February 25, 2009 – This Friday, Feb. 27, at 12 noon ET on PhoneFactor’s Internet Radio Talk Show Security Break Live! With Steve Dispensa, the hosts will share a plan to thwart attacks like the enormous personal file breach at Monster.com.

Who can afford to be afraid to post a resume these days? Tune in to find out ways to protect yourself while still getting your name out there. Co-Host Elinor Mills is a veteran journalist covering security, and will make sure no tough questions are left unasked.

Every 2^nd and 4^th Friday of each month, Security Break Live!, hosted by Steve Dispensa, PhoneFactor’s CTO, will broadcast potential solutions to crimes in the news. With live chat and the hosts taking callers, the twice-monthly show will also provide a community venue for critical discussions. Dispensa was an industry pioneer in transaction-level verification to combat man-in-the-middle attacks against authenticated sessions. The radio show airs at www.blogtalkradio.com/securitybreaklive.

Listen to the last show about ATM Fraud in Broad Daylight, Dispensa also hosts a blog at http://www.securitybreaklive.com.

Medical records are one of the most important documents to protect from identity thieves. If a hacker gets a person’s medical records, they get the key to that person’s personal kingdom-insurance information, financial information, and access to very private matters that can affect job status, eligibility for mortgages-the implications are enormous.

PhoneFactor solves the identity theft problem, protects patient privacy in real-time, and is so easy to use that doctors take to it instantly.

Here’s how PhoneFactor works: A doctor needs to remotely access a patient’s hospital files from his private practice office. The doctor keys his user ID and password into the hospital network. His cell phone rings instantly, prompting the doctor to confirm the login. If the doctor keys in a PIN on his phone, he is given access. But if the doctor does not, the IT department back at the hospital is alerted immediately, access to the network is denied, and the attack is thwarted. The patient file is never compromised.

“We’ve got physicians starting to use PhoneFactor and they seem pretty enthralled,” said Mike Regan, Senior Network Analyst for Firelands Regional Medical Center in Sandusky, Ohio, which admits 250 area doctors. “Physicians like it because it’s simpler than tokens, which are also more expensive and can be lost. Doctors almost exclusively use their cell phones, though Phone Factor works with any phone.”

St. Joseph Hospital, Southern New Hampshire’s largest acute care hospital and trauma center, has also adopted PhoneFactor with great results.

“Patient confidentiality is one of our top priorities here at St. Joseph,” said Brian Murphy, Director of IT Infrastructure for St. Joseph’s Healthcare. “We sought to add a secure second layer to our password/username system. PhoneFactor not only allowed us to do this easily, but it also was unobtrusive and affordable.”

PhoneFactor is not just easier for the end user. For network administrators, it is easy to implement and seamlessly integrates with any VPN, enterprise application, or website. Firelands Regional Medical Center and St. Joseph Hospital join other leading health care organizations, including as OhioHealth, Nationwide Children’s Hospital Research Institute, National Surgical Care, and others who have implemented PhoneFactor’s two-factor authentication platform.

PhoneFactor’s popularity in the medical industry continues to accelerate as regulatory agencies push for additional security measures to ensure that only authorized individuals have access to hospital systems and patient data. The Health Insurance Portability and Accountability Act (HIPAA) and many state pharmacy boards are calling for strong authentication when accessing patient records or prescribing medicine through online systems. To comply, health care organizations must require more than a user name and password before allowing access to their systems. Often, these additional forms of authentication are not user-friendly. Many require users to carry a security token or other device, or restrict them to logging in from a particular computer. PhoneFactor solves these problems.

About Firelands Regional Medical Center
Firelands Regional Medical Center is north central Ohio’s largest and most comprehensive resource for quality medical care. With more 250 physicians and allied health practitioners on staff, representing 33 specialties, Firelands Regional Medical Center provides care each year to 10,000 inpatients, 277,000 outpatients and 102,000 community program participants.

About St. Joseph Hospital
St. Joseph Hospital is southern New Hampshire’s largest acute care hospital and trauma center. St. Joseph Hospital is building on a century of service to meet the growing needs of our community through innovation, leading-edge technology, and the highest-quality medical care, our tradition since 1908. Their medical staff, employees, and volunteers are recognized among the very best by all the standard quality measures and by those who count the most – their patients.

