April 20, 2009 – PhoneFactor, a leading provider of security products and services, today announced the availability of Transaction Verification – a powerful tool for preventing fraudulent transactions in real-time.

For high-risk and high-value transactions, Transaction Verification protects against fraudulent activity by authenticating the transaction itself. By providing details about the transaction in the verification call, even if the user’s authenticated session has been hijacked, their transactions are protected.

“Attacks are becoming increasingly sophisticated – defeating traditional authentication methods such as tokens and certificates,” said Steve Dispensa, CTO of PhoneFactor. “The only way to protect against these threats is through out-of-band verification of the transaction itself. If you can provide this verification before the transaction occurs, the hassle of dealing with the aftermath if and when the account owner becomes aware of the fraudulent transaction is eliminated.”

Transaction Verification leverages the PhoneFactor phone-based two-factor solution which works by placing an automated call to the user. Users answer the phone and press # (or a PIN) to authenticate. PhoneFactor does not require users to key a One Time Password into the login interface – making the user experience seamless and providing a completely out-of-band authentication channel for added protection against sophisticated attacks like man-in-the-middle.

If a user gets a call requesting verification of an unauthorized transaction, they can simply press 911# to lock their account and notify their financial provider that an attack is in progress. The ability to not only stop the transaction before it occurs, but to also create a real-time alert is unlike any other solution on the market today.

March 31, 2009 – PhoneFactor, the leading provider of tokenless two-factor authentication, today announced an agreement with JSCAPE, the market leader in secure File Transfer Protocol (FTP) solutions and services, to deliver an integrated security solution to JSCAPE customers.

With PhoneFactor, JSCAPE users will login with a user name and password – just like they do today. Instantly, they’ll get a call. They simply answer the phone and press # to complete their login. PhoneFactor adds a critical layer of security with little impact to the JSCAPE user experience.

“Our customers include government agencies and financial institutions, so security is a top priority,” says Van Glass, CEO of JSCAPE. “After a thorough evaluation of two-factor authentication solutions, we found that PhoneFactor provides our customers with an additional layer of security that is much easier to use, and less expensive, than typical hardware token-based solutions.”

This integration demonstrates the simplicity of adding two-factor authentication to a critical business application. “One key benefit of PhoneFactor is the ease of integration with third party applications and services,” said Klint Borozan, Senior Vice President, PhoneFactor. “To make this security model of the future universally accessible, the integration had to be simple, cost effective, and easy to use.”

About JSCAPE
Since 1999, JSCAPE has been a leading provider of software components and server solutions for securing file transfers and network communications. JSCAPE offers secure file transfer and networking components for both Java and Microsoft .NET development environments, as well as secure managed file transfer servers for Linux, Solaris, Windows and Mac OS X platforms. JSCAPE software is used by a wide variety of businesses and government agencies in more than 50 countries. Learn more at www.jscape.com.

“Two-factor authentication is the centerpiece of one of the more interesting technologies at FOSE this week, one of those “why-haven’t-I-thought-of-that-before” technologies. ”

Read the entire article here: http://www.informationweek.com/blog/main/archives/2009/03/phonebased_auth.html

http://www.eweek.com/c/a/Security/How-to-Thwart-Network-Attacks-with-TwoFactor-Authentication/

February 25, 2009 – This Friday, Feb. 27, at 12 noon ET on PhoneFactor’s Internet Radio Talk Show Security Break Live! With Steve Dispensa, the hosts will share a plan to thwart attacks like the enormous personal file breach at Monster.com.

Who can afford to be afraid to post a resume these days? Tune in to find out ways to protect yourself while still getting your name out there. Co-Host Elinor Mills is a veteran journalist covering security, and will make sure no tough questions are left unasked.

Every 2^nd and 4^th Friday of each month, Security Break Live!, hosted by Steve Dispensa, PhoneFactor’s CTO, will broadcast potential solutions to crimes in the news. With live chat and the hosts taking callers, the twice-monthly show will also provide a community venue for critical discussions. Dispensa was an industry pioneer in transaction-level verification to combat man-in-the-middle attacks against authenticated sessions. The radio show airs at www.blogtalkradio.com/securitybreaklive.

