SecureData, a member of the JSE-listed ERP.com Group and distributor for RSA Security products in Sub-Saharan Africa, today announced that the latter has added a new module, which supports MasterCard's Chip Authentication Protocol (CAP) and Visa's Dynamic Passcode Authentication (DPA), part of the EMV standard for chip-based debit and credit cards, into its RSA Adaptive Authentication solution.
RSA Adaptive Authentication is a comprehensive, layered authentication solution currently in use by more than 35 of the top 100 US financial institutions as well as some of the largest banks in Europe. The technology is designed to meet the need for flexible, convenient authentication choices that serve financial institutions' entire user-base; the new CAP module provides financial institutions that have chosen to implement CAP with a flexible and user-friendly solution.
New smart card deployments by financial institutions around the world today are increasingly based on the EMV (EuroPay, MasterCard, Visa) standard, sometimes called 'chip and PIN' cards. The chip on these cards is able to store and run small applets, enabling the card to perform a number of different functions. One such function is the ability, when inserted into a suitable reader, to generate a one-time passcode. This application is called CAP - Chip Authentication Protocol (also referred to as Visa's Dynamic Passcode Authentication - DPA).
Benefiting from RSA's proven risk-based authentication and one-time-password authentication technologies, this integration helps to overcome three main obstacles related to traditional device-based two-factor authentication solutions, such as smart cards:
* Security vulnerabilities: by combining the RSA risk-based authentication technology with CAP, the solution ensures the system is more secure and less vulnerable to sophisticated online attacks such as man-in-the-middle and Trojan attacks, which can bypass many standalone two-factor solutions.
* Usability issues: the system is extremely usable and user-friendly - it allows financial institutions to implement CAP authentication and use risk-based authentication as a fall-back in low risk scenarios where, for example, a reader or a card is unavailable. It also enables non-payment-related, high-risk activities, such as address changes and new card requests to be authenticated transparently to the user.
* Mass deployment challenges: the robust solution allows CAP to be 'turned on' even before a full issuance cycle of CAP enabled cards and readers are fully deployed, while still protecting all users against fraudulent behaviour - something that could take up to three years in a normal card issuance cycle.
"Chip-based authentication of transactions has taken off around the world, and especially in Europe, and is steadily becoming the accepted standard," commented Andrew Moloney, senior product manager, consumer solutions, RSA, The Security Division of EMC.
"Our goal is to support the standards, while overcoming some of the real world issues that financial institutions considering the roll-out of card-based authentication face. Thanks to the one-time-password and risk-based authentication combination, the Adaptive Authentication CAP module is more secure, more user-friendly and can be deployed more quickly."
Financial institutions that deploy the Adaptive Authentication CAP module will also become members of the RSA eFraudNetwork community. Live, and monitoring fraudster activity across dozens of financial institutions around the world today, the proprietary network anchors RSA Adaptive Authentication by aggregating real-time data on the latest attacks and threats. The network collates some of the best, most up-to-date intelligence from across the globe, giving banks instantaneous information and instantaneous protection. The intelligence of one benefits all.
For further information, please contact Andrew Ochse at telephone (011) 790 2500; fax (011) 790 2599; e-mail andrewo@securedata.co.za.
RSA, the security division of EMC, is the expert in information-centric security, enabling the protection of information throughout its lifecycle. RSA enables customers to cost-effectively secure critical information assets and online identities wherever they live and at every step of the way, and manage security information and events to ease the burden of compliance.
RSA offers industry-leading solutions in identity assurance and access management, encryption, security information management and anti-fraud protection, bringing trust to millions of user identities, the transactions that they perform, and the data that is generated.
SecureData
SecureData, an ERP.com company, is Africa's premier value-added distributor and solution provider of perimeter, network and endpoint information security and risk management solutions. As well as being the sole distributor in Sub-Saharan Africa for Trend Micro, SecureData is the Sub-Saharan African distributor for AirDefense, Application Security, Cibecs, eEye, Network Engines, Precise Biometrics, Rocket Software, RSA Security, St Bernard Software, TippingPoint Technologies and Websense. For more information, visit SecureData at www.securedata.co.za.
ERP.com
ERP.com is a JSE-listed company focused on the implementation, integration and management of enterprise applications in an e-business environment. For more information, visit ERP.com at www.erpcom.co.za.
Editorial contacts

