August 20, 2008
Security Solution Relying on CA, Arcot Technology Helps Businesses Reduce Risks Associated With On-Line Fraud, Identity Theft
CA, Inc. (NASDAQ:CA) and Arcot Systems today announced the availability of a solution designed to help organizations reduce the risk of fraud and identity theft in online transactions through risk-based authentication. Businesses are employing risk-based authentication technologies for their Web-facing applications in light of threats such as phishing and other forms of social engineering, as well as in response to regulatory initiatives such as online banking guidance issued by the Federal Financial Institutions Examination Council, the market trend to deliver software-as-a-service, and simple good business practices.
The reseller agreement with Arcot allows CA to extend its suite of identity and access management products that help secure Web businesses and identities online. By implementing risk-based authentication technology, CA customers can confidently conduct Web-based transactions. It also helps instill in their customers and other users a level of comfort that their identities and their personal, private information are better protected online.
"Financial institutions, government agencies, retail businesses, and health care organizations are struggling with the dramatic increase in online fraud and identity theft," noted Mark Diodati, senior identity and privacy analyst with Burton Group. "The integration of web access management with risk-based authentication provides great synergies by enabling organizations to dynamically adapt to evolving threats, and improve their compliance posture. The use of stronger authentication with web access management can also reduce risk and improve customer confidence."
CA SiteMinder Web Access Manager and Arcot RiskFort
The combination of CA SiteMinder Web Access Manager with Arcot RiskFort offers organizations a risk-based authentication capability that helps detect, assess and block fraud attempts in real time for any consumer- or enterprise-facing portal. By comparing the context of current transactional requests with historical performance, and using statistics and analysis to identify abnormal activity, RiskFort calculates a risk score. CA SiteMinder can then grant or deny access, or initiate other actions based on the risk score and corporate security policies.
For example, if you normally access your online bank account from your home desktop computer in New York, but you are attempting to log in from a laptop connected in Germany, this could raise a flag because it is outside the "normal activity" RiskFort has identified for your account. As a result, you may be granted access, denied access, granted access with limited rights or redirected for further qualification all based on the risk policies of the organization.
"Proving that you are who you say you are is of paramount importance for everyone involved in any online transaction. As all industry sectors expand to take advantage of the Web and open more applications to customers, remote employees, contractors and partners, it is essential that they have additional capabilities to assure the identity of the individuals requesting access," said Bill Mann, senior vice president, CA Security Management.
"Moving forward as Web 2.0, software-as-a-service, collaboration and social networks gain greater relevance for business, the demand for identity assurance will be even more critical. CA SiteMinder and the addition of Arcot RiskFort gives customers a solution for risk-based authentication, identity assurance and application access that is easily and cost-effectively deployed," said Mann.
CA SiteMinder Web Access Manager and Arcot WebFort
For those customers who prefer to use a software-only approach to strong authentication versus hardware-based alternatives, the agreement between Arcot and CA also enables CA to resell Arcot WebFort and provide it integrated with CA SiteMinder Web Access Manager. This provides customers with an easy-to-deploy, low cost, software based alternative for strong authentication and secure Web access.
"The days of simply requiring a user ID and password for authentication are numbered as the risk is simply too great," said Ram Varadarajan, president and CEO of Arcot. "At the same time, stronger authentication must be simple and convenient for users or they will not use it. Arcot's best-in-class authentication automatically strengthens the security of password-based authentication and bridges the gap between security, cost and convenience. Arcot RiskFort and WebFort products provide protection from Internet threats while retaining a familiar, easy-to-use username/password user experience without having to deploy hardware tokens."
Arcot makes online access and internet transactions safe for millions of users worldwide by protecting and verifying users' identities. Its simple and convenient authentication solutions automatically and transparently upgrade the security of password-based authentication, enabling stronger security for the billions of passwords in use today.
Arcot's software-only architecture means companies can strengthen authentication security without changing user behavior or deploying expensive hardware. Arcot's best-in-class authentication provides protection from internet threats and bridges the gap between cost, convenience, and strength. Arcot offers risk authentication, multi-factor authentication, digital signing, and cardholder authentication solutions that are delivered on-premise or on-demand as an Arcot hosted service. Arcot solutions comply with U.S. and international security standards including 3-D Secure, CardSpace, FFIEC, OpenID, SAFE, and SAML.
CA (NASDAQ: CA) is the world's leading independent IT management software company. With CA's Enterprise IT Management (EITM) vision and expertise, organizations can more effectively govern, manage and secure IT to optimize business performance and sustain competitive advantage. For more information, visit www.ca.com.
Copyright (C) 2008 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.