- What does Tricerion offer?
- What type of fraud does Tricerion protect against?
- How big is the problem of online fraud or account hijacking?
- What are the current trends in the industry to reduce online fraud?
- Why does my business require strong authentication?
- What is Tricerion's Keypad Personalisation technology?
- What is Tricerion's Triangulation technology?
- How does Tricerion's Strong Authentication technology protect against phishing / fraudulent email?
- How does Tricerion's Strong Authentication technology protect against pharming / fraudulent websites?
- How does Tricerion's Strong Authentication technology protect against man-in-the-middle attacks?
- How does Tricerion's Strong Authentication technology protect against shoulder surfing?
- How does Tricerion's Strong Authentication technology protect against keystroke loggers?
- How does Tricerion's Strong Authentication technology protect against screen capture?
- How does Tricerion differ from hardware tokens, smart cards and other forms of strong authentication?
- Could any future technological development undermine Tricerion's SafeEnterprise platform?
- Does Tricerion require the end user to install any new software or devices?
- Why should I choose Tricerion to secure my customers?
- How much does Tricerion's SafeEnterprise solution cost?
- How complex is it to integrate Tricerion with our current systems?
What does Tricerion offer?
Tricerion offers the SafeEnterprise platform - a strong authentication solution for online transactions. By this we mean that an existing registered user can log in to an online service in such a way that neither party can be falsified. A fake user cannot log in to the real service and a real user cannot accidentally reveal secret login credentials to a fake service. Tricerion achieves this using two patent-pending innovations Keypad Personalisation and Triangulation.
What type of fraud does Tricerion protect against?
Tricerion is the smartest available antidote to Phishing, the fastest growing area of online fraud, where the user is duped into visiting a fake site (e.g. one looking just like their real online bank) where they are lured into disclosing their security credentials. Tricerion also embodies state-of-the-art protection against a comprehensive range of other frauds including pharming, man-in-the-middle, shoulder surfing, keystroke logging, screen capture, and packet sniffing.
How big is the problem of online fraud or account hijacking?
The problem is big and getting bigger. Sections of the media and some industry analysts have cited alarmingly high online fraud estimates, but these have to be treated with caution; the tendency is to group all online fraud together and then quote that number when talking about any of the specific sub-areas of fraud, such as phishing. What is clear is that the problem is growing, both in scale and complexity. For example, phishing was almost unheard of at the end of 2003. Five years on there can hardly be an email user on the planet who does not receive frequent phishing emails, and the number of different phishing scams reported per month has risen to more than 30,000 (source: Anti-Phishing Working Group, Q1 2008). Financial institutions are at risk from direct financial losses and perhaps more seriously from indirect losses associated with damage to brand reputation and customer attrition from online services.
What are the current trends in the industry to reduce online fraud?
There is a growing realisation that simple username-password sign-in protocols are insufficient against fraud. The Federal Financial Institutions Examination Council (FFIEC) has made it mandatory for US financial institutions to use 'Strong Authentication' for their online customers. Tricerion's SafeEnterprise platform offers a high security, easy-to-install, low-cost, highly usable solution for institutions wishing to comply with FFIEC requirements. Similar regulatory initiatives are in process in other countries.
Why does my business require strong authentication?
Because without it your users are at risk of from falling prey to online fraud, e.g. to a phishing attack. This strikes directly at their confidence, not just in your brand, but also in the security of e-commerce in general. For this reason governments and regulators are increasingly moving towards making strong authentication mandatory for certain kinds of web service, and/or making service providers bear the costs of online fraud.
What is Tricerion's Keypad Personalisation technology?
Each user is presented with a highly personalized login environment in which to enter their password. The look-and-feel is customised to the user's preferences so they can be sure that the service is real, not fake. Furthermore, the password entry mechanism is so customised to the user that it prevents the possibility of users entering their password data on anything other than their own personalized keypad.
What is Tricerion's Triangulation technology?