Listen to the last show about ATM Fraud in Broad Daylight, Dispensa also hosts a blog at http://www.securitybreaklive.com.

Host Steve Dispensa, PhoneFactor’s CTO, Will Be Joined by Co-Hosts To Solve Cases, Offer Advice for Protection, and Take Callers, Live Chat

February 11, 2009 - With news stories breaking weekly about attacks on personal and financial data, PhoneFactor is starting an Internet Radio Talk Show called Security Break Live! With Steve Dispensa. The premiere show will take on ATM fraud and magnetic stripe card cloning.

With the jobless rate continuing to climb and the bad guys getting more desperate, the safety of personal data has never been in greater question. Security Break Live! will broadcast potential solutions to crimes in the news. With live chat and the hosts taking callers, the twice-monthly show will also provide a community venue for critical discussions about whether the law is keeping up with criminals’ ability to break it.

“Identity theft keeps skyrocketing, and we need to start talking about solutions. I want to help people protect themselves, and their businesses, from these imminent threats,” said Steve Dispensa, the show’s host and PhoneFactor’s CTO, who closely monitors emerging threats and the impacts on user authentication. Dispensa was an industry pioneer in transaction-level verification to combat man-in-the-middle attacks against authenticated sessions, and has numerous patents pending for related out-of-band authentication protocols.

The award-winning PhoneFactor, the two-factor authentication provider that secures millions of logins with a simple phone call, will kick off the radio talk show this Friday, Feb. 13, at 12 p.m. ET, at www.blogtalkradio.com/securitybreaklive. Dispensa is also hosting a blog at www.securitybreaklive.com.

The premiere show partners Steve Dispensa with guest co-host John Quain, CBS Up to the Minute tech correspondent and a frequent contributor to The New York Times. Together, they’ll take on the two latest cases of ATM fraud and card cloning in broad daylight. Is there anything you can do about the security risk of magnetic stripe cards? ATM cards are the easiest to steal, and the latest cases, where hundreds of cards were stolen, show that PCI regulations can’t stop the crime.

The radio show will be broadcast on the 2nd and 4th Friday of every month, with special live broadcasts from security industry shows, such as the RSA Conference in San Francisco, April 20th-24th.

The second show, to air on Friday, Feb. 27, at 12 p.m. ET, will take on the enormous security breach at Monster.com, one of the largest breaches of personal data in history. Joining Dispensa will be guest co-host Elinor Mills, senior writer at CNET News.

Medical records are one of the most important documents to protect from identity thieves. If a hacker gets a person’s medical records, they get the key to that person’s personal kingdom-insurance information, financial information, and access to very private matters that can affect job status, eligibility for mortgages-the implications are enormous.

PhoneFactor solves the identity theft problem, protects patient privacy in real-time, and is so easy to use that doctors take to it instantly.

Here’s how PhoneFactor works: A doctor needs to remotely access a patient’s hospital files from his private practice office. The doctor keys his user ID and password into the hospital network. His cell phone rings instantly, prompting the doctor to confirm the login. If the doctor keys in a PIN on his phone, he is given access. But if the doctor does not, the IT department back at the hospital is alerted immediately, access to the network is denied, and the attack is thwarted. The patient file is never compromised.

“We’ve got physicians starting to use PhoneFactor and they seem pretty enthralled,” said Mike Regan, Senior Network Analyst for Firelands Regional Medical Center in Sandusky, Ohio, which admits 250 area doctors. “Physicians like it because it’s simpler than tokens, which are also more expensive and can be lost. Doctors almost exclusively use their cell phones, though Phone Factor works with any phone.”

St. Joseph Hospital, Southern New Hampshire’s largest acute care hospital and trauma center, has also adopted PhoneFactor with great results.

“Patient confidentiality is one of our top priorities here at St. Joseph,” said Brian Murphy, Director of IT Infrastructure for St. Joseph’s Healthcare. “We sought to add a secure second layer to our password/username system. PhoneFactor not only allowed us to do this easily, but it also was unobtrusive and affordable.”

PhoneFactor is not just easier for the end user. For network administrators, it is easy to implement and seamlessly integrates with any VPN, enterprise application, or website. Firelands Regional Medical Center and St. Joseph Hospital join other leading health care organizations, including as OhioHealth, Nationwide Children’s Hospital Research Institute, National Surgical Care, and others who have implemented PhoneFactor’s two-factor authentication platform.

