Advanced Payment Solutions (APS), the United Kingdom's leading provider of general-purpose prepaid cards and payment solutions, and TriCipher, Inc., a leading innovator of strong authentication for the real world have announced APS will be using TriCipher's patented authentication technology to secure the infrastructure for issuing, reloading and redeeming its new stored value cards.
APS chose the TriCipher Armored Credential System (TACS) to balance security, cost and usability across different user groups - such as customer service reps, consumers, and merchants - from a single infrastructure.
"We are leading a new financial services market in the United Kingdom, serving several million consumers who don't have a credit card or banking account but to buy goods and services over the Internet and phone and to have an alternative to cash," said Rich Wagner, CEO and founder of APS. "Since prepaid cards are new to British consumers, our product has to match maximum security with user friendliness. TriCipher gives us the many authentication types we demand, on a single infrastructure, meeting our needs for maximum security and great customer service."
In September, APS launched the cashplus prepaid MasterCard card, one of the first general use prepaid products available to UK consumers. APS selected TACS to secure critical elements of processing transactions of the chip and PIN-enabled cards. TriCipher's "Authentication Ladder" offers multiple strengths of credentials from a single infrastructure, and will secure multiple internal, retail and consumer users for APS. This single infrastructure enables APS to increase the functionality offered to certain users and is far more affordable than other authentication options, providing APS with a highly affordable, flexible, easily scalable authentication infrastructure. APS will be using a combination of zero footprint, Device 2 Factor and Portable 2 Factor credentials.
"Innovative security technology can make or break new initiatives that require users to interact with the Internet, particularly in an age when financial institutions are more accountable than ever," said Jim Jones, APS's chairman of the board. "Our turnkey services depend on our ability to deliver the level of security that allows us to create and maintain trust with our customer base, and TriCipher's innovative strong authentication system helps us do that."
"Complexity and cost have long been the two formidable barriers to successful authentication deployments in the financial services sector," said TriCipher CEO Ravi Ganesan, who formerly served as vice chairman of CheckFree Corporation. "We worked with APS to develop a cost-effective, easily managed solution that enables them to drive a new market for stored value cards in the UK."
TriCipher and Authentify, Inc., the leader in telephone-based identity management solutions, at the American Banker ID Theft and Fraud Symposium also announced today an alliance to establish stronger security for online services.
By integrating the TriCipher Armored Credential System (TACS) solution with the Authentify service, the companies will create the first integrated authentication solution that combines the ability to issue multiple credential types from a single infrastructure with secure, voice-based authentication. The integrated solution is expected to be available in the fourth quarter of 2005.
"User identity proofing is essential," noted Mark Diodati analyst, Identity and Privacy Strategies, Burton Group. "Without it, organizations cannot have confidence that legitimate users are accessing their sensitive systems. Out of band and layered authentication mechanisms can provide excellent proofing for an authentication system. These mechanisms can also improve the end users' experience."
Online fraud costs financial services companies more than $1 billion annually and erodes consumer confidence in online services. To address these issues, organizations must not only be able to prevent thieves from gaining access to systems but also have the ability to double-check user identity for high-risk transactions. TACS helps prevent credential theft and the use of stolen credentials by using multi-part credentials and matching authentication strength to risk for different user groups. With the addition of Authentify to the TACS solution, organizations will be able to distribute activation codes to users quickly and securely, as well as provide secondary voice-based authentication for high-risk or suspicious transactions.
"We are very pleased to partner with the leader in telephone-based identity," said Ravi Ganesan, CEO of TriCipher. "TriCipher and Authentify together provide a strong solution to help prevent thieves from gaining access to online services. In addition, our combined solution offers financial services companies a variety of options for secondary authentication during high-risk or potentially fraudulent transactions."
"This combined solution is a big step forward in protecting online services," added Peter Tapling, CEO of Authentify. "It's all about keeping the bad guys out in the first place."
Seperately, TriCipher today announced a solution for the financial services industry to prevent online fraud based on the company's TriCipher Armored Credential System (TACS).
Existing fraud detection solutions are designed to detect thieves after they already have access to sensitive systems and data. TriCipher's online fraud solution is designed to help prevent this access in the first place by providing flexible strong authentication coupled with malware protection, voice and knowledge-based authentication and identity data security.
