Risk
11/16/2006
02:15 AM
50%
50%

Bank Chooses Comodo

null

JERSEY CITY, N.J. -- Comodo, a global Certification Authority and leading provider of Identity and Trust Assurance Management solutions, announced today that Boiling Springs Savings Bank is deploying Comodo's PKI-based Two Factor (TF) authentication solution as a critical component of its best practices strategy to comply with FFIEC guidelines. Comodo TF is a component of Comodo's S.A.F.E solution, which is an integrated suite of technologies that provides a best practices approach to mutual authentication, identity assurance and protection from phishing, pharming, and man-in-the-middle attacks.

"Our strategy to empower consumers with tools to protect their online identity, their PC and their online interactions has gained significant market momentum," said Melih Abdulhayoglu, President and CEO of Comodo. "Today, more businesses and consumers are actively seeking out the Comodo brand in a variety of market segments – from PC protection driven by our award winning free Firewall solution to identity verification solutions such as our site seal called Corner of Trust. This high level of brand recognition translates into increased trust when consumers see the Comodo brand during the course of their online interactions."

Comodo Two Factor (TF) Client Certificates - a High-Performance, Low Cost Solution with No Integration Financial institutions are under pressure to comply with Federal Financial Institutions Examination Council (FFIEC) guidelines by year-end to evaluate and strengthen their mutual authentication processes for online banking transactions. To comply with the guidelines, financial institutions seek to employ a multifactor solution with ease of integration, ease of adoption by online banking customers and ease of configurability. With Comodo TF, Boiling Springs Savings Bank can support a high-performance two- factor solution while reducing operating costs. This two-factor solution offers significant advantages over other two factor solutions (such as matrix cards, tokens or image recognition solutions):

  • One of the only PKI based two factor solution – PKI is considered one of the strongest forms of authentication available for online security
  • Lowest cost solution due to an established PKI infrastructure and digital certificate lifecycle management processes
  • Virtually the easiest multi-layer solution for members to adopt because there is no change in member's online banking behavior once a
  • DigitalID has been created. Members conveniently continue to use their existing usernames and passwords.
  • High level of flexibility and configurability for the financial institution
  • A platform that will support future authentication requirements Solution can be deployed in days Ease of customer support

Boiling Springs Deploys A Best Practices Approach To Mutual Authentication - Comodo TF + Comodo Content Verification Certificates (CVC)

As a best practices financial institution, Boiling Springs incorporated Comodo TF within their overall mutual authentication business process. To enable this level of mutual authentication, Boiling Springs is deploying two synergistic technologies: Comodo TF and Comodo Content Verification Certificates (CVC). While Comodo TF enables Boiling Springs to authenticate the identity of the customer, Boiling Springs also deployed CVC's so that their customers can verify the identity of the bank. CVC's uniquely tie specific web content, such as the log in box and graphical images, to specific Boiling Springs URL's and/or IP addresses thus confirming the site's identity. Together, this provides a PKI based mutual authentication process that thwarts phishing attacks, renders man-in the-middle attacks ineffective and protects customers against identity theft.

"As an Open Solutions Internet Banking application customer, we felt that the Comodo TF solution offered us the best mix of strength of security, convenience for our online banking customers, and lowest Total Cost of Ownership of the options available for mutual authentication," said Ken Emerson, CTO of Boiling Springs Savings Bank. "The other advantages are ease of deployment with practically no integration and a platform that will support our authentication requirements in the future."

Comodo's S.A.F.E. Solution was developed specifically to address diverse, complex and urgent needs of financial institutions for a solution that is configurable and practical. "The FFIEC guidelines are meant to address the changing nature of online identity and trust assurance threats," said Andrew Pynes, Executive Vice President of Comodo. "FFIEC guidelines require financial institutions to implement solutions this year that provide a highly secure, non-intrusive online banking experience. Comodo can help thousands of financial institutions protect their customers and achieve compliance with the guidelines."

Comodo Group

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The Impact of a Security Breach 2017
The Impact of a Security Breach 2017
Despite the escalation of cybersecurity staffing and technology, enterprises continue to suffer data breaches and compromises at an alarming rate. How do these breaches occur? How are enterprises responding, and what is the impact of these compromises on the business? This report offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.