PassMark Security, a company set up by Bill Harris, former CEO of Intuit and PayPal, has introduced a new online authentication system designed to deter e-mail phishing scams.
The PassMark system relies on the exchange of personalised digital images between customer and bank Web site in advance of password entry. Since a fake Web site will not know the customer's PassMark, it's safe for the customer to enter his password. The same system can also be used to authenticate outgoing e-mail from the bank to the customer.
PassMark Security founder and chairman Harris says: "Phishing is a mass attack against millions of unsuspecting customers, so the solution has to be extremely simple for all Internet users to understand and use."
Harris says he uses a picture of his son as his own personal PassMark. "Research indicates that users remember their PassMarks after logging in just once or twice," he says. "People are visual - they forget names, but remember faces."
The FBI calls phishing "the hottest and most troubling new scam on the Internet". Phishing attacks have been launched against most of the major financial institutions and e-commerce sites around the globe. The Anti-Phishing Working Group reports that the number of phishing attacks increased by 50% between December and January, when an estimated 100 million scam e-mails were sent to Internet users.
Taher Elgamal, co-chairman and chief technology officer at Securify, describes PassMarks as a "brilliantly simple solution" to phishing.
"Hardening your web servers will not deter attacks against the customer such as phishing," he says. "PassMarks - because they are a customer-focused solution - are a clever and effective way to combat this increasingly prevalent problem."