"We're leading a new market for prepaid cash cards in the United Kingdom, serving a mass consumer market which requires an alternative to cash in order to buy goods and services online," said Rich Wagner, CEO and founder of APS. "Since prepaid cards are new to British consumers, user-friendly security must be built into the fabric of our offerings. TriCipher gives us the ability to readily deploy and centrally manage the many authentication types we require, meeting our needs for maximum security, usability, and online fraud protection."
Expanded TACS Online Fraud Functionality
The enhanced solution adds a new optional check that helps prevent keystroke loggers, Trojans and other malware from successfully stealing credential information, voice-based authentication and knowledge-based authentication (secret Q&A). The TACS Client Health Check leverages the presence of various types of existing end point protection systems, to strengthen the quality of authentication. Not only does the on-line service strongly authenticate the user at first access, the organization has the option to perform secondary authentication through Q&A or out voice if a transaction looks suspicious. TriCipher's enhanced solution provides multi-faceted protection against identity thieves attempting to gain access to online financial services and has the flexibility to increase authentication strength over the long term to protect against new attacks or comply with new regulations.
The TriCipher Authentication Ladder
With domain expertise built on a history of successful deployments in banks and other financial institutions worldwide, TACS is the first strong authentication solution that allows multiple levels of credentials to be managed from a single infrastructure. The TriCipher Authentication Ladder provides a comprehensive set of multi-factor credential options and a secure ID Vault to store sensitive identity data.
The credentials on the TACS Authentication Ladder secure a wide set of consumer and commercial online transactions, enabling fincial services firms to balance authentication security, cost and ease of use across a wide range of user needs. Since all credential types are issued from one system, financial institutions can easily step users up the ladder between credential types in order to respond to new threats or launch new services. In addition, TACS can be layered onto existing one time password, smart card and other deployments providing additional security and ease of management.
TriCipher's Authentication Ladder options include:
- Armored Passwords: A zero-client solution that allows for simple, memorable passwords. By removing the requirement for a master password file on the backend, armored passwords remove the vulnerability to dictionary attacks.
- Browser 2 Factor: Mitigates phishing attacks without the need for client software, making it a manageable, easy to implement form of strong authentication ideal for securing large consumer populations. Browser 2 factor ties the user's account to a second factor encrypted in a cookie. Using this type of credential, the web application authenticates itself visually to the user, enhancing the perception of security.
- Device 2 Factor: Part of the credential is stored securely on the PC, delivering highly affordable 2 Factor authentication that does not require the user to manage a separate hardware token. Device 2 Factor requires a small client side driver, the TACS ID Tool, which can also check for endpoint security software. This helps protect against credential theft.
- Portable 2 Factor: Any generic portable storage media, such as USB memory sticks or MP3 players can be the second factor. The user can choose something they carry anyway, such as an iPod or a cell phone. The TACS ID Tool is required for this type of credential and can perform the optional endpoint security software presence check.
- Armored Token 2 Factor: Provides man in the middle protection for one-time password tokens. Also allows the organization to maximize existing investments in one time password tokens by managing the use multiple types of one time password tokens without complexity at the web application. The TACS ID Tool is required and can perform an optional endpoint security software presence check.
- Smart Card 2 Factor: TACS can accelerate smart card deployments by providing an easier way to manage credentials. This type of credential requires the TACS ID Tool in addition to the smart card driver, and can perform an optional endpoint security software presence check.
- 3 Factor: Use any combination of factors, such a PC 2 Factor plus portable 2 Factor, to create ultra-secure 3 factor credentials. The TACS ID Tool can also perform security software presence checks for this type of credential.
All of the above credential types can take advantage of secondary authentication steps where desired. Secondary authentication can be invoked should the endpoint security software presence check fail, the user requests a high-risk transaction or other events occur that the organization deems suspicious.
TACS also includes a FIPS 140-1 Level 2 rated ID Vault to provide secure storage for sensitive identity data, credit card numbers and encryption keys. The ID Vault helps protect against unauthorized access to this data, whether stored in the ID Vault of encrypted in place in a separate database.
"Our online fraud protection solution is designed for the needs of online business and consumer financial services," said Ravi Ganesan, CEO, TriCipher. "Detecting potential fraud after the thief has already gained access to a bank account catches some fraud, but preventing access in the first place is a much more important protection. By combining a variety of strong authentication options, the ability to securely store identity data, checks for security software and secondary authentication options, we've put together a comprehensive solution to keep thieves out."