet FFIEC Requirements Without Disrupting The Online Experience

SAN MATEO, California—Feb. 14, 2006—TriCipher, Inc., a leading provider of Future Proof Risk Based Authentication solutions, and Cydelity, Inc., a provider of online risk based fraud detection, today announced a strategic partnership to deliver a highly secure authentication solution for financial institutions that adjusts authentication strength and verifies transactional integrity in real time.  Coupling the TriCipher Armored Credential System™ (TACS) with Cydelity’s fraud detection delivers a highly flexible, easy-to-manage infrastructure that supports a wide variety of multifactor authentication types fully integrated with back-end fraud detection.  The combined system exceeds FFIEC requirements and provides financial institutions with greatly enhanced security by preventing both fraudulent transactions and theft of identity data.  It is the only authentication solution that has the real-time capability to both adjust user credential strength based on information from back-end fraud detection analysis and report credential information to the fraud detection system in order to more accurately assess risk.

“When the user logs in, you may be fairly certain that this is really your user,” said Bob Ciccone, President and CEO of Cydelity.  “However, you need to be able to adjust your security based on transactional risk and behavior and take appropriate action depending on each individual user and transaction.  By partnering with TriCipher, the two companies are bringing to market the ability to adjust security and risk-mitigation in real time.”

As Cydelity scores transactions in real time, the scores are compared to thresholds set by the financial institution.  If a transaction appears sufficiently risky, TACS can invoke additional authentication steps. For example, a user logging in from an Internet kiosk overseas will have a different risk profile than when logging in from their PC at work.  TACS can provide very strong multifactor authentication from the work PC, making transactions less risky.  When the user logs in from the Internet kiosk, they use a lower security credential, which increases transaction risk.  Cydelity fraud detection takes these differences into account when scoring individual transactions.  Thus fewer transactions will require secondary authentication from the work PC vs. the Internet kiosk.  This allows the system to inconvenience fewer users and reduces false positives.

 “A comprehensive, risk-based authentication strategy means combining strong, “always-on” detection on the back end with effective multi-factor authentication on the front end,” said Avivah Litan, research vice president, Gartner Inc.  “Integrated solutions that allow banks to increase their security without inconveniencing customers makes a strong offering that banks should consider to protect their online services.”

With the need to comply with FFIEC guidance looming, banks have been torn between improving back-end detection and up-front authentication.  Many are choosing short-term “passive” authentication solutions, such as fraud detection, IP geolocation and device fingerprinting that are convenient but do not address significant security threats such as man-in-the middle phishing attacks that occur during user logon.  As threats and regulations continue to evolve, banks will need both a variety of multifactor authentication types and fraud detection to be able to react quickly.

Unlike other systems currently in the market, only TACS provides the Authentication Ladder, a variety of authentication strengths managed from a single system.  In addition, each credential type on the Ladder includes secondary authentication methods and the ability to log in using a backup method when their second factor is not available.  By integrating with Cydelity fraud detection, the strengths of these various methods can be taken into account when scoring individual transactions, and financial institutions can even specify the strength of authentication that would make a transaction allowable.

“Our vision has always been to make strong security convenient for users and affordable for companies,” said Ravi Ganesan, founder and CEO of TriCipher.  “By integrating with Cydelity, we’re able to adjust authentication strength based on real-time assessments of risk.  This not only saves end users from a lot of headaches but reduces the cost for companies by applying stronger security only where needed.”

About TriCipher, Inc.

TriCipher, Inc. provides Future Proof Risk Based Authentication. The TriCipher Armored Credential System™ (TACS) is the first authentication system that enables companies to deploy and manage multiple types of credentials from a single infrastructure.  Through this flexible "Authentication Ladder," TriCipher delivers future proof security - protecting your investment by enabling authentication strength to adjust in response to new threats and regulatory changes without the need to implement a new infrastructure.   In addition, TriCipher delivers risk based authentication - preventing online fraud through seamless integration with fraud detection systems, secondary authentication systems and the ability to enforce security software presence checks for malware protection. Founded in 2000, TriCipher is headquartered in San Mateo, California. The company was incubated as NSD Security before launching as a separate entity in 2005 with backing from ArrowPath Venture Capital, Intel Capital, Trident Capital, and Wasatch Venture Partners.

About Cydelity, Inc.

Cydelity’s real-time online fraud detection technology ensures complete web channel integrity – for every transaction and every user – providing financial institutions and their consumers protection from online fraud and sensitive data theft, while preserving convenience and high levels of customer experience.  Interoperable with any multi-factor authentication solution, Cydelity’s patent pending technology is deployed at leading financial institutions and service providers. Cydelity is headquartered in Santa Clara, CA. and is privately held.

TriCipher, Armored Credential, and Armored Credential System are either registered trademarks or trademarks of TriCipher, Inc. in the United States and/or other countries. Arxan and EnforcIT are either registered trademarks or trademarks of Arxan Technologies, Inc. in the United States and/or other countries. Cydelity is a trademark of Cydelity, Inc. in the United States and/or other countries.  All other trademarks are the property of their respective owners.

For more information, contact:

Elizabeth Safran
Trainer Communications
elizabeth@trainercomm.com 
(408) 920-0585

Sally Sheward
TriCipher, Inc.
sally@tricipher.com
(650) 372-1312