RSA Security late last year acquired privately-held Cyota, which offers online security and anti-fraud services to help financial institutions protect consumer accounts. Art Coviello, CEO of RSA Security, recently sat down with Network World\u2019s senior editor Ellen Messmer to discuss the Cyota acquisition and RSA\u2019s views on the future of authentication.Cyota with its anti-fraud services for banks is a very different type of business than RSA Security has traditionally been in with its SecurID products for two-factor authentication and the BSAFE encryption tool kits. What made you think of acquiring Cyota?We started 2005 flattish, and I was more than a little unhappy. I said to employees, if there\u2019s such a great market for authentication, we have to create it. We spent April to July figuring out strategy options that would call us to drive the market. We asked, what are the choices we need to give people? A different approach we noticed is risk-based analytics, especially on the consumer side. That was Cyota.How does the Cyota analytics work?At Cyota, they\u2019ll monitor consumer transactions based on several things: computer profile, browser and transaction behavior, to have servers in the bank looking at fraud monitoring. We\u2019re gathering data about legitimate users so when they come again, we\u2019ll know them.So suppose the Cyota service for the bank spots what the risk-based analytics determine is a criminal trying to imitate a legitimate customer?We work with the ISPs and shut them down. We do forensics and provide that to law enforcement. The fraudster gets pushed away and shut down. About 10 large banks, and now eTrade Financial, use Cyota to share information about fraud collaboratively as part of Cyota\u2019s eFraudnetwork.Isn\u2019t this a lot different business than what RSA Security has been involved in up to now?I don\u2019t think we\u2019re getting away from our roots. We\u2019re just getting more pragmatic.Cyota is a start-up. Is it profitable yet? What does it cost to a financial enterprise to use Cyota?Cyota is about to make money. As far as the fraud-based services, Cyota costs about $1 to $2 per user per year.The Cyota service is typically used to guard against fraud based on re-usable passwords. But RSA Security has long held that strong two-factor or encryption-based authentication provides much better security than re-usable passwords. How do you reconcile this somewhat contradictory viewpoint after advocating for so many years that people get away from re-usable passwords?We have a passion for authentication. When it\u2019s something in between, Cyota will ask you for more information, such as identifying an image you picked out earlier.On the topic of strong authentication and the RSA SecurID token for generating a one-time password, what\u2019s the status there?The second major decision we made in addition to buying Cyota was to launch what we call \u201ccredentials everywhere.\u201d That means embedding the SecurID token in cell phones, memory sticks, Sandisk flash memory, RIM devices, the Motorola \u201cQ\u201d smartphone. We\u2019re developing sales and distribution relationships based on embedding the SecurID is these types of devices. Today, SecurID is available for the Palm and BlackBerry.