Corillian Intelligent Authentication enables financial institutions to meet the new Federal Financial Institutions Examination Council's (FFIEC) guidance for delivering strong authentication solutions by year-end 2006.

University of Wisconsin Credit Union (UWCU), an $800 million credit union based in Madison, Wis., will be the first financial institution to implement the solution to help protect the financial assets of its more than 100,000 members. UWCU plans to deploy Corillian Intelligent Authentication later this year as part of an initiative to enhance its online banking security services. UWCU is also evaluating the Corillian Fraud Detection System (CFDS), a web-log analysis and behavior-based reporting system that has been proven to proactively combat phishing and other fraudulent behavior, as part of an overall fraud prevention strategy.

"With the rise in phishing attacks and other online fraudulent activities in the industry, we have been looking for ways to strengthen our capabilities in the area of proactively detecting and preventing online attacks on our members' accounts," said Eric Bangerter, director of Internet Services at UWCU. "Corillian's Intelligent Authentication will help us more effectively monitor online activities within our online banking system and help us prevent incidents from happening to our members - giving us and our members the greater peace of mind we've been looking for in online banking."

Intelligent Authentication is a consumer-friendly method of strong authentication that examines the access behavior of visitors to a Web site and determines when it is necessary to block or challenge suspicious visitors. It builds a history of "access signatures" for individual users by automatically collecting and validating information about each user's computer and method of Web site access, leveraging a variety of identification points including IP address, Internet service provider, PC and browser settings, time of day and geographic location, which is powered by Quova's industry-leading geolocation data. The access signature is carefully constructed in such as way as to avoid collecting any personally-identifiable information, without requiring any action on the part of the end user. Using these access signatures, Intelligent Authentication is able to recognize when the site-access characteristics of a visitor do not match the account holder's normal access characteristics and can then challenge the user with one or more security questions to verify his or her identity. Intelligent Authentication is a flexible authentication platform that can be extended to incorporate other forms of in-band and out-of-band challenges. It strengthens a Web site's existing authentication mechanisms with additional layers of protection.

According to TowerGroup, an industry-leading financial services research and consulting firm, direct losses attributable to phishing and other forms of fraud were estimated to be $137 million in 2004. However, awareness of online scams has also resulted in the erosion of consumer confidence in the online financial services channel. Attacks victimizing online consumers and service providers are evolving, becoming both more complicated and more sophisticated. The recently updated FFIEC authentication guidance further punctuates the need for financial institutions to seriously consider stronger forms of authentication to help prevent these and other attacks.

"The username and password login that has been the standard user identification since the inception of online banking put the onus on the user not to divulge personal information to anyone, deliberately or unwittingly," said George Tubin, senior analyst in the Delivery Channels Practice at TowerGroup. "However, knowing the relative ease of compromising the username and password, financial institutions must look to more effective techniques for authenticating online banking users. Multi-factor authentication approaches that are transparent to the end user will help improve the security of any Web-based application, strengthening confidence among consumers for conducting financial transactions online."

Corillian Intelligent Authentication can be integrated easily into any online transactional application using an industry-standard web-services interface. Employing a behavioral approach to authentication, this unique technology does not require additional user input or participation; can be used to authorize specific transactions based on risk or type; can help prevent many forms of session hijacking and man-in-the-middle attacks; and unlike other authentication solutions, does not require the end-user to use any additional software or hardware. Corillian Intelligent Authentication addresses a number of privacy and reliability concerns associated with conventional approaches to consumer authentication, in that it does not require the user to register one or more computers and it is not dependent on the use of tracking cookies or other spyware-like tracking objects.

The Intelligent Authentication package includes a complete sample reference implementation, which provides working sample code to assist in the integration of the software product into any Web application. The package also includes a full-featured, Web-based configuration and administration tool that is used to manage and monitor the Web application.

"Over 30 of the nation's leading financial institutions are using Corillian's security technology to proactively solve fraud-related problems every day. Corillian’s extensive, real-world experience with our financial services clients puts us in a unique position to stay abreast of the latest security threats and events," said Jim Maloney, chief security executive of Corillian. "Organizations need a solution that provides strong authentication without compromising end-user convenience. Corillian is committed to the continued development of fraud-prevention technologies that enable Web site owners to protect their customers from security threats not only today, but in the future as well."