Cydelity, Inc., today announced the commercial availability of eSentry, a comprehensive online banking services protection solution that provides financial institutions with the business intelligence and technology they need to instantly and effectively identify and prevent online fraud.
Delivering real time transaction monitoring, sophisticated fraud detection and management, and risk based intelligence in one economical, easy-to-operate package, eSentry goes beyond transaction anomaly detection to complement and extend the protection offered by multi-factor authentication systems. The first solution to provide end-to-end monitoring and protection of a user's entire online banking session, eSentry's unique scenario-based incident views take the guess work out of understanding how attacks occur and what the ramifications are to account holders.
"Through our work with Cydelity, we now understand how fraudsters are targeting our online services," said Matt Speare, CISO, M&T Bank. "eSentry's powerful visibility tools translate events into a business context, saving us from chasing after false positives and dramatically reducing the time it takes to investigate and resolve incidents. We now have the ability to safeguard an individual user's every interaction with our online banking services and apply authentication where and when we need to."
eSentry's risk based progressive scoring system tracks all authorized and unauthorized activity from point of arrival at a banking web site to point of departure. All activity monitored by eSentry is aggregated into end-to-end incidents tying all suspicious activity such as identification information, tampering attempts, and service breaches along with fraudulent transactions into a holistic, actionable view.
eSentry is completely non-intrusive to both banking consumers and IT and network operations, and is immediately effective, eliminating the need for long "learning" cycles. Financial institutions seeking a rapid path to meet pending FFIEC guideline deadlines can quickly benefit from eSentry's all-in-one approach, which is easy to own and operate and requires no specialized skill sets or constant tuning. eSentry's approach to providing scenario based incident views reduces investigation and resolution times from hours and days to minutes.
"Our members have unique needs and interaction patterns with our online banking services, said Tom Giangreco, Information Security Officer, OCTFCU. "We used eSentry to create and assign risk values for various transactions types and incorporated our access and threshold policies to its scoring and notification systems. Not only did that provide us with complete, unobtrusive control at an individualized level, it did so in a highly cost effective manner by enabling us to kill two birds with one stone: provide real time channel monitoring and risk-based protection."
The eSentry Solution Offering
eSentry provides complete risk based transactional protection for both consumer and commercial online banking applications, including - bill pay, cash management, account management, payments and transfers. Requiring no changes to underlying infrastructure, Cydelity's solution is invisible to users as it monitors, detects and protects every aspect of online channel activity against fraud. Key features include:
- Sophisticated Fraud Detection for Every User and Every Transaction. eSentry silently "chaperones" each and every visit and interaction, tracking user activity during the entire session. All activity - from the point of user access, through login, and all interactions with online banking services such as account maintenance, statement lookup, bill pay, payments, and transfers - is tracked as actual business processes through eSentry's unique mapping and sessionization capabilities and is scored in real time, providing visibility and alerts on suspicious activity as it occurs.
- In Depth Fraud Incident Management. eSentry's policy-based response engine allows financial institutions to apply their specific risk and operational policies to incident alerting and remediation. In addition, eSentry aggregates all of the information associated with suspicious activity, providing a complete scenario-based view of each incident highlighting the source, nature and sequence of each activity with links to associated historical information. Roles based views, dashboards, notification, and reporting deliver critical data in the appropriate capacity for all online stakeholders - Information Security, Fraud and Risk Management, and Internet channel delivery.
- Virtual Fingerprinting: eSentry builds a virtual "fingerprint" from the moment a user first accesses online banking services - evaluating browser, location, and access characteristics, along with patterns of log-in behavior that are dynamically updated with each subsequent visit. With a built in watch list capability financial institutions can specify acceptable and unacceptable source characteristics such as geo locations, individual IP addresses, and address blocks.
- Integration with Multi-Factor Authentication. eSentry provides real time behavioral risk based intelligence and scoring to any multi-factor authentication system so that intervention and additional authentication can be served automatically based on individual user, transaction risk, and transaction type.
- Dynamic Profiling. eSentry features behavioral profiling for each and every online banking user, dynamically developing individualized behavior profiles that are constantly evaluated against an extensive array of fraud patterns and indicators.
- Powerful Investigation Capabilities. In addition to a rich incident management system, eSentry includes powerful, yet easy-to-use data mining tools that provide granular detail on all incidents and creates activity maps that draw a line of sight between individual breaches, fraud attempts, site wide surveillance and fraud lead up activities.
eSentry is available in three implementation configurations:
- "Silent Factor" mode - Passively monitors and alerts on all activity in
accordance with the unique response policies and risk assignments of individual financial institutions. This mode uses virtual fingerprinting to provide real-time second factor authentication, and aggregates all activity into end-to-end incidents.
- "Final Factor" mode - Works in conjunction with third party authentication systems to provide real time, transactional risk based intelligence to authentication systems. This allows financial institutions to apply discrete authentication for individual transactions, individual users or user segments
- "Live Guard" mode - Interacts directly with online banking applications, providing real time, individualized, behavioral and transaction risk analysis as well as the ability to prevent fraudulent activity based on remediation and risk policy.
"Everyone's been focused on putting a strong "lock on the front door" of the online channel," said Bob Ciccone, CEO, Cydelity. "But once someone is "in the house," simply knowing something happened isn't enough. You need context - what was that suspicious IP address doing or trying to do? How did that money get moved, where did it go, and who did it? Our mission was to resolve this chronic "black hole" of information by delivering referential and contextual intelligence. This provides financial institutions with a complete, actionable picture of precisely what is going on in their online channel, empowering them to respond effectively to each incident and provide complete protection for their online customers."