Tricerion's SafeEnterprise solution is built around a 'triangulation' communications protocol, which separates 'identity' data from 'validation' data as it flow between the parties in the transaction. Data separation makes a man-in the-middle attack much harder than in conventional authentication systems. Additionally, the combination of Tricerion's Keypad Personalization and Triangulation technologies ensures that the user's password only exists in digital form inside the financial institution's firewall.
How does Tricerion's Strong Authentication technology protect against phishing / fraudulent email?
Fraudulent emails may still reach users, but even if they respond and visit a fake login site, they still cannot self disclose their authentication credentials.
How does Tricerion's Strong Authentication technology protect against pharming / fraudulent websites?
Users are not prevented from visiting fake web sites but when they get there they should be warned that something is wrong because the look-and-feel will be personalized to them. Even if they fail to notice this, they will find that they still cannot disclose their authentication credentials, even if they try.
How does Tricerion's Strong Authentication technology protect against man-in-the-middle attacks?
Tricerion Strong Authentication technology embodies both passive and active tools. Triangulation separates data into multiple channels, thereby significantly complicating the attacker's task. In addition, Tricerion's proprietary Active Countermeasures provide early warning and effective disabling of attack sites.
How does Tricerion's Strong Authentication technology protect against shoulder surfing?
Thanks to Tricerion's Keypad Personalization, keypad images may be unfamiliar to shoulder surfers, and the positional shuffling of images on the screen ensures that a shoulder surfer has to get a very close look at the user's screen in order to get a good enough look at the images.
How does Tricerion's Strong Authentication technology protect against keystroke loggers?
With Tricerion there are no keystrokes to log.
How does Tricerion's Strong Authentication technology protect against screen capture?
Tricerion incorporates tools to detect and disable unwelcome screen capture attempts.
How does Tricerion differ from hardware tokens, smart cards and other forms of strong authentication?
Logistical simplicity, usability and cost. Tricerion's SafeEnterprise requires no more than a simple server-side installation, with minimal integration disruption (but usually accompanied by issuing new passwords), in order to roll out the service enhancement to all an institution's account holders. The solution is immediately visible to users, alerting them to the institution's commitment to their security, but users do not require any training or explanation in order to use the new authentication features. All this can be done at a fraction of the cost of issuing hardware security tokens to users. We recognize that some institutions will continue to see a place for tokens (e.g. for high net worth accounts), and may choose to implement a mixed approach, in which Tricerion's remarkable valuefor-money makes it viable, even for low-net-worth accounts. For this reason, we have ensured that our Strong Authentication technology is complementary to most physical second factor solutions.
Could any future technological development undermine Tricerion's SafeEnterprise platform?
We live in a continuous arms race, with financial institutions constantly trying to strengthen their IT security defences and criminals constantly searching for new ways to breach them. Tricerion's SafeEnterprise solution has been developed with this in mind. It is implemented on a robust extensible security platform, following a design philosophy that avoids single points of failure. We follow a continuous programme of innovation to stay several steps ahead of those who have sold out their creativity to 'the dark side'. Tricerion customers benefit from ongoing service upgrades at no extra cost, to stay well ahead of the bad guys in the online security arms race.
Does Tricerion require the end user to install any new software or devices?
No.
Why should I choose Tricerion to secure my customers?
Because we have a unique and highly attractive price/performance proposition. Contact us to find out how your organization could benefit from Tricerion's breakthrough solution.
How much does Tricerion's Strong Mutual Authentication technology cost?
Tricerion has one of the most competitive price plans on the market.
How complex is it to integrate Tricerion with our current systems?
This is highly system-dependent, but our solution has been implemented to minimize integration tasks. Core integration activities can usually be carried out in a few days of effort. Total integration time will be dependent on an institution's specific planning, quality,testing and compliance regimes. For rule-of-thumb estimation purposes, assume up to two weeks for implementation, followed by several weeks of testing.