Risk
11/16/2006
02:15 AM
Connect Directly
RSS
E-Mail
50%
50%

Bank Chooses Comodo

null

JERSEY CITY, N.J. -- Comodo, a global Certification Authority and leading provider of Identity and Trust Assurance Management solutions, announced today that Boiling Springs Savings Bank is deploying Comodo's PKI-based Two Factor (TF) authentication solution as a critical component of its best practices strategy to comply with FFIEC guidelines. Comodo TF is a component of Comodo's S.A.F.E solution, which is an integrated suite of technologies that provides a best practices approach to mutual authentication, identity assurance and protection from phishing, pharming, and man-in-the-middle attacks.

"Our strategy to empower consumers with tools to protect their online identity, their PC and their online interactions has gained significant market momentum," said Melih Abdulhayoglu, President and CEO of Comodo. "Today, more businesses and consumers are actively seeking out the Comodo brand in a variety of market segments – from PC protection driven by our award winning free Firewall solution to identity verification solutions such as our site seal called Corner of Trust. This high level of brand recognition translates into increased trust when consumers see the Comodo brand during the course of their online interactions."

Comodo Two Factor (TF) Client Certificates - a High-Performance, Low Cost Solution with No Integration Financial institutions are under pressure to comply with Federal Financial Institutions Examination Council (FFIEC) guidelines by year-end to evaluate and strengthen their mutual authentication processes for online banking transactions. To comply with the guidelines, financial institutions seek to employ a multifactor solution with ease of integration, ease of adoption by online banking customers and ease of configurability. With Comodo TF, Boiling Springs Savings Bank can support a high-performance two- factor solution while reducing operating costs. This two-factor solution offers significant advantages over other two factor solutions (such as matrix cards, tokens or image recognition solutions):

  • One of the only PKI based two factor solution – PKI is considered one of the strongest forms of authentication available for online security
  • Lowest cost solution due to an established PKI infrastructure and digital certificate lifecycle management processes
  • Virtually the easiest multi-layer solution for members to adopt because there is no change in member's online banking behavior once a
  • DigitalID has been created. Members conveniently continue to use their existing usernames and passwords.
  • High level of flexibility and configurability for the financial institution
  • A platform that will support future authentication requirements Solution can be deployed in days Ease of customer support

Boiling Springs Deploys A Best Practices Approach To Mutual Authentication - Comodo TF + Comodo Content Verification Certificates (CVC)

As a best practices financial institution, Boiling Springs incorporated Comodo TF within their overall mutual authentication business process. To enable this level of mutual authentication, Boiling Springs is deploying two synergistic technologies: Comodo TF and Comodo Content Verification Certificates (CVC). While Comodo TF enables Boiling Springs to authenticate the identity of the customer, Boiling Springs also deployed CVC's so that their customers can verify the identity of the bank. CVC's uniquely tie specific web content, such as the log in box and graphical images, to specific Boiling Springs URL's and/or IP addresses thus confirming the site's identity. Together, this provides a PKI based mutual authentication process that thwarts phishing attacks, renders man-in the-middle attacks ineffective and protects customers against identity theft.

"As an Open Solutions Internet Banking application customer, we felt that the Comodo TF solution offered us the best mix of strength of security, convenience for our online banking customers, and lowest Total Cost of Ownership of the options available for mutual authentication," said Ken Emerson, CTO of Boiling Springs Savings Bank. "The other advantages are ease of deployment with practically no integration and a platform that will support our authentication requirements in the future."

Comodo's S.A.F.E. Solution was developed specifically to address diverse, complex and urgent needs of financial institutions for a solution that is configurable and practical. "The FFIEC guidelines are meant to address the changing nature of online identity and trust assurance threats," said Andrew Pynes, Executive Vice President of Comodo. "FFIEC guidelines require financial institutions to implement solutions this year that provide a highly secure, non-intrusive online banking experience. Comodo can help thousands of financial institutions protect their customers and achieve compliance with the guidelines."

Comodo Group

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4262
Published: 2014-07-28
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-...

CVE-2013-4840
Published: 2014-07-28
Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.

CVE-2013-7393
Published: 2014-07-28
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions...

CVE-2014-2974
Published: 2014-07-28
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

CVE-2014-2975
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.