Increase Employee & Customer Security, Lower Costs, Be A Differentiator
World-Class Enterprise Authentication Server
SurePassID Authentication Server is an award-winning, proven identity security platform that addresses every aspect of employee and customer authentication for every channel of access, with virtually any type of authentication method on the planet.
Although SurePassID Auth Server can be deployed as a cloud service, most financial institutions want the server on their own premises and we fully support that, giving you the control and peace of mind you want.
As a multi-tenant server, you can have a tenant (server account) for your internal authentication needs for employees and another tenant for your customers. And you can have as many tenant accounts as you need under a single server license. You simply pay for the aggregate users across all tenant accounts. This gives you maximum centralized control and visibility over all of your separate authentication realms, while realizing a predictable cost model and overall lower cost of ownership.
Standards-Based Philosophy Protects Your Investment
SurePassID will always be based on open standards to avoid vendor lock-in and proprietary technology, enabling you to rest assured that your authentication solution will evolve and improve as new standards are adopted and better security technology becomes available.
FIDO is the Future for Simpler, Stronger Authentication
The FIDO Alliance was formed in 2012 by top identity security professionals across many industries to develop a stronger and simpler way for consumers to authenticate their identity and ultimately ELIMINATE passwords. We all know username and password alone is not sufficient to protect our identities, especially in the financial industry. Now, with FIDO (Fast IDentity Online), you can eliminate passwords, use biometrics, enable your customers to “bring their own security” by using FIDO tokens they already have or getting one from an Amazon vendor.
Traditionally, banks have been slow or reluctant to adopt new technology because those changes impact millions of customers. However, faced with accelerating cyber fraud threats and major data breaches, both Account Take-over fraud and Card-Not-Present fraud continue to rise, making the risk of NOT taking steps toward better technology greater than the risk of a new breach that affects your customers.
Consumers Want Strong Security and Willing to Pay For It
The old, limiting belief that consumers will not pay for extra security has long been debunked. We proved that through the deployment of the Bank of America SafePass card (a 6-digit One-Time Passcode powered display card) for online bank account security. The unpromoted soft launch consumer acceptance was excellent – no help desk complaints (huge factor), and despite the $20 price tag, it garnered a surprising 30% adoption rate versus a free text-based OTP option.
Here’s the kicker: 10 years ago when BofA promoted the SafePass card, demand jumped 6 times! Consumers quickly paid $20 for a nice branded online banking authenticator card that lasts 5 years. Unfortunately, the marketing mindset feared it was scaring customers to purchase the extra account security, giving them the impression that it was not safe to bank online. So they de-emphasized it. Hmm.
The point is that it is time for the next level of authentication for consumers to protect themselves from Account Take-over and Card-Not-Present (CNP) fraud and banks need to lead the way. Who will be the differentiator?
The FFIEC’s Supplement to Authentication in an Internet Banking Environment reinforces the Guidance’s risk management framework and updates the expectations regarding customer authentication, layered security, and other controls in the increasingly hostile online environment. In particular the Supplement calls for the use of “dual customer authorization through different access devices” in a “layered security program,” such as the end-to-end solution that SurePassID provides.
The Payment Card Industry Data Security Standards (PCI DSS) mandate that organizations which “hold, process, or pass cardholder information” must meet a minimum level of security. Part of this security is protecting remote access logins with strong authentication. Specifically, section 8.3 says that organizations must:
Implement two-factor authentication for remote access to the network by employees, administrators, and third parties. Use technologies such as remote authentication and dial-in service (RADIUS) or terminal access controller access control system (TACACS) with tokens; or VPN (based on SSL/TLS or IPSEC) with individual certificates.
SurePassID is compatible with almost any authentication method and device, including:
- Mobile OTP App (smart phones, tablets) – installed on user’s device
- Browser OTP (desktops, laptops, tablets, smart phones) – installed on user’s device
- Push Authentication – mobile app downloadable from the app stores or directly integrated into the bank’s mobile banking app via our rich set of API’s. User is presented with a pop-up notification that prompts to “Approve” or “Deny” the login attempt.
- FIDO Virtual Mobile U2F – A SurePassID Exclusive: FIDO Universal 2-Factor (U2F) authentication using the mobile phone’s built-in fingerprint sensor to release a registered virtual FIDO token. Stronger than just a fingerprint and helps prevent fingerprint spoofing. No fingerprint sensor? No problem, simply use a PIN code or voice biometric or facial recognition coupled with the Virtual FIDO U2F token for a password-less experience.
Very Low Cost:
- Push SMS OTP – similar to Mobile OTP app but instead, the user receives a 6-digit OTP via text message and must enter it into the requesting application. Cost: 1 penny per text.
- Push SMS Challenge – similar to Mobile OTP but the user needs to only reply with a ‘Y’ via text message to allow access. No need to enter a 6 digit OTP. Cost: 1 penny per text.
- PassFaces – installed on user’s device
- Matrix Cards – Challenge-response ISO 7810-compliant printed cards; issued to users. Low tech, very inexpensive “bingo card” style solution.
- FIDO Device Authenticators – Password-less and biometric hardware tokens; issued to users
- OneCard – World’s first all-in-one converged logical and physical security credential and ID badge; issued to users
- OTP Display Cards – ISO 7816 and OATH compliant authenticator cards with display, optional on-card PIN pad, mag stripe, EMV or PKI chip; issued to users
- Dynamic CVx Credit Cards – ISO 7816 compliant, brandable credit cards with a small display on the back in place of the printed CVV/CVC code. Display automatically changes every x minutes (bank defined, no user behavior change). Or user presses one-button on-demand CVx code. Issuable as a Visa or Mastercard. The Dynamic CVx code ELIMINATES card-not-present fraud for online and mobile channels.
- OTP Keyfobs & Mini-Keyfobs – Traditional hardware tokens; issued to users
- Third Party OTP Tokens – OATH-compliant and proprietary RSA tokens; issued to users
Quickly Deploy Regulatory Compliant MFA
Deploying Multi-Factor Authentication (MFA) with SurePassID is the fastest path to compliance with FFIEC guidance and PCI DSS. SurePassID’s one-click installer is compatible with most legacy IT infrastructures and supports VPNs, RADIUS and TACACS.
According to the Federal Financial Institutions Examination Council (FFIEC), authentication in an Internet Banking Environment calls for, “effective methods to authenticate the identity of customers.” Single-factor authentication is the only control mechanism the FFIEC considers inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties.