Butler Group Delivers Positive Audit of Cryptomathic Authenticator

Cambridge, UK - 8  September  2009

A technology audit carried out by Butler Group (a Datamonitor company) on Cryptomathic's Authenticator has commended the company on its server-based two-factor-authentication (2FA) solution which meets the user verification requirements of the banking and payment industry.

The Cryptomathic Authenticator has been designed for use within banking applications and other customer-facing management systems, to provide 2FA to customers and/or businesses who wish to undertake secure financial transactions or access services online.  Its role is to eliminate the incidences of successful phishing, pharming and man-in-the-middle attacks.

The Butler Group report, undertaken in March 2009, acknowledges that due to the vendor-independent approach adopted by Cryptomathic, the solution can support more than ten front-end authentication mechanisms, including static and partial passwords, proprietary tokens, OATH tokens, Chip Authentication Protocol (CAP), SMS, grid cards and voice recognition among others.  Authenticator also supports Hardware Security Modules (HSM) from a variety of vendors, including nCipher (Thales), IBM and Safenet.  According to the Butler Group, this provides much needed flexibility to financial services organisations when required to roll out 2FA technology to secure internet banking and online payment facilities.

Additionally, the report credits the scalability of the product, which provides an open capacity to integrate all new authentication mechanisms as and when they gain market adoption, and its ability to support clustering and failover functionality. 

Professor Peter Landrock, Executive Chairman of Cryptomathic, comments: "The Butler Group is well respected throughout the business world for the impartiality and incisiveness of its research and opinion.  To receive such a positive audit on our authenticator solution is a great outcome and reinforces Authenticator's position as the most functional, flexible and cost-efficient solution on the market."

More generally, the report promotes the product's ability to deliver strong business and user protection from identity theft, and the subsequent cost savings that can be realised by preventing fraudulent attacks on banking systems.  A further argument raised in favour of the solution, and 2FA authentication, is that the visible protection it offers encourages customers to continue to use cost-effective, online, self-service facilities, rather than reverting to other more expensive channels.

Peter concludes: "With a notable rise in the number of high-profile security breaches, and the resulting pressure on banks to safeguard customer identity data, we envisage a continued high level of acceptance of our authentication solution within the commercial banking industry."