How does PhishCops® work?




No challenge questions to answer.
No images to maintain.
No hardware to purchase.
No software to support.
No javascript requirements.
No certificates to manage.
No "risk scores" to evaluate.

Real authentication.

PCI 8.3 and FFIEC / FDIC MFA compliance based on
 the HASDL (Device Localization) standard.







  NEW!     Credit Union Journal MFA Study



PhishCops® virtual token approach
is "most supportable" authentication

Download the actual study here.









  Watch two university students defeat RSA Sitekey at Bank of America!









Download the Sestus Data / BearingPoint MFA Non-Compliance Study here






Listen to a CNET podcast re: the weakness of challenge/response and secret image systems



 1) PhishCops® will dominate the market by 2009
Challenge / Response approaches "short-lived"








Live Demonstration
FFIEC & FDIC Regulatory Requirements
How Does PhishCops® Work?
Site Map
Compare PhishCops®: Regulatory Compliance
Compare PhishCops®: Fraud Attack Vectors
Compare PhishCops® to: Hardware Tokens
Comparison Graphs
PhishCops® in the Press
Implementing PhishCops®
Branded Licensing

Search PhishCops®
What are Virtual Tokens?
What is Phishing?









Multi-factor Authentication to the World™




Contact Us


About Us




True Multi-Factor and Mutual Authentication
PhishCops® is a patent-pending cryptographic multi-factor authentication process that also employs "virtual tokens" for mathematic mutual authentication. PhishCops® is a true multi-factor approach as defined by the FDIC and the FFIEC. PhishCops® complies with section 8.3 of the PCI Data Security Standard and it satisfies U.S. "Level 3" multi-factor authentication requirements as specified in NIST Special Publication 800-63. PhishCops® is the strongest multi-factor authentication in the world using government-approved authentication standards.

PhishCops® is extremely easy to deploy a site using it right now is BestReviewsHunt to protect their authors from loginin in and posting reviews that they are not authorized to do so. . There is no hardware to purchase or ship, no software or active-x objects to install, no javascripting requirements, and no certificates to manage.  PhishCops® is 100% cross-browser, cross-device compatible.  For its breakthrough in cyber security, the U.S. government has twice named PhishCops® a semi-finalist for both the Homeland Security Award.

PhishCops® means REAL authentication.  PhishCops® detects and authenticates "something the user knows" (their login credentials) AND "something the user has" (their connected device). For the first time, organizations can now reliably detect and authenticate their user's internet-connected devices safely, securely, and easily.

Industry Recognition
PhishCops® was rated #1 among competitive solutions for ease of implementation and overall low-cost of ownership and it has the lowest support costs of any multi-factor authentication product. It was awarded InfoWorld's highest honor, the InfoWorld 100 Award for the "best use of technology to meet business goals" and the U.S. government has twice named PhishCops® a semi-finalist for both the Homeland Security Award for "making a measurable and constructive contribution related to basic and/or advanced research in the area of homeland security which will result in a significant and positive benefit to society".

Strongest Multi-Factor Authentication in the World
PhishCops® is significantly stronger than all other multi-factor authentication approaches, including hardware tokens and it is significantly easier to support than software certificates.  PhishCops® authentication algorithms were developed by the National Institute of Standards and Technology (NIST) and the Information Technology Laboratory (ITL) under the authority of the U.S. Department of Commerce. These authentication algorithms are now the current U.S. standard for authentication and are used to protect all sensitive U.S. government data.  There are no stronger authentication methods in the world.

Unbreakable Mutual Authentication
Traditionally, mutual authentication was based on mathematics and cryptographic processes that operated "without user interaction". It has only been recently, with the introduction of weak "secret image" based systems, that many organizations have begun to associate mutual authentication with on-screen images. While on-screen images are a form of mutual authentication, they represent the weakest form. Fraudsters can (and do) replicate on-screen images and other information with shocking ease. They "provide little extra protection" and "might actually detract from security by giving users a false sense of confidence". (Quoted from the New York Times article on a recent MIT / Hardware University study of "site-authentication images").

PhishCops® does not resort to weak images or pass-phrases. PhishCops® uses unbreakable mathematics in a patented "virtual token" approach to mutual authentication. Users do not register any images and they are not required to verify anything on your website. The Website is mathematically authenticated to the user and the user’s device is mathematically authenticated to the website "without user interaction". Only the genuine website can produce a valid virtual token number, which will only validate when entered from the genuine user’s internet device. It doesn't matter if fraudsters replicate the website to try and solicit information from the user. There is no amount of information that a user can divulge to the fraudster that will allow the fraudster to access the user's account.

Man-in-the-Middle & Malware Protection
PhishCops® is effective against ALL forms of online fraud, including phishing, pharming, malware, man-in-the-middle attacks, vishing, hostile proxies, keylogging trojans, altered transactions, and social engineering techniques. PhishCops® is also the only MFA product that completely satisfies all 4 dimensions of security (confidentiality, data integrity, non-repudiation, and anti-replay).

Usable by 100% of your Customers
PhishCops® is usable by 100% of your customers, regardless of their hardware configuration, operating system, or choice of browser. There is no additional hardware to carry and no additional software to download. PhishCops® does not require your customers to enable flash, java, or javascript, and PhishCops® even functions if your customers turn their browser "cookies" off. PhishCops® authenticates customers who connect from behind anonymous proxy servers, customers who use dynamic IP dial-up internet providers, and customers who login from mobile devices such as Blackberries, iPhones, and web-enabled cell phones. "If they can get to your website... they can use PhishCops®".

If you would like additional information about PhishCops® 


Home   |   Sitemap   |   Contact Us   |   Print this Page   |   Search 
© 2008 Sestus Data Company   All Rights Reserved. PhishCops® is Patent Pending.

Toll Free Tel.