Cyber insurance doesn’t come cheap, and it doesn’t always pay out after a company is hacked. But today Scottsdale, Arizona-based Trusona announced it has become the world’s first insured authentication platform. Trusona, using its own cyber insurance, will insure the identity and thereby the transactions of Trutoken users up to $1 million.
Tim Greene previously wrote about Trusona’s “100% accurate authentication scheme,” which uses the company’s Trutoken dongle. The product is aimed primarily at users such as bank customers moving thousands of dollars or corporate executives with access to critical data.
Trutoken plugs into a smartphone and can tell if a credit card, driver’s license or any other type of identification card is legit and is being swiped by the right person. It does this by identifying unique aspects of magnetic strips on cards as well, as how the card is swiped. Card numbers stolen via a skimmer and copied onto another card, for example, won’t be a perfect match via the magnetic strip. Also, no two swipes will be exactly the same, and Trusona uses those differences to “guarantee safety from session replay attacks.”
It took 18 months of testing to become the world’s first insured authentication platform. After the technology was vetted by an A+ rated insurance carrier, Trusona can now provide up to $1 million coverage per financial transaction carried out on its platform. Trusona founder and CEO Ori Eisen, who is also an investor in Yubico, told AZ Big Media, “People want their vendor to put their money where their mouth is, and we’re doing just that.”
Tested by independent security experts
“The Trusona service has been subject to independent security testing as part of the process for them to offer an insured solution,” said James Aquilina, executive managing director at the cybersecurity consulting firm Stroz Friedberg. “We were pleased to note from our review that Trusona appears committed to understanding and managing the security risks of its service in order to offer an insured solution to its customers.”
“For too long, the Internet has been an open playground for fraudsters and hackers. But now Trusona has flipped the security game on its head, making it impossible for malicious actors to victimize companies and individuals through bypassed authentication measures,” said Kleiner Perkins Caufield & Byers (KPCB) general partner Ted Schlein. (KPCB previously invested $8 million in Trusona, and Schlein is a Trusona board member.) “Cybersecurity is often considered a cat-and-mouse game, but Trusona has made it possible to take a stand and stop threat actors in their tracks with 100 percent assurance. Being insured is just further proof of Trusona’s capabilities.”
When Eisen, who used to run fraud detection for American Express, was coming up with ideas for Trusona, he’d take them to a notorious former fraudster who would go about trying to defeat them until Eisen had a system that couldn’t be beaten. You may recall that fraudster—Frank Abagnale—perhaps not by his name but from Leonardo DiCaprio’s depiction of Abagnale’s fraud tricks in the 2002 movie Catch Me If You Can. The movie was based on Abagnale’s life as a fraudster; he later gave lectures about fraud to FBI agents. Now he serves as advisor to Trusona.
Other than some sort of sketchy security snake oil, there are generally no guarantees in the cyber world, so the fact that Trusona is backing its solution with its own cyber insurance is seriously interesting. Customers wouldn’t be in the unpleasant position of paying a fortune for cybersecurity liability insurance only to have their claim later fall through a loophole.
For those interested, below is Trusona’s pricing for each tier of insurance coverage:
- $1,000 coverage per transaction on unlimited transactions is $8 per month.
- $2,500 coverage per transaction on unlimited transactions is $40 per month.
- $1 million coverage per transaction on unlimited transactions is $100 per month.
If you are unfamiliar with Trusona, you might be inclined to watch a couple videos or read Trusona’s whitepaper on “calculating risk to insure online authentication and in-person identity-proofing” (pdf).
The first video shows the platform has sort of a paranoid slant, starting with the assumption that malware is listening to everything.
Trusona posted another video showing its solution vs. an ATM.