Here's how it works. The bank customer activates a small, convenient app on their smartphone or PC and links it securely to their account using voice or SMS-based OOB authentication. Once this is done, the 2CHK app is "always on" and maintains a secure channel to Authentify's authentication service. The bank or ecommerce provider can then use this second channel and the 2CHK app to securely show customers the actual transaction details and let them approve or reject them.

The first key benefit is security. 2CHK complements online and mobile banking by providing a completely separate app and OOB channel that, due to layers of encryption, cannot be defeated by man-in-the-middle and man-in-the-browser attacks.

The second key benefit is convenience. Customers see transactions in the 2CHK app and can confirm or reject them easily. This contrasts with traditional OOB implementations that send a one-time password (OTP) number using a phone call or text message, which the customer then re-enters separately in the online or mobile bank app.

Authentify is targeting online banking and ecommerce providers as well as enterprise IT security applications with 2CHK. In the enterprise market, 2CHK enables businesses to more widely implement more effective security for logins, identity verification or digital signature without losing productivity or inconveniencing users.

The 2CHK transaction authentication service is available immediately worldwide and Authentify offers the service to customers for fixed annual subscription fees.

Authentify is already the global leader in telephone-based OOB authentication, a proven and effective countermeasure recommended by federal authorities, regulators and leading consulting firms. OOB authentication is used by banks, ecommerce providers and enterprises to protect customers or users against sophisticated man-in-the-middle and man-in-the-browser attacks used to steal login credentials or hijack online s sessions.

Authentify customers indicate that OOB authentication is a very valuable component of their authentication and risk management portfolio and they would like to do more of it. Authentify invented 2CHK to provide a mechanism to preserve the security/risk management value of OOB authentication without incurring variable transactional costs.

2CHK is the perfect complement to risk-based transaction systems because it is a true Web service (SaaS) and can be invoked with different levels of user interaction for different transaction types. The capability to add OOB safeguards within multiple layer security models fulfills industry best practices as recommended by the Federal Financial Institutions Examination Council (FFIEC), Gartner Research, Inc., the FBI, the U.S. Secret Service and NACHA—the organization responsible for clearing U.S. online and banking transactions.
"Out-of-Band or dedicated hardware-based transaction verification uses a different communication channel to verify the authenticity of a transaction request," said Avivah Litan, vice president and distinguished analyst at Gartner Research. "It is a valuable fraud prevention tool — as long as only the specific transaction verified or signed by the requesting user is executed (as opposed to a transaction that a criminal has overwritten with his or her own values)." [1]

"Our customers include some of the world's largest banks, ecommerce providers and enterprises and we have been engaged with them throughout our development of 2CHK. Their feedback indicates we have created a unique solution that sets a new standard for convenient and cost-effective transaction security," said Peter Tapling, Authentify president & CEO.