Cambridge, UK - 3 August 2010
Cryptomathic's two-factor authentication server, Authenticator, supports all mechanisms outlined in a multi-factor authentication security review carried out by the UK Payments Council (UKPC) , the organisation that sets strategy for UK payments, and Accenture, the global management consulting, technology services and outsourcing company.
Undertaken earlier this year, the security review combines the results of a comprehensive survey on authentication and industry expertise. The aim of the document, which supports the launch of a new authentication modelling tool, is to share knowledge with banks and businesses to better equip them in tackling security challenges, and to select the right technologies to secure their customers' activities online.
Designed for scalable applications, Cryptomathic's Authenticator is able to support all the authentication mechanisms outlined in the report. The technology assists organisations, particularly banks, in combating the risk of online fraud by securing financial transactions and accessing services online. Its flexibility to support multiple authentication mechanisms prevents 'vendor lock-in', enables Cryptomathic's customers to shop around for the most suitable and cost effective authentication method, and receive the highest possible return on their investment.
David Dix, Electronic Payments Expert at Cryptomathic, comments: "We are delighted that this report re-confirms the Authenticator's position as one of the most flexible and up-to-date solutions currently available to banks to enable them to deliver strong user protection from identity theft. With a wide and growing range of user and transaction authentication methods entering the market, the Authenticator is able to adapt to future requirements whilst safeguarding the value of an initial investment."
The security review explores three different authentication strategies - risk based authentication, adaptive authentication and knowledge based authentication - as well as the available token types, including: paper (e.g. Transactional Access Number list), memory (e.g. a PIN), device independent software (e.g. Public Key Infrastructure), device and/or location dependant hardware (e.g. Chip Authentication Protocol) and out of band (e.g. SMS). The report rates each mechanism on criteria such as usability, utility, ease of implementation, security and performance. EMV CAP technology achieved the highest score for multi-factor authentication technology.