Thales completes Wynid acquisition; adds support for Vasco and Xiring authentication

Source: Thales

Thales announced today that its e-Transactions business line, a leading supplier of secure electronic transaction solutions, has completed the acquisition of Wynid Technologies, a principal international provider of integrated payment solutions.

This strategic acquisition, marks Thales' commitment to developing its presence in the growing integrated payment market, and consolidating its position in the French market, where Wynid is a market leader.

Integrated payment systems are becoming increasingly popular among large and medium sized retailers, as ever more powerful Electronic Cash Registers
(ECRs) allow more of the card payment functions to be supported on their PC-based systems. Additionally, integrated systems allow payment from several points of sale to be managed at a central level and interfaced to existing in-store management systems. According to Frost and Sullivan, by 2007, over 70% of the ECR market will be for systems with integrated card payment.

The full acquisition of Wynid by Thales, completes a period in which the two companies have worked in close partnership to supply integrated payment solutions to major players in the petrol retail market. Since the year 2000, Thales has held a 40% shareholding in Wynid Technologies. "Completing the acquisition of Wynid is a cornerstone in the development of our business in the fast-growing integrated payment market" said Christian F. Reiling, Vice President and Managing Director of Thales' e-Transactions business line. "Since becoming MD of e-Transactions at the beginning of this year, I have made the Wynid acquisition a top strategic priority".

Wynid Technologies, based in Montpellier, France, has for the past 15 years developed and sold integrated payment solutions for attended and unattended points of sale (POS) in the retail and petrol market sector. With an installed base of over 50,000 POS in France alone, Wynid Technologies is renowned for its technological expertise and the robustness of its server-based payment system. In addition to its leading presence in the French market, Wynid was one of the first suppliers to gain complete EMV approval for its integrated payment software.

Becoming part of the Thales organisation will enable the Wynid team to deploy its electronic payment solution in markets where Thales has an established presence. According to Martine Aubry, Managing Director of Wynid: "Being part of Thales is the best way to secure the future of the company I set up with François Trial in 1991. It will enable us to access new international markets and achieve a significant share of the global market for integrated payment solutions".

Separately, Thales today announced that SafeSign, its end-to-end solution for identity management, user authentication and transaction security, now supports all VASCO Digipass tokens. Through its flexible architecture, SafeSign is able to authenticate transactions and verify the identity of individuals using VASCO's Digipass tokens across multiple applications.

Thales' SafeSign provides customers with a single, central authentication platform with the ability to authenticate users with different security and authentication requirements. This ensures that the most appropriate level of security is applied to the different types of transaction. SafeSign can authenticate users and transactions regardless of channel and for a range of identity solutions, including PKI certificates, smart cards, USB tokens, handheld tokens and biometrics. SafeSign can now authenticate transactions using any VASCO Digipass, further increasing the flexibility of SafeSign, and offering customers a strategic and cost-effective route to comprehensive online security and fraud reduction. The flexibility of SafeSign also enables users to add new authentication requirements as and when required, using all types of technology including VASCO.

Using the system is simple. The user will login to a service, using the Vasco Digipass token to authenticate himself, in order to access the required service. Once the user has gained access to the service, SafeSign can also strongly authenticate any transactions made using that service. The Vasco authentication could be in the form of a one-time-password, challenge-response or electronic signature, depending on the level of security required. Thales' SafeSign sits behind the application and verifies the Vasco authentication method used to securely validate user identities and digitally sign business transactions.

Paul Meadowcroft, head of transaction security at Thales, stated: "The issue of identity management and authentication is becoming increasingly important, particularly as online transactions become ever more popular. Organisations such as banks, governments, pharmaceuticals and healthcare companies are faced with an array of different security risks. Thales' support of VASCO tokens shows our commitment to providing the widest range of transaction and identity management security solutions, and adds a significant capability to SafeSign's already comprehensive authentication token support."

Jan Valcke, VASCO's President & COO said: "By partnering with Thales, we have brought increased flexibility and added security to our customers. SafeSign is a strategically sound authentication solution and we are sure that this partnership will shortly see organisations from many industries employ VASCO's Digipass with SafeSign at the centre of their security infrastructures."

Thales also announced today that SafeSign, its end-to-end solution for identity management, user authentication and transaction security, now supports the use of XIRING Xi-Sign tokens and EMV card readers. Thales and XIRING, a leading authentication, electronic signature and secure transaction solutions provider, are working together to deliver the security benefits of the latest MasterCard CAP (Chip Authentication Program) standard EMV cards.

The MasterCard CAP standard has been put in place to combat the growing threat of transaction fraud conducted when the cardholder is not present, such as the online phishing technique. It allows EMV cards to be used in the authentication process of secure online service provision.

Thales and XIRING enable customers to take advantage of the new EMV CAP standard by using the strong two-factor authentication technique of something you have (EMV card) with something you know (PIN) to identify and authenticate the user. When trying to access a service, customers insert their EMV card into the XIRING unconnected card reader and enter their PIN.

They will then be presented with an eight-character code on the display.
This one-time code, which changes every time the card is used, is then transmitted to the Thales SafeSign Authentication Server which strongly authenticates the user to permit access.

The same combination of the Thales SafeSign Authentication Server and XIRING card reader can be used to authenticate the transaction itself. When the user performs a transaction, he is presented with a challenge in the form of a numeric code. With the EMV card plugged into the unconnected reader, the user keys the challenge code into the reader and a new one-time passcode is generated in response. This new passcode is then entered by the user into his PC where prompted and transmitted to SafeSign to authenticate the transaction itself.

Thales and XIRING are now offering customers the chance to take advantage of an integrated EMV package that supports the CAP standard, incorporating EMV smart cards, XIRING card readers and a year's licence of the Thales SafeSign Authentication Server. The package also includes consulting, installation and training support.

Paul Meadowcroft, head of transaction security at Thales, stated: "As cardholder-not-present fraud continues to rise, the need to identify remote users and authenticate their transactions is rapidly becoming a top transaction security priority for many organisations. Thales SafeSign Authentication Server supports a wide range of authentication tokens and our ability, with XIRING, to authenticate all EMV cards using the CAP standard provides organisations with the ability to apply strong, two-factor authentication to a range of transactions."

George Liberman, CEO of XIRING, said: "Thales and XIRING work perfectly together to deliver the benefits of the MasterCard CAP standard. Both the Thales SafeSign Authentication Server and our XIRING card readers are compliant with the MasterCard CAP standard, and both provide real flexibility for users. Our card readers will process all EMV cards and the SafeSign platform from Thales is able to authenticate the transaction, regardless of the level of security used. We are sure that the EMV authentication solution that we now offer will shortly be implemented across a wide number of organisations."

Comments: (0)