Finance firm finds answer for two-factor

While most companies doing business on the Internet are interested in getting better at customer authentication, financial institutions don't have a choice: The federal government is requiring them to install stronger controls by year-end.

That's the primary reason Mid-Atlantic Corporate Federal Credit Union, which services 1,200 credit unions and has more than $2 billion in assets, has decided to install Green Armor Solutions' Identity Cues Two Factor product discussed here last week.

Mid-Atlantic, which provides wire transfer, automatic clearinghouse and other services to credit unions, did an in-depth sweep of the market when it looked for a better authentication tool to meet the new federal requirements, says Bob Frank, vice president of IS.

"We sent an RFP with 150 questions to eight vendors," Frank says. A first pass on their responses narrowed the field to three promising participants.

To dive deeper, Mid-Atlantic invited the three to build a proof-of-concept installation using a sandboxed server and the Web application the service firm uses to support credit unions. That prospect scared away one more vendor, leaving Green Armor and Corillian, which was pitching its Intelligent Authentication product.

Cost wasn't an issue, Frank says, because the tools priced out virtually the same. He ultimately picked Green Armor because of the simplicity of the approach.

The first time customers log on to Mid-Atlantic's site and enter their user names and passwords, the server will send an e-mail with an ID to plug into the Web page. That will validate the customer. Green Armor will associate users with the machine they are on by doing a heuristic analysis of the Web session, examining variables particular to the user's device.

After that, the system will be invisible to users. They will enter their user names and passwords, and the second factor - that they're logging on from associated trusted devices - will be determined behind the scenes. (Logging on from a different device requires revalidation.)

"We liked that we could put it in place with limited development," Frank says, and the fact that there wasn't a separate management console. "Management is in the application, not the Green Armor solution. With others, the application could get locked up, and it could be a result of the app or the tool. That's more complex."

Was he worried about buying from a small newcomer? Frank says he had reservations, but he found that many players in this area are young and Green Armor seemed to have sufficient backing.

Although he has awarded the contract, Frank has yet to start deployment.

Copyright © 2006 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022