Risk
11/16/2006
02:15 AM
50%
50%

Bank Chooses Comodo

null

JERSEY CITY, N.J. -- Comodo, a global Certification Authority and leading provider of Identity and Trust Assurance Management solutions, announced today that Boiling Springs Savings Bank is deploying Comodo's PKI-based Two Factor (TF) authentication solution as a critical component of its best practices strategy to comply with FFIEC guidelines. Comodo TF is a component of Comodo's S.A.F.E solution, which is an integrated suite of technologies that provides a best practices approach to mutual authentication, identity assurance and protection from phishing, pharming, and man-in-the-middle attacks.

"Our strategy to empower consumers with tools to protect their online identity, their PC and their online interactions has gained significant market momentum," said Melih Abdulhayoglu, President and CEO of Comodo. "Today, more businesses and consumers are actively seeking out the Comodo brand in a variety of market segments – from PC protection driven by our award winning free Firewall solution to identity verification solutions such as our site seal called Corner of Trust. This high level of brand recognition translates into increased trust when consumers see the Comodo brand during the course of their online interactions."

Comodo Two Factor (TF) Client Certificates - a High-Performance, Low Cost Solution with No Integration Financial institutions are under pressure to comply with Federal Financial Institutions Examination Council (FFIEC) guidelines by year-end to evaluate and strengthen their mutual authentication processes for online banking transactions. To comply with the guidelines, financial institutions seek to employ a multifactor solution with ease of integration, ease of adoption by online banking customers and ease of configurability. With Comodo TF, Boiling Springs Savings Bank can support a high-performance two- factor solution while reducing operating costs. This two-factor solution offers significant advantages over other two factor solutions (such as matrix cards, tokens or image recognition solutions):

  • One of the only PKI based two factor solution – PKI is considered one of the strongest forms of authentication available for online security
  • Lowest cost solution due to an established PKI infrastructure and digital certificate lifecycle management processes
  • Virtually the easiest multi-layer solution for members to adopt because there is no change in member's online banking behavior once a
  • DigitalID has been created. Members conveniently continue to use their existing usernames and passwords.
  • High level of flexibility and configurability for the financial institution
  • A platform that will support future authentication requirements Solution can be deployed in days Ease of customer support

Boiling Springs Deploys A Best Practices Approach To Mutual Authentication - Comodo TF + Comodo Content Verification Certificates (CVC)

As a best practices financial institution, Boiling Springs incorporated Comodo TF within their overall mutual authentication business process. To enable this level of mutual authentication, Boiling Springs is deploying two synergistic technologies: Comodo TF and Comodo Content Verification Certificates (CVC). While Comodo TF enables Boiling Springs to authenticate the identity of the customer, Boiling Springs also deployed CVC's so that their customers can verify the identity of the bank. CVC's uniquely tie specific web content, such as the log in box and graphical images, to specific Boiling Springs URL's and/or IP addresses thus confirming the site's identity. Together, this provides a PKI based mutual authentication process that thwarts phishing attacks, renders man-in the-middle attacks ineffective and protects customers against identity theft.

"As an Open Solutions Internet Banking application customer, we felt that the Comodo TF solution offered us the best mix of strength of security, convenience for our online banking customers, and lowest Total Cost of Ownership of the options available for mutual authentication," said Ken Emerson, CTO of Boiling Springs Savings Bank. "The other advantages are ease of deployment with practically no integration and a platform that will support our authentication requirements in the future."

Comodo's S.A.F.E. Solution was developed specifically to address diverse, complex and urgent needs of financial institutions for a solution that is configurable and practical. "The FFIEC guidelines are meant to address the changing nature of online identity and trust assurance threats," said Andrew Pynes, Executive Vice President of Comodo. "FFIEC guidelines require financial institutions to implement solutions this year that provide a highly secure, non-intrusive online banking experience. Comodo can help thousands of financial institutions protect their customers and achieve compliance with the guidelines."

Comodo Group

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7421
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

CVE-2014-8160
Published: 2015-03-02
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disall...

CVE-2014-9644
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-201...

CVE-2015-0239
Published: 2015-03-02
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYS...

CVE-2014-8921
Published: 2015-03-01
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by c...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.