TriCipher, Inc., a leading provider of Future Proof Risk Based Authentication Solutions, today announced version 3.2 of its flagship solution, the TriCipher Armored Credential System.
With this launch, TriCipher adds easy integration with passive forms of authentication (such as IP Geolocation and device fingerprinting), fraud detection, and support for additional one-time password systems to the comprehensive set of multi-factor credential options it offers. TACS 3.2 is the first authentication system to integrate with fraud detection systems by sharing authentication type and other login information and communicating with them in real time on individual transactions to step up to stronger authentication when needed. In addition, the new TACS Authentication Gateway simplifies deployment of risk-based authentication by pre-integrating TACS APIs and providing easy hooks for passive authentication methods and fraud detection. In separate press releases issued today, TriCipher also announced strategic partnerships with Cydelity and Arxan.
"We believe the convergence of multi-factor authentication with fraud detection is a big step forward in real-time response," noted Scott Mackelprang, Vice President of Security and Compliance at Digital Insight. "TriCipher is unique in its ability to strengthen our layered security approach, what we call "Deep Defense", while enabling us to help our client financial institutions address the potential security concerns of tomorrow in a more seamless manner.
Enhanced Solution Speed Deployment and Integration
The TACS Authentication Gateway is a web server that pre-integrates TACS APIs, removing the need for integration at the web application, which significantly simplifies the deployment of multi-factor authentication. In addition, it has hooks for a variety of passive authentication methods and fraud detection, freeing the web application from managing the authentication process, and off-loading integration with fraud detection for real-time risk assessments on transactions to TACS.
Additional enhancements to TACS include integration with OATH, Vasco(R) and ActivIdentity(R) one time password systems and a Macintosh(R) version of the TACS ID Tool. By integrating one time password systems (OTPs) with TACS, TriCipher has made one time password systems part of a single authentication architecture, making it easy to migrate users to OTPs as desired, and hiding the complexity of supporting multiple OTP types in your environment.
"We want our product to be as plug and play as possible for our customers, and we want their investment to last," said Andy Cottrell, VP of Research, Development and Operations at TriCipher. "With this new version of TACS, and especially with the Authentication Gateway, we've made it that much easier for organizations to deploy and use multi-factor authentication. Plus, the ability to adjust security in real time and over time without having to rip out the infrastructure delivers future-proof solution that guarantees ROI."
Separately, TriCipher and Cydelity, Inc., a provider of online risk based fraud detection, today announced a strategic partnership to deliver a highly secure authentication solution for financial institutions that adjusts authentication strength and verifies transactional integrity in real time. Coupling the TriCipher Armored Credential System (TACS) with Cydelity's fraud detection delivers a highly flexible, easy-to-manage infrastructure that supports a wide variety of multifactor authentication types fully integrated with back-end fraud detection. The combined system exceeds FFIEC requirements and provides financial institutions with greatly enhanced security by preventing both fraudulent transactions and theft of identity data. It is the only authentication solution that has the real-time capability to both adjust user credential strength based on information from back-end fraud detection analysis and report credential information to the fraud detection system in order to more accurately assess risk.
"When the user logs in, you may be fairly certain that this is really your user," said Bob Ciccone, President and CEO of Cydelity. "However, you need to be able to adjust your security based on transactional risk and behavior and take appropriate action depending on each individual user and transaction. By partnering with TriCipher, the two companies are bringing to market the ability to adjust security and risk-mitigation in real time."
As Cydelity scores transactions in real time, the scores are compared to thresholds set by the financial institution. If a transaction appears sufficiently risky, TACS can invoke additional authentication steps. For example, a user logging in from an Internet kiosk overseas will have a different risk profile than when logging in from their PC at work. TACS can provide very strong multifactor authentication from the work PC, making transactions less risky. When the user logs in from the Internet kiosk, they use a lower security credential, which increases transaction risk. Cydelity fraud detection takes these differences into account when scoring individual transactions. Thus fewer transactions will require secondary authentication from the work PC vs. the Internet kiosk. This allows the system to inconvenience fewer users and reduces false positives.
