Authentify – Anytime, Anywhere, Any device… Not Anyone
The Worldwide Leader in Phone-Based, 2-factor, 3-Factor OOBA Services
Online, it’s a world in which anyone might know the usernames, passwords, account numbers, SSN’s and other information belonging to your users. How do you protect their accounts? By making contact with the legitimate account owner via a separate and trusted communication channel and making certain the legitimate user is in control of the account.
Authentify offers flexible Out-of-Band Authentication (OOBA) services for strengthening the security of account access or verifying legitimate account activity. Authentication and verification are provided by engaging the end user in synchronized exchanges between their online accounts and separate voice or data channels via their telephones, smart phones or tablets. The end user’s phone or other smart device becomes an effective proxy for a security credential.
Authentify’s services are used across the globe in financial services, corporate security and retail e-commerce applications. Our customers count on us to strengthen logons with 2-Factor Authentication (2FA), provide transaction verification or harden other self-service online account activities that are routine, but potentially risky when executed anonymously
– Eliminates the need to type passwords
– Offers an authentication process users will love
– Defeats keystroke loggers and other threats
– Delivers the strength of PKI and biometrics minus the administration and cost
Instead of remembering passwords, the end user can wield a validated digital credential, tied to them by their voice biometric. The user interface is a simple to use mobile app. The Authentify xFA service that powers the app shields the end user and the Enterprise from the complexity of deploying and using digital certificates and voice biometrics.
More importantly, for user communities with users who do not have smart phones, Authentify can offer voice biometrics via standard mobile phones or landlines. The Enterprise can still deliver a more uniform and secure authentication process.
The Authentify 2CHK® Innovation
is an innovative transaction “authenticator”. For financial services firms who must protect their customers from man-in-the-middle and man-in-the-browser attacks, 2CHK offers a secure communication channel to their customers via their phones, or a secure second channel to the user’s desktop.
Authentify 2CHK will display transaction details for end user review and approval before final execution. If the details do not match what the user expected, the user can cancel the transaction via 2CHK.
Authentify 2CHK features:
– Multiple levels of security
– Review approval for multiple transactions
– Transaction signature capability
– An intuitive user interface
– No new devices to provision
– Strong protection for users and transactions
Identity & Access Management
Authentify’s Out-of-Band authentication (OOBA) provides corporations with a cost-effective, user-friendly approach to Identitiy & Access Management. Authentify employs a process requiring the user’s synchronized exchange between the Internet and their phone to provide powerful out-of-band authentication. This convenient method of user verification will enhance security in every identity and access management scenario, as well as save valuable time and resources.
Common Authentify Applications
Enrollment. The Authentify process can verify a new user’s identity and provide an audit trail of the enrollment process.
Emergency Access. Authentify can provide temporary access by substituting for a missing or damaged credential or can restore access, verifying identity before a user can reset his password.
Resetting account passwords represents a crucial security event for online customer accounts. With online criminals gaining easy access to customer generated passwords and other account information, it is nearly impossible to ensure that delivering a new password through email or other online mechanisms is secure.
Authentify’s password reset application combines true out-of-band safeguards with real-time delivery to produce the most secure and convenient method of resetting account access.
Phone-Based Two Factor
2 Factor Authentication or 2FA is the security term for providing two differentform factorsof identification forverifyingan identity orauthorizingan action.
The generally accepted form factors themselves are typically from three categories:
– Something a user knows. (a password or the answer to a challenge question)
– Something a user has. (an ATM card or a security token)
– Something a user is. (a biometric such as a voice print or finger print)
Authentify offers out-of-band authentication services in more than 120 countries and in any spoken language. We’ve learned one approach seldom suits all needs. Global presence or local focus we can tailor a solution for you and your users.
2 Factor Authentication Using the Telephone
Authentify enables online financial services firms to employ their online user’s telephone, something they have, as the second authentication factor. A phone call synchronized to an online session can be used as part of an online account activation, a regular part of a secure logon, a transaction verification or any account activity associated with higher risk.
2 Factor Authentication for VPN’s
Control access to your VPN with 2FA. Ensure secure access from anywhere, anytime not to just anyone! Users seeking to logon are authenticated via an out-of-band channel using a second device. The Authentify process transforms any device at which the user can be reached via voice, 3G/4G, or other data channel into a powerful security tool.
Authentify’s phone-basedout-of-band authentication (OOBA)process is a popular way to add2 Factor Authentication (2FA)as a step up process toVirtual Private Network (VPN)logons. Some call this 2 Step Verification. In this authentication schema, the end user’s telephone becomes a proxy for other form of a security credential.
Using the end user’s telephone or other smart device in this fashion for VPN access requires prior knowledge of the end user’s telephone number. The end user’s telephone number must also be added/included as a field in their normalLDAPaccessible database orActive Directoryuser record.
The Authentify service and the subsequent telephone call are invoked as a Web service. This lightweightRESTfularchitecture requires the VPN Gateway to be able to communicate with Authentify via anHTTPSInternet connection. To achieve the https communication, Authentify provides software for installing aRADIUScommunication proxy on a WIN OS server in the network and the RADIUS proxy manages the LDAP communications with your directory server.
Transaction Verification Payee Verification
As online banking and mobile banking have become more popular, cyber-criminals have found more insidious ways to take over accounts or intercept transactions that are in progress. Key loggers can be used to harvest account numbers, usernames and passwords which will permit a criminal to logon to an account as if they were the legitimate account holder.
Man-in-the-Middle and Man-in-the-Browser attacks are used to intercept transactions “in progress” and manipulate the details without the legitimate account holder’s knowledge. Typically, the amount of a transaction and the destination account are changed. The user believes they have sent $ 98 to the electric company, instead $980 have been directed to a different account.
Attacks and exploits at the transaction level have become serious enough to warrant specific mention in the July 2011 FFIEC Supplement to Authentication in an Internet Banking Environment.
Phone-based, out-of-band authentication is ideally suited to validate a transaction, or the addition of a new payee to an electronic funds transfer enabled account. The cyber-criminal may be able to steal account credential or re-direct a payment, but it raises the bar if they must also coordinate an attack against the legitimate account holder’s telephone.
In the simplest scenario, when an account is being used and a transaction amount is larger than ‘normal’ or a new payee is encountered on the bank side, the end user’s telephone will ring. The legitimate user will hear the transaction details “vocalized” by a human voice, (no cyber-voices with Authentify applications). For example, the user will hear “Hello, this is XYZ financial, if you are sending nine hundred and eighty dollars to an account ending in 4521, please enter the confirmation code displayed in your browser window”.