Digital Transactions Authoritative, insightful and timely information for payments professionals
A Woodside, Calif.-based startup company today began commercial production of a two-factor authentication system for Internet transactions and also announced its first customer for the product. PassMark Security LLC, which was founded last year, has sold its PassMark identification system to Stanford Federal Credit Union, Palo Alto, Calif. The 18-year-old credit union, which claims to be the first U.S. financial institution to process an Internet transaction, will use the system to secure log-in for its 40,000 members. PassMark began last spring marketing a system for two-factor, two-way online authentication system (Digital Transactions News, June 1, 2004), so-called because it allows banks and other e-commerce sites to identify themselves to users while also identifying the users. In this way, the system tends to protect against the efforts of criminals who harvest passwords and other confidential information in phishing attacks. Users select an image known only to themselves and the e-commerce site. The system displays the image upon log-in, indicating the site is genuine. Users are cautioned against entering a password unless they see their image. Banks and merchants can also use the images in e-mails they send to customers as a way of authenticating their messages. At the same time, PassMark's software identifies users' device IDs and IP addresses when they sign in, allowing banks, billers, and merchants to make decisions based on the transaction history associated with those identifiers. This adds the second factor, supplementing the traditional password. E-commerce operators can license the system, which is available as a hardware appliance or on a hosted basis, for anywhere from 10 cents to $1 per customer, depending on volume. Online authentication of consumers has become a pressing issue in online banking and e-commerce generally as phishing frauds proliferate. The number of reported sites involved in phishing reached 1,707 in December, up 10% over the November number and more than triple the number reported in September, according to the Anti-Phishing Working Group, a coalition of online marketers and law-enforcement agencies. Indeed, the number of phishing sites increased at an average monthly rate of 24% over the second half of 2004, the group says.
