Digital identity vendor Entrust said on Thursday that it is acquiring Business Signatures, a maker of fraud detection technology, for around US$50 million in cash.
The deal will add Business Signatures’ real-time fraud detection technology to Entrust’s IdentityGuard authentication platform. The deal is just the latest marriage between authentication and antifraud vendors, amid torrid demand for strong authentication technology ahead of a January 1, 2007 deadline to comply with guidance from the Federal Financial Institutions Examination Council (FFIEC).
Based in Redwood City, California, Business Signatures was founded in 2001, has around 40 employees and counts Citibank and H&R Block as customers.
Using technology called the Data Streams Intent Processor and a fraud database dubbed e-FraudMart, Business Signatures scans and analyzes HTTP data streams created by Web transactions, such as those created in online shopping or banking sessions. The company claims the technology can spot fraudulent wire transfers, bill payments, account hijackings as well as “man in the middle” attacks and the activity of Trojan horse programs.
Using server based technology the Business Signatures products captures Web transactions in their entirety and passively detects anomalous behaviour. Warnings and alerts generated by the system can be sent to fraud officers, who can then stop bad transactions before they clear, said Chris Voice, CTO at Entrust, in an interview with InfoWorld.
The Business Signatures technology is low impact, because it captures transaction traffic passively and doesn’t require complicated integrations with existing business applications to work. That’s an asset for financial services companies that want to comply with FFIEC by January 1 without having to tweak brittle legacy applications on the back end, said Avivah Litan, an analyst at Gartner Inc.
The passive approach also works because banks generally don’t do instantaneous, or “straight through” processing of transactions, so Business Signatures has time to analyze a transaction after it has occurred, but before money has been transferred. Any cancellations that occur do so in a way that is transparent to the customer, she said.
Entrust will add Business Signatures to its IdentityGuard product line, giving banking and financial services companies a quick fix for FFIEC solution to its customers, Voice said. “Companies are struggling today with FFIEC. This is a way to get them to the finish line.”
Beyond that immediate goal, Entrust sees a place for antifraud wares beyond consumer banking in areas like financial services, commercial banking, credit cards, retail and enterprise, he said. That may open doors to Entrust’s other strong authentication technology, such as tokens and authentication grids.
“We want to partner with companies, solving their immediate needs with FFIEC and then growing with them,” Voice said.
Down the road, that could mean extending relationship with companies like Oracle and IBM to add fraud and anomaly detection to identity and access management products from those companies. “Strong authentication is a place where those companies have not gone. We can help extend identity and access management back further,” Voice said.
Entrust is just the latest company to scoop up an antifraud startup. RSA Security Inc. purchased Cyota in December, 2005 (http://www.infoworld.com/4311) and PassMark in April (http://www.infoworld.com/4312) to boost its presence in the consumer authentication and fraud detection space. VeriSign purchased SnapCentric in February, for its fraud detection capabilities.
Federal regulations aside, online attacks are becoming more sophisticated and forcing financial institutions everywhere to supplement back end systems with technology that can spot fraud patterns. Recent news about phishing attacks against one-time password technology used by Citibank are already giving pause to some banks that are implementing strong authentication and putting an even higher premium on fraud detection technology, Litan said.
