Entrust Announces New Authentication Offering to Combat Identity Theft

Entrust IdentityGuard™ System can easily and cost-effectively help to address user risks associated with identity theft and fraud in on-line transactions

In a recent survey performed by Greenfield Online and sponsored by Entrust, 80 percent of on-line users are concerned with the security of their on-line identity. Most of these attacks rely on the weakness of passwords, widely used to authentication users in e-commerce applications. Passwords are easy to steal through interception and deception, making them tempting targets for attackers who rely on fraudulent e-mails and web sites designed to trick users into providing confidential information.

While various authentication solutions exist today that make it more difficult for users’ identities to be stolen, these are typically expensive and complicated to deploy to large number of customers or partners. The Entrust IdentityGuard system provides a much simpler method of authenticating users by deploying random grids of alphanumerical characters that are in turn used to answer a challenge presented when accessing on-line transactions. By requiring different combinations of alphanumerics on the grid to answer each randomized challenge, attackers have little probability of being able to intercept a login and use it to subsequently to gain access to a user’s account.

Implementation of Entrust IdentityGuard system is made easier for customers by working with their existing applications to add incremental authentication requirements to existing username and password deployments. Organizations can also benefit from flexible methods of deploying grids to end users – on stand-alone wallet-sized plastic cards, in conjunction with existing cards or even in downloadable files. All these represent significantly less expensive options than many hardware-based alternatives.

Phil Schacter, analyst at Burton Group, said, "There is a growing urgency to combat identity theft, but few ways to cost effectively strengthen identity for large populations of individual customers. An innovative approach that doesn't rely on the distribution of costly tokens or hardware interface devices is a step in the right direction. One of the compelling advantages of the new system that Entrust is proposing is its simplicity and the absence of a heavyweight technical infrastructure."

Beyond the direct security benefit, organizations also have the potential to receive other business benefits by supporting improved authentication to protect user identities. In the same survey, 72 percent of users who do not currently bank online would consider doing so if the security of their on-line identities were better protected. Furthermore, 65 percent of respondents said that the protection of their identity would influence their selection of the bank with whom they deal. The Entrust IdentityGuard system can help allow organizations to address this opportunity, cost-effectively.

“Organizations are faced with the increasing demands of users, as well as regulatory compliance and privacy law mandates, to protect user identities in the face of growing threats from phishing and identity theft,” said Bill Conner, Chief Executive and Chairman of Entrust, Inc. “The Entrust IdentityGuard system provides businesses with a means to help address the demand for better security that is cost effective as well as being easy to deploy and use. Perhaps most importantly, according to those surveyed, end users are showing willing to adopt such a technology in order to decrease their risk of theft and fraud when conducting on-line transactions.”

* Additional Industry Analyst Supporting Quotes

“In the B2C world, any authentication mechanism that raises the difficulty bar for attackers without generating significant costs for the consumer or enterprise should be considered a positive development.” – Ray Wagner, Research Vice President, Information Security and Privacy, Gartner

Earl Perkins, Vice President of Security and Risk Strategies at META Group: "Authentication for access to applications and data needs a new minimum standard-- passwords need help. Such help needs to be inexpensive, simple, easy to use and deploy, easy to understand and easy to manage, yet provide a realistic degree of added security to make the act of authentication what it should be. Those that can provide such a solution will find a receptive customer market." – Earl Perkins, Vice President of Security and Risk Strategies, META Group

"There is a growing urgency to combat identity theft, but few ways to cost effectively strengthen identity for large populations of individual customers. An innovative approach that doesn't rely on the distribution of costly tokens or hardware interface devices is a step in the right direction. One of the compelling advantages of the new system that Entrust is proposing is its simplicity and the absence of a heavyweight technical infrastructure." – Phil Schacter, analyst at Burton Group

In a recent Forrester Research report*, Principal Analyst Jonathan Penn wrote of recommendations to defend against phishing attacks: "Engage in stronger customer authentication on your Web site. This removes phishers’ profit motive: If they can’t abuse stolen passwords and identity information, they will stop stealing them."

*Source: Forrester Research "Defending Against Phishing Attacks", Jonathan Penn, May 18, 2004

For more information about this press release please contact us.

Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. Entrust is a registered trademark of Entrust Limited in Canada. All other Entrust product names and service names are trademarks or registered trademarks of Entrust, Inc or Entrust Limited. All other company and product names are trademarks or registered trademarks of their respective owners.