"A comprehensive, risk-based authentication strategy means combining strong, "always-on" detection on the back end with effective multi-factor authentication on the front end," said Avivah Litan, research vice president, Gartner Inc. "Integrated solutions that allow banks to increase their security without inconveniencing customers makes a strong offering that banks should consider to protect their online services."
With the need to comply with FFIEC guidance looming, banks have been torn between improving back-end detection and up-front authentication. Many are choosing short-term "passive" authentication solutions, such as fraud detection, IP geolocation and device fingerprinting that are convenient but do not address significant security threats such as man-in-the middle phishing attacks that occur during user logon. As threats and regulations continue to evolve, banks will need both a variety of multifactor authentication types and fraud detection to be able to react quickly.
Unlike other systems currently in the market, only TACS provides the Authentication Ladder, a variety of authentication strengths managed from a single system. In addition, each credential type on the Ladder includes secondary authentication methods and the ability to log in using a backup method when their second factor is not available. By integrating with Cydelity fraud detection, the strengths of these various methods can be taken into account when scoring individual transactions, and financial institutions can even specify the strength of authentication that would make a transaction allowable.
"Our vision has always been to make strong security convenient for users and affordable for companies," said Ravi Ganesan, founder and CEO of TriCipher. "By integrating with Cydelity, we're able to adjust authentication strength based on real-time assessments of risk. This not only saves end users from a lot of headaches but reduces the cost for companies by applying stronger security only where needed."
Also today, TriCipher Inc. and Arxan, Inc., a leading provider of software and hardware anti- tamper solutions, have announced the integration of the TriCipher Armored Credential System (TACS) solution with the Arxan Attestor. This joint solution ensures the authentication process is not compromised by malware that is present on a user's computer. Many types of malware, including the Mytob-GK worm and the Dasher virus, turn off security programs such as anti-virus software or personal firewalls without the user knowing. If this remains undetected at the time of authentication, the user's credential could be stolen, or malware could take over the user's session. By integrating Arxan's Attestor into TACS, TriCipher and Arxan will deliver the first authentication solution that protects the integrity of both the user and the device at the time of logon.
"When logging in to your online bank account, you want to be sure you're protected from fraudulent malware that may already have infected your system - something that traditional authentication mechanisms do not provide," said Becky Bace, CEO, Infidel and noted security expert. "By joining forces, Arxan and TriCipher are going to prevent malware from giving users a false sense of security in order to steal or compromise the integrity of credential or personal information. This kind of forethought from solution providers is exactly what's required to keep hackers at bay."
Leading anti-virus software packages have become the new front-line targets for an increasing number of viruses. In addition, several freely available utilities provide malware authors with new tools that enable malware to evade updated Internet security tools. Once a virus invades and takes administrative privilege over a machine, it can cause the system to lie at will about security features being on or off. Internet security tools today are not built to reliably handle such situations - a traditional tool could show the system in good health when in fact it is not.
"As worms and viruses become more sophisticated and are designed to commit undetected fraud, it is essential that security solutions address both the nature of the threat and the real-world scenarios in which it can cause harm," said Richard Earley, president and CEO of Arxan Technologies. "The Arxan Attestor provides a robust complement to TriCipher's TACS solution to provide effective protection against evolving malware threats."
Arxan's fortified deployment technology was developed to protect critical IP and applications from organized, professional attackers with full administrative privilege over the system and serves as a trusted sentinel to constantly monitor, record, and reliably report system health information, even after the machine has been compromised. TriCipher's multifactor authentication has led the way in affordability, usability, and security. TriCipher and Arxan together ensure a reliable "health check" of the device at the time of logon, a critical factor when rolling out mass multi-factor authentication deployments.
"We are always looking for ways to close security gaps that could help an attacker compromise a user's credential," said Andy Cottrell, Vice President of Research, Development and Operations for TriCipher. "TriCipher and Arxan together prevent users from being fooled by malware into thinking their computer is clean while logging in to sensitive online services such as banking."