Headline
News: PhishCops® in
the Press The
following is a collection
of recent news stories
regarding the PhishCops®
Multi-factor Authentication
process.
"authentication
methods that required
the most effort by members,
such as installing software
toolbars, configuring
browser certificates,
or registering questions
and secret images, were
reported to be the most
difficult to support
and contributed to the
greatest loss of online
member activity. Those
methods that involved
the least effort by
members, such as virtual
tokens (i.e. PhishCops)
rated the best."
Multi-Factor Fallout: The Plusses And Minuses
Of "Security By
The Regs" "We
assumed everyone knew
that challenge-response
systems do not meet
the regulatory definition
of MFA," Willis
explained. "By
rejecting true MFA in
favor of these less
costly approaches, financial
institutions have, instead,
actually made the situation
much worse. Through
the widespread use of
challenge-response,
consumers are being
conditioned to disclose
their confidential personal
information, such as
maiden names and high-school
names, on a scale never
before seen. "It
doesn't take a rocket
scientist to understand
why this is unpopular
with consumers,"
Willis continued, adding
that he's seeing "unusually
high" interest
in PhishCops from organizations
that are currently depending
on C-R."
"The
C-R paradigm will be
short-lived, agreed
Rick Rhoads, senior
vice president, eServices,
at the $13.5-billion
State Employees CU (SECU)
in Raleigh, N.C..."
Company
Predicts Its Anti-Phishing
Solution Will 'Dominate' "Unlike
most existing Internet
banking security tools-which
are wearing thin under
today's man-in-the middle
attacks and invisible
malware- PhishCops doesn't
rely on "mother's-maiden-name"
challenge questions
or familiar images,
according to $314-million
First Florida CU and
$197-million Envision
CU, which recently launched
PhishCops. "Originally,
we had signed with another
vendor that used challenge
questions as an authentication
factor," said Tim
Brown, chief technology
officer at First Florida
in Jacksonville, Fla.,
which went live with
PhishCops in April.
"But then we realized
we didn't want to force
our members to give
out any personal information
that could be phished
in the future,"
Brown said."
"PhishCops
stands up against current
threats, said Shea Lambert,
director of IT for United
Solutions Company, the
Tallahassee, Fla.-based
CUSO that provides PhishCops.
"Other products
can't protect your members
from man-in-the-middle
attacks and hostile
proxies," asserted
Lambert. "PhishCops
can. Even with a stolen
account number and password,
a thief can't get into
an account."
"Giant
management and technology
consultancy BearingPoint,
Inc., of McLean, Va.,
recently told Credit
Union Journal it would
switch to PhishCops."
Vulnerability
of Passmark Sitekey
at Bank of America Reported "PhishCops(tm)
product represents the
next-generation in online
security, replacing
vulnerable logins and
passwords, expensive
hardware tokens, difficult-to-manage
software, and vulnerable
“challenge-question”
approaches, with an
unbreakable, government-approved,
mathematic multi-factor
authentication approach."
Bank
of America and Passmark
SiteKey: Trouble in
Paradise? "There
is one multi-factor
authentication solution
that does not solicit
personal information
from customers, that
uses government-approved
authentication algorithms
instead of vulnerable
images and shared secrets,
and which does not require
“tinkering” to keep
it one step ahead of
phishers. PhishCops
by Sestus Data Company..."
Dramatic
Breakthrough in Out-of-Band
Authentication "On
May 22, 2006, Sestus
Data Company announced
the release of its long
awaited PhishCops SAFE(tm)
out-of-band authentication
solution. PhishCops
SAFE(tm) is the world’s
first SMS Authentication
Facilitation Engine
capable of solving the
problem of altered transactions....PhishCops
SAFE(tm) is built on
the patent-pending PhishCops(tm)
technology and represents
a drastic paradigm shift
in out-of-band authentication.
It is destined to radically
change the dynamics
of the war against online
identity theft."
2-Factor
Authentication: Will
Financial Institutions
Really be More Secure?
"Even more encouraging
for business owners
is the fact that, in
a recent survey of competitive
solutions reported on
Yahoo News, PhishCops
was rated #1 among two-factor
authentication solutions,
offering the lowest
total cost of ownership
with the fastest implementation
time and minimal support
requirements."
The
Cost of Implementing
Multi-Factor Authentication "PhishCops
by Sestus Data Company
offers the lowest total
cost of ownership with
the fastest implementation
time and minimal support
requirements. ..Incidentally,
PhishCops also appears
to be the only vendor
using government-approved
authentication methods."
Financial
Institutions Confused
About FFIEC Regulations "PhishCops®
authentication methods
also appear to be stronger
than those used by most
hardware-based token
vendors. The National
Institute of Standards
and Technology, a government
standards body, has
recently called for
all regulatory agencies
and commercial security
firms to migrate their
technologies away from
the aging SHA-1 OATH
standard used by most
hardware-based token
vendors, to the newer
SHA-256 standard (which
is used by PhishCops®)
by 2010."
FFIEC
& Tokens: Hardware
Tokens Do Not Mitigate
Phishing "PhishCops®
by Sestus Data Company
satisfies both of the
FFIEC’s recommendations
using a "virtual",
or hardware-free two-factor
token processor, with
invulnerable website
authentication, in a
single integrated solution...
PhishCops® was designed
from its inception in
accordance with FDIC
and FFIEC regulatory
requirements and the
U.S. government recently
named PhishCops® a semi-finalist
for the 2005 Homeland
Security Award."
Phishing,
Account Hijacking Myths
Exposed "In
fact, of all the anti-phishing
solutions recently announced
in the press, the only
one that actually employs
an approved strong authentication
method to authenticate
the website itself is
PhishCops by Sestus
Data Company. PhishCops
uses algorithms approved
by the U.S. Dept of
Commerce for use in
authenticating sensitive
data and applies these
algorithms to proactively
authenticate websites
using a 100% web-based
approach. It does not
rely on any database
of ‘blacklisted’ phishing
websites, filtering
rules, additional login
process layers, or on
potentially fraudulent
‘whois’ or IP records."
