Covelight Systems and Tricipher Partner to Offer 30-Day Implementation of Integrated Multifactor Authentication and Fraud Management
Joint Offering Enables Banks to Leverage Best-of-Breed Technologies to Meet FFIEC Deadline with Future Proof Protection
July 11, 2006 – Cary, NC and San Mateo, CA – Covelight Systems, an innovator of solutions for real-time identity-based monitoring of Web applications to detect fraud and identity theft, and TriCipher, a leading provider of Future Proof Risk Based Authentication solutions, today announced a strategic partnership to deliver a fully integrated, non-intrusive fraud detection and multi-factor authentication system with implementation in just 30 days. The combined solution leverages best-of-breed technologies to enable financial institutions to meet the upcoming FFIEC deadline with robust multi-factor authentication and fraud management. The joint solution matches authentication strength to the risk level of specific transactions, providing a comprehensive approach that truly protects online financial services websites and the people that use them.
"Financial institutions require both back end and front end protections to ensure the integrity of web-based transactions," said Covelight CEO Spencer Snedecor. "Covelight Percept™ is a field-proven fraud management solution that has been successfully deployed in leading financial institutions since 2004. By integrating Percept with TriCipher Armored Credential System (TACS), we are combining two proven products to give banks what they need — a best-in-class solution for protecting against online fraud."
This collaboration provides an alternative to product suites from a single vendor that may compromise functionality, fast implementation or long term protection. Combining Covelight and TriCipher's domain expertise in their respective fields results in a solution that captures the rich functionality and innovation associated with best-in-class products. Moving forward each will continue to develop their core technology, unconstrained by the platform, technology or interoperability limitations often associated with suite offerings.
Financial institutions are searching for a solid way to prevent fraud — both to comply with FFIEC guidance and to prevent loss and damage to their reputations. Together, Covelight and TriCipher provide a fully integrated, highly secure solution that not only reduces the occurrence of online fraud, but builds confidence and trust for end-users, allowing banks to continue to grow online channels.
"Banks should treat the initial login as a high-risk transaction and use multifactor authentication for all online account access," said TowerGroup analyst George Tubin. "Because no authentication approach is 100% effective, session monitoring is an approach that can potentially detect fraud by identifying behaviors that typically lead to fraud (e.g., login, change password, set up new bill payee, make payment to new bill payee, logout) or behavior that is uncharacteristic for a specific user based on the individual's transaction history."
The integrated solution consists of the TriCipher Armored Credential System™ (TACS) and the Covelight Percept™ Web application fraud management system. The Covelight system incorporates network-based real-time monitoring, multi-dimensional fraud detection and scoring to evaluate each user's session risk. It monitors each user and their online patterns, through the entirety of a session, automatically building behavioral profiles and detecting suspicious activity to identify high risk transactions in real-time. In addition, Covelight Percept™ maintains detailed session and transaction logs and an incident investigation console to facilitate on-demand session audits and fraud case management.
TACS can check a user's risk score at login to determine if any immediate, additional authentication is needed before allowing a user access. In addition, if at any time during the user's session the Covelight Percept™ risk score exceeds a specific threshold, TACS can leverage its Authentication Ladder — which offers a variety of authentication types managed from a single system — to invoke additional authentication steps. Each credential type on the Ladder includes secondary authentication methods such as SMS or phone verification, as well as the ability to log in using a backup method when their secondary factor is not available. The integrated solution can be deployed in under 30 days. Both systems require little or no changes to the application, and are appliance-based for fast setup and easy maintenance.
"The TACS Authentication Ladder provides financial institutions with unmatched flexibility and control over what sort of authentication makes sense for specific transactions," said John De Santis, Chairman and CEO of TriCipher. "By partnering with Covelight, we extend our ability to deliver a powerful, highly secure risk-based solution to prevent online fraud."
Pricing and availability
The integrated solution is available immediately in a simple, perpetual license model.
About Covelight Systems
Covelight Systems is the field-proven leader in passive, real-time identity-based monitoring of Web applications to protect confidential data from online fraud and identity theft. Covelight's products, including Percept™ and FraudProbe™, provide real-time visibility into critical Web applications, detect suspicious behavior, provide continuous identity-based auditing for compliance, and forensic data for incident investigation. Only Covelight delivers solutions to detect the external and internal threats to confidential information and identity data accessed through Web applications, including account takeover fraud, insider identity theft, phishing activity and session hijacking. For more information, go to www.covelight.com.
About TriCipher, Inc.
TriCipher, Inc. provides Future Proof Risk Based Authentication. The TriCipher Armored Credential System™ (TACS) is the first authentication system that enables companies to deploy and manage multiple types of credentials from a single infrastructure. Through this flexible "Authentication Ladder," TriCipher delivers future proof security – protecting your investment by enabling authentication strength to adjust in response to new threats and regulatory changes without the need to implement a new infrastructure. In addition, TriCipher delivers risk based authentication - preventing online fraud through seamless integration with fraud detection systems, secondary authentication systems and the ability to enforce security software presence checks for malware protection. Founded in 2000, TriCipher is headquartered in San Mateo, California. The company was incubated as NSD Security before launching as a separate entity in 2005 with backing from ArrowPath Venture Capital, Intel Capital, Trident Capital, and Wasatch Venture Partners.