When regulators told U.S. banks last fall to improve their consumer authentication systems by the end of 2006, security product vendors started licking their chops. With less than six months until the deadline, vendors are still salivating, though some of their tummies are really starting to grumble, too.

That's because banks have taken their time addressing the new Federal Financial Institutions Examination Council (FFIEC) guidance. Investment Bank Roth Capital Partners recently found that while 69% of 135 financial institutions surveyed expect to reach compliance by year-end, just 16% have moved past the risk assessment stage.

"It's a pretty ambitious program. I actually feel quite sorry for the banks," says Chris Voice, CTO at Entrust, one of the security companies looking to cash in on the new requirements. "I was at a trade show last year and must have seen 100 vendors with FFIEC mentioned everywhere."

Voice says Entrust's $50 million acquisition last week of a fraud detection company called Business Signatures is partly aimed at helping banks that need to scramble to meet the FFIEC guidance. Business Signatures' passive monitoring technology allows for improved customer protection but without the need to mess around with back-end applications or change the end-user experience (as is the case with something like Bank of America's SiteKey service).

"We think it's a much faster, low-risk, low-cost way of getting to the FFIEC compliance, though ultimately we think banks will roll out technologies that involve changing the user experience, too," Voice says.

The fraud detection offerings complement Entrust's existing data protection (laptop security, e-mail security, etc.) and authentication products, including those based on Public Key Infrastructure.

The Addison, Texas, company isn't shy about the PKI underpinnings of some key products, whereas other vendors tend to treat PKI like a dirty word. Asked about whether PKI's time has finally come, Voice says, "I'm not sure it ever went away. The hype came and went, but we've had an ongoing PKI business and I don't see that changing."

The emergence of PKI-enabled passports and national ID cards, plus the ubiquity of PKI-aware applications, have validated public-key technology, Voice says. (Roth Capital, which discloses that it makes a market in Entrust shares, cites "government credentialing" as a promising opportunity over the next few years.)