PassMark teams with PostX for messaging security; meets FFIEC authentication guidance
04 November 2005 | 4104 views | 0
Source: PassMark Security
PassMark Security and PostX have integrated their solutions to deliver a comprehensive, end-to-end security solution for email and all Web-site interactions between financial institutions and their customers.
The system combines PassMark's secure authentication with PostX's secure Messaging Application Platform (MAP) to create an integrated framework that ensures privacy, protects identities and re-establishes trust in online banking.
"The combination of the PostX Messaging Application Platform and PassMark's secure authentication creates a powerful solution - multi-dimensional security that is easy to use for any scale customer base without training," said Cayce Ullman, CEO of PostX. "With this unique solution, financial institutions can ensure that their customer's sensitive information is provided the maximum protection."
"Token-less" and "client-less," the new solution does not require the customer to have any new hardware or install any new software. "This eliminates complexity for both the institution and the customer, making it quick for financial institutions to deploy and economical across millions of online customers," said Bill Harris, chairman of PassMark Security. "This will also further enable institutions to meet new FFIEC guidelines for protecting customer data in the online channel."
Here is what the combined solutions deliver:
Two-factor Authentication. The system securely identifies the customer with strong two-factor authentication (password plus token), using the customer's computers and phones as second-factor authenticating hardware tokens.
Two-way Authentication. The system authenticates the bank to the customer with a PassMark - a secret image known only to the bank and that customer. When a customer sees his unique PassMark, he instantly knows that the email or Web site he is looking at came from the real bank - not an imposter.
Encryption and Privacy. Bank emails are encrypted for security and privacy and signed with a PassMark, so customers know it is from their bank. They can be easily opened within any existing email program (without installing any new software), but only by the customer himself. Web site sessions are similarly encrypted and secured.
Real-time Transaction Monitoring. The PassMark system also includes real-time analysis of transactions as they happen with decision-making tools that can spot and stop threats before it is too late. The system can even identify new emerging attacks, not just known ones, using a state-of-the-art analysis technology called "neural networks."
Audit-Logging. All customer activity, such as viewing an email or a Web page, can be authenticated and logged for confirmation and record keeping. A bank can maintain a history of its interactions with each customer.
Seperately, PassMark announced today that its online authentication system meets the guidance released in October by the Federal Financial Institutions Examination Council.
"We have been talking with the architects of the FFIEC guidance and the examiners who will enforce it. They have made their intent clear. They consider access to non public customer data as a high risk element of online banking, and they expect broad deployment of significant authentication to protect both the viewing of customer data and transactions," said Bill Harris, co-founder and chairman of PassMark Security. "Our approach delivers the capabilities examiners will now look for, a second factor for authentication and layered security. We also meet another critical requirement of the guidance - user acceptance - because users don't need any new hardware or software, and the PassMark itself gives them confidence when they do online banking. That is why we are the leading provider today, and will have over 20 million consumers using PassMark by Q1 2006."
This new guidance specifically states that financial institutions regulated by FFIEC agencies should move beyond single factor password authentication. Institutions must develop layered security measures to reliably authenticate customers remotely accessing their Internet-based financial services. The FFIEC regulatory agencies are: Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency and Office of Thrift Supervision.
"Online Authentication solutions that incorporate strong, yet convenient, two-factor technologies will allow banks to significantly improve online security and at the same time help customers feel more secure with online banking. The new FFIEC guidance compels banks to seriously consider implementing such solutions," said George Tubin, senior analyst at TowerGroup, a leading research firm focused on the global financial services industry.