PhoneFactor’s popularity in the medical industry continues to accelerate as regulatory agencies push for additional security measures to ensure that only authorized individuals have access to hospital systems and patient data. The Health Insurance Portability and Accountability Act (HIPAA) and many state pharmacy boards are calling for strong authentication when accessing patient records or prescribing medicine through online systems. To comply, health care organizations must require more than a user name and password before allowing access to their systems. Often, these additional forms of authentication are not user-friendly. Many require users to carry a security token or other device, or restrict them to logging in from a particular computer. PhoneFactor solves these problems.

About Firelands Regional Medical Center
Firelands Regional Medical Center is north central Ohio’s largest and most comprehensive resource for quality medical care. With more 250 physicians and allied health practitioners on staff, representing 33 specialties, Firelands Regional Medical Center provides care each year to 10,000 inpatients, 277,000 outpatients and 102,000 community program participants.

About St. Joseph Hospital
St. Joseph Hospital is southern New Hampshire’s largest acute care hospital and trauma center. St. Joseph Hospital is building on a century of service to meet the growing needs of our community through innovation, leading-edge technology, and the highest-quality medical care, our tradition since 1908. Their medical staff, employees, and volunteers are recognized among the very best by all the standard quality measures and by those who count the most – their patients.

Founded in 2001 by Tim Sutton, CEO, and Steve Dispensa, CTO, the company has sold its highly-successful remote access line of business, and is now named PhoneFactor, the moniker of its phone-based, two-factor authentication product. When someone keys in an ID and password to log onto a network or website, their phone rings, asking for PIN verification. If a user’s phone rings and they’re not trying to gain access, they simply select the fraud alert option and IT is alerted immediately, access is denied, and the attack is thwarted.

Tens of millions of personal records were compromised in 2008, according to Symantec security research. In just one instance, 50 million personal records were stolen in Taiwan. Hacking is no longer for sport; it’s specifically for financial gain.

“Sophisticated new security threats are driving the need for safer methods of accessing online information,” said PhoneFactor’s CEO Tim Sutton. “Its ‘spy vs. spy’ out there.  Our company is now dedicated to making safe the weakest part of the chain – the user sign in, beginning with our award winning two-factor product, PhoneFactor.”

Identity theft has never been a bigger problem. Both the volume of attacks and the increased level of sophistication create new challenges for IT security professionals. Co-founder and CTO Steve Dispensa closely monitors emerging threats and the impacts on user authentication. Dispensa was among the first to realize the need for transaction-level verification to combat man-in-the-middle attacks against authenticated sessions, which is now a key driver for adoption of PhoneFactor, and has numerous patents pending for related out-of-band authentication protocols.

“These threats are only going to get worse,” said Dispensa. “No industry is safe, and as a market for the data these threats expose continues to develop, new standards will emerge around what constitutes strong authentication. We believe the next frontier is out-of-band authentication with transaction-specific verification. PhoneFactor offers both while maintaining the simplicity of the user experience.”

PhoneFactor has already won several industry awards, including being named one of the Ten Technology Companies to Watch in 2008 by Bank Technology News, a finalist in the Reader Trust Award Category as a Best Second- and Multi-Factor Solution by SC Magazine, and eWEEK Labs Analyst’s Choice Award.

The company’s experience providing secure remote access solutions to thousands of companies, including United Missouri Bank, BKD, and the National Weather Service, along with Sutton and Dispensa’s extensive background in telecommunications, provide a powerful foundation from which to grow the PhoneFactor line of business. The company’s leadership team has best practices knowledge of the issues, from regulation and compliance to integration and deployment, which will be critical to businesses as they implement strong authentication for their employees and customers.

Since its release in July 2007, PhoneFactor has secured more than a million logins by thousands of users worldwide and is trusted by leading companies such as Loomis Armored, West Corporation, and the US Navy Exchange Command. “We’re excited about the trajectory the company is on and potential impact our technology can have,” said Sutton. “I can envision a day when a simple phone call is used to secure every login just like a password is today.”

Download Free Whitepaper Now

Read the entire article here:
PhoneFactor Offers Safe Authentication & Fraud Protection