TriCipher Press Releases
"TOKENS ARE BROKEN AND PICTURES FADE," ACCORDING TO NEW
TRICIPHER CUSTOMER POLL
Vast majority of customers believes cookies and personal images used for online authentication are useless against sophisticated Web threats
LOS GATOS, CA – February 5, 2007 – TriCipher, a leading provider of unified authentication infrastructure solutions that protect the online channel against fraud and identity theft, today announced the results of a new customer survey administered at TriCipher’s Customer Advisory Forum held in Napa Valley, California in January 2007. Over three-quarters of TriCipher’s customers, hailing from premier state and national banks and financial services institutions, were polled on the state of current security solutions, issues impacting security strategies against an evolving regulatory landscape, and current and future plans for integrating an authentication platform with critical applications such as electronic payments and transactions.
Poll respondents uniformly agree on some of the most important security issues facing the industry today. Not only do most respondents feel that current security measures such as tokens and pictures are proving severely inadequate against Web threats, but they view compliance and restoring consumer confidence as critical drivers of security strategies. Another key finding is that the market is demanding SOA-based security infrastructures that are nimble and scalable to address evolving customer risk assessment needs.
Tokens Break, Cookies Crumble, Pictures Fade
The poll found that over three-quarters of respondents agree that existing and new web threats easily defeat the combination of cookies and pictures used for authentication, and that the threat landscape demands a strong authentication solution. Further, when asked to identify the threat that will most likely defeat cookies and personal images, the majority (43 percent) weighed in with Man-in-the-Middle attacks, closely followed by phishing and malware (19% each), pharming (14%), and Man-in-the-Browser attacks (5%). Although these results highlight the dire need among customers for stronger security measures, statistics bear out the fact that industry-wide adoption is nascent: virtually 100% of our network access today in the channel relies on obsolete methods of authentication such as tokens.
Embracing The Channel
Not surprisingly, the poll also shows that regulatory compliance (45%) is the primary driver of security strategies. However, over two-thirds of customers surveyed feel prepared for upcoming FFIEC Guidance Compliance audits, having deployed TriCipher’s authentication infrastructure. Beyond compliance, nearly one-third of respondents cite increasing consumer confidence as the reason for implementing a solid security strategy. These results corroborate industry evidence suggesting that, although meeting FFIEC compliance regulations is a key factor in implementing strong IT security solutions, enterprises are well aware of the need to restore customer confidence in the online channel, particularly regarding transactions and electronic payments. In fact, according to a recent Gartner report, almost nine million US adults have stopped using online banking, while another estimated 23.7 million won't even start because of fears over security.*
“Banks will continue to struggle to stay ahead of increasingly sophisticated online fraud techniques,” said George Tubin, senior analyst with TowerGroup. “Financial institutions are beginning to realize that this is not a single battle that's won by implementing a single defensive technology, but an ongoing war where each side eventually learns how to defeat the other's attack or defense methods. As such, a bank's online fraud detection and prevention methods must evolve as criminals introduce increasingly insidious fraud techniques."
What Lies Beneath: It’s All About the Infrastructure
The survey also reveals that every single respondent plans to integrate multiple online applications into a single authentication infrastructure. Nearly 70% of customer respondents, in fact, plan to integrate five or more applications, indicating a significant market need for a single authentication platform as an alternative to ‘point solutions’ that require additional IT time and management. More than 80% of respondents plan to integrate a fraud detection system with their authentication infrastructure.
TriCipher's standards-based solution can implement an authentication Web Service for SOA environments, lowering the costs associated with SOA projects and improving security with strong authentication. The platform also provides an adaptive solution to changing compliance requirements. This approach allows users to change authentication methods as the end-user authentication technologies evolve and enables integration with new applications through standard interfaces.
“As a compass for the industry, our customers unanimously agree that the market demands a strong authentication solution at every application level,” said Tim Renshaw, VP, Product at TriCipher. “As one-time passwords and tokens are rendered obsolete against evolving threats such as Man-in-the-Middle attacks, more customers will demand the kind of scalable, mutual authentication that easily integrates within SOA environments. Securing the online channel with our easy-to-deploy solutions represents a significant step towards restoring customer confidence in B2B and B2C Web transactions.”
About TriCipher, Inc
TriCipher, Inc. provides unified authentication infrastructures that protect the B2B and B2C online channel against fraud and identity theft. The TriCipher Armored Credential System™ (TACS) is the first authentication system that enables companies to deploy and manage multiple types of credentials from a single infrastructure. Through this flexible “Authentication Ladder,” TriCipher delivers future-proof security — protecting customers’ investment by enabling authentication strength to adjust in response to new threats and regulatory changes without the need to implement a new infrastructure. In addition, TriCipher delivers risk-based authentication, preventing online fraud through seamless integration with fraud detection systems, secondary authentication systems, and the ability to enforce security software presence checks for malware protection. Founded in 2000, TriCipher is headquartered in San Mateo, California. The company is backed by The Royal Bank of Canada, ArrowPath Venture Capital, Intel Capital, Trident Capital, and Wasatch Venture Partners. For more information, visit TriCipher on the web at www.tricipher.com.
*Gartner Group survey of 5000 online US adults in August 2006
