News

11:15 AM
Connect Directly
RSS
E-Mail
50%
50%

Vidoop Authentication Solution Addresses Top Online Security Threat

Bank customers log in using a combination of image recognition and PINs instead of the traditional user name and password.

An innovative new technology promises to strengthen online security for banking customers. According to industry commentators, software from Portland, Ore.-based Vidoop that uses a combination of images and one-time passwords to authenticate online users is superior to existing authentication systems. And it's available for free.

Vidoop´s ImageShield technology uses a combination of images and one-time passwords to authenticate online users.
Vidoop´s ImageShield technology uses a combination of images and one-time passwords to authenticate online users.
In the three months since BS&T encountered Vidoop at Finovate -- a biannual event showcasing approximately 20 technology offerings deemed the most novel by Finovate organizers, the publishers of Net Banker -- the firm signed its first five banks, says Mitchell Savage, EVP of business development with the three-year-old firm. While he is not at liberty to disclose the banks, Savage says they will go live on Vidoop's ImageShield product this summer. He adds that each bank has less than $3 billion in assets.

Though the five banks are Vidoop's first bank customers, about 80 banks use the vendor's technology as clients of Charles Schwab Retirement Technologies, Vidoop's first financial customer. Schwab has been a Vidoop client for most of the two years that ImageShield has been available, Savage reports.

Tom Wills, a senior security analyst with Javelin Strategy & Research (Pleasanton, Calif.), says the Vidoop solution "is the most imaginative approach to security I've seen in a long time." At registration, he describes, users select a category of images (e.g., animals, automobiles, aircraft, etc.). When they log in, they are presented with a grid of images, each displaying an alphanumeric image code. The user enters into the password field the code from the image that fits the preselected category.

"It sounds complicated, but it's very intuitive and easier to remember than a password, as you just have to remember the [image] category you chose," Wills says, adding that Vidoop is one of the first companies to use a combination of image recognition (a relatively new login alternative to passwords) and a one-time pass code. (Huntingdon, England-based GrIDsure is another.) "That makes it a lot harder for someone to break than, say, Sarah Palin's Yahoo password," Wills jokes.

Vidoop also presents its images differently than most image-recognition software does, Wills points out. Instead of showing the same picture again and again, risking the user's habits being observed, Vidoop changes the images while keeping the category (e.g., animals) consistent, he explains.

Further, ImageShield is available with an extra layer of verification. The solution can support two-factor authentication by calling users for voice authentication or sending them one-time access codes via text message.

According to Vidoop's Savage, ImageShield addresses what the vendor claims is today's biggest security threat. "Keylogging malware is now a bigger threat than phishing," he contends. Using keylogging applications, Savage explains, hackers can exploit traditional authentication methods by searching for the giveaway sequence of "user name" and "password" and isolating the necessary data.

While Javelin's Wills does not agree that keylogging has surpassed phishing as a security threat, he acknowledges that these fraud methods are "two of the very top online threats."

Observers consider Vidoop's product of definite value. "That sounds neat," says Richard Harp, director of corporate security with Columbus, Ohio-based Huntington National Bank ($55 billion in assets). Although Harp has not seen the application, asked if he believes the combination of image recognition and PIN gives Vidoop an edge over other authentication solutions, he says, "I think it does."

An Affordable Security Solution

Another advantage that ImageShield has over other online security solutions, Vidoop claims, is a lower cost of ownership. In fact, "This solution is available at no cost," says Vidoop's Savage, who explains that the vendor offers a free sponsored version of the software. According to Savage, manufacturers sponsor categories of images -- for example, Mercedes-Benz, a Daimler AG company, pays Vidoop to ensure that all auto images are of cars made by the automakers Smart division.

Surprisingly, even in a strained economy none of the financial institutions using Vidoop's ImageShield application chose the free option. "When the first does, others will follow," Savage predicts. "But banks are conservative and may think, 'If you don't pay, it isn't worth much.' "

Nonetheless, the banks will realize reduced costs with the ImageShield product, Savage asserts, pointing to a reduction in customer service calls thanks to the user-friendly access method. "The No. 1 call to most customer support centers is login issues," he contends.

Besides, Savage adds, to attract and retain online customers -- especially during the economic downturn -- banks must demonstrate that they are doing everything possible to secure users' accounts.

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology - August 2014
Modern core systems are emerging as the foundations of effective channel integration and customer engagement initiatives.
Slideshows
Video
Bank Systems & Technology Radio