CA and Arcot Systems have announced the availability of a solution designed
to help organisations reduce the risk of fraud and identity theft in online
transactions through risk-based authentication.

Businesses are employing risk-based authentication technologies for their
Web-facing applications in light of threats such as phishing and other forms
of social engineering, as well as in response to regulatory initiatives such
as online banking guidance issued by the Federal Financial Institutions
Examination Council, the market trend to deliver software-as-a-service, and
simple good business practices.
The reseller agreement with Arcot allows CA to extend its suite of identity
and access management products that help secure Web businesses and
identities online. By implementing risk-based authentication technology, CA
customers can confidently conduct Web-based transactions. It also helps
instill in their customers and other users a level of comfort that their
identities and their personal, private information are better protected
Further driving the movement to risk-based authentication is the need to
improve security practices to protect a corporate reputation and assure
customers their data is safe. A recent security survey sponsored by CA
revealed that an average of 34 percent of the respondents reported either
loss of trust or confidence, embarrassment or reduced customer satisfaction
as a result of a security breach.
"Financial institutions, government agencies, retail businesses, and health
care organisations are struggling with the dramatic increase in online fraud
and identity theft," notes Mark Diodati, senior identity and privacy analyst
with Burton Group. "The integration of web access management with risk-based
authentication provides great synergies by enabling organisations to
dynamically adapt to evolving threats, and improve their compliance posture.
The use of stronger authentication with web access management can also
reduce risk and improve customer confidence."
The combination of CA SiteMinder Web Access Manager with Arcot RiskFort
offers organisations a risk-based authentication capability that helps
detect, assess and block fraud attempts in real time for any consumer- or
enterprise-facing portal. By comparing the context of current transactional
requests with historical performance, and using statistics and analysis to
identify abnormal activity, RiskFort calculates a risk score. CA SiteMinder
can then grant or deny access, or initiate other actions based on the risk
score and corporate security policies.
For example, if you normally access your online bank account from your home
desktop computer in New York, but you are attempting to log in from a laptop
connected in Germany, this could raise a flag because it is outside the
"normal activity" RiskFort has identified for your account. As a result, you
may be granted access, denied access, granted access with limited rights or
redirected for further qualification all based on the risk policies of the
"Proving that you are who you say you is of paramount importance for
everyone involved in any online transaction. As all industry sectors expand
to take advantage of the Web and open more applications to customers, remote
employees, contractors and partners, it is essential that they have
additional capabilities to assure the identity of the individuals requesting
access," says Bill Mann, senior vice president, CA Security Management.
"Moving forward as Web 2.0, software-as-a-service, collaboration and social
networks gain greater relevance for business, the demand for identity
assurance will be even more critical. CA SiteMinder and the addition of
Arcot RiskFort gives customers a solution for risk-based authentication,
identity assurance and application access that is easily and
cost-effectively deployed," says Mann.
For those customers who prefer to use a software-only approach to strong
authentication versus hardware-based alternatives, the agreement between
Arcot and CA also enables CA to resell Arcot WebFort and provide it
integrated with CA SiteMinder Web Access Manager. This provides customers
with an easy-to-deploy, low cost, software based alternative for strong
authentication and secure Web access.
"The days of simply requiring a user ID and password for authentication are
numbered as the risk is simply too great," says Ram Varadarajan, president
and CEO of Arcot. "At the same time, stronger authentication must be simple
and convenient for users or they will not use it. Arcot's best-in-class
authentication automatically strengthens the security of password-based
authentication and bridges the gap between security, cost and convenience.
"Arcot RiskFort and WebFort products provide protection from Internet
threats while retaining a familiar, easy-to-use username/password user
experience without having to deploy hardware tokens."