Founded in 2001 by Tim Sutton, CEO, and Steve Dispensa, CTO, the company has sold its highly-successful remote access line of business, and is now named PhoneFactor, the moniker of its phone-based, two-factor authentication product. When someone keys in an ID and password to log onto a network or website, their phone rings, asking for PIN verification. If a user’s phone rings and they’re not trying to gain access, they simply select the fraud alert option and IT is alerted immediately, access is denied, and the attack is thwarted.

Tens of millions of personal records were compromised in 2008, according to Symantec security research. In just one instance, 50 million personal records were stolen in Taiwan. Hacking is no longer for sport; it’s specifically for financial gain.

“Sophisticated new security threats are driving the need for safer methods of accessing online information,” said PhoneFactor’s CEO Tim Sutton. “Its ‘spy vs. spy’ out there.  Our company is now dedicated to making safe the weakest part of the chain – the user sign in, beginning with our award winning two-factor product, PhoneFactor.”

Identity theft has never been a bigger problem. Both the volume of attacks and the increased level of sophistication create new challenges for IT security professionals. Co-founder and CTO Steve Dispensa closely monitors emerging threats and the impacts on user authentication. Dispensa was among the first to realize the need for transaction-level verification to combat man-in-the-middle attacks against authenticated sessions, which is now a key driver for adoption of PhoneFactor, and has numerous patents pending for related out-of-band authentication protocols.

“These threats are only going to get worse,” said Dispensa. “No industry is safe, and as a market for the data these threats expose continues to develop, new standards will emerge around what constitutes strong authentication. We believe the next frontier is out-of-band authentication with transaction-specific verification. PhoneFactor offers both while maintaining the simplicity of the user experience.”

PhoneFactor has already won several industry awards, including being named one of the Ten Technology Companies to Watch in 2008 by Bank Technology News, a finalist in the Reader Trust Award Category as a Best Second- and Multi-Factor Solution by SC Magazine, and eWEEK Labs Analyst’s Choice Award.

The company’s experience providing secure remote access solutions to thousands of companies, including United Missouri Bank, BKD, and the National Weather Service, along with Sutton and Dispensa’s extensive background in telecommunications, provide a powerful foundation from which to grow the PhoneFactor line of business. The company’s leadership team has best practices knowledge of the issues, from regulation and compliance to integration and deployment, which will be critical to businesses as they implement strong authentication for their employees and customers.

Since its release in July 2007, PhoneFactor has secured more than a million logins by thousands of users worldwide and is trusted by leading companies such as Loomis Armored, West Corporation, and the US Navy Exchange Command. “We’re excited about the trajectory the company is on and potential impact our technology can have,” said Sutton. “I can envision a day when a simple phone call is used to secure every login just like a password is today.”

“But when doctors would get a call or a page about a patient in the middle of the night, ‘the tokens were nowhere to be found,’ says Michael Krouse, chief information officer.”

Read the entire article here:
Phone Authentication: A Good Call

October 8, 2008 - Positive Networks, a leading provider of security products and services, today announced that Jeffco Credit Union (Jeffco) has selected its phone-based authentication technology, PhoneFactor, to protect its members from widespread phishing scams.

Jeffco, a member-owned, not-for-profit financial cooperative based in Lakewood, Colo., needed to add an additional layer of security to its online banking, and wanted a system that guaranteed fraud prevention. They started investigating two-factor authentication options after a phishing attempt forced the credit union to temporarily suspend online banking. Phishing is when a criminal poses as an official institution over email. In this case, the phisher was sending emails to Jeffco customers, posing as the credit union, asking for passwords and other financially sensitive data.

Jeffco’s network was not compromised, but they took the attempt as a warning, and set out to be proactive about providing members the toughest security available. It took a lot of evaluation before selecting PhoneFactor, because many security systems don’t intervene until the crime is already in progress.

“It is our responsibility to continually monitor and implement additional safeguards to protect our members’ information,” said Tom Theune, President/CEO for Jeffco. “PhoneFactor was the best solution for our needs. It is fast, easy to deploy, and is unobtrusive to our members.”

With PhoneFactor, when a user logs in with their username and password, their phone rings instantly—before any access is allowed. The user is prompted to press # or enter a PIN to complete their login. If they do not validate the login, access is denied and Jeffco is alerted.

PhoneFactor added a second layer of security to Jeffco’s existing login processes. Because it can work with any phone, included mobile phones, there were no devices to distribute, or certificates and software to install. A hacker would need to know the users’ log in information and have physical possession of their phone to gain access.

PhoneFactor is easy to implement and seamlessly integrates with any VPN, enterprise application, or website.

About Jeffco Credit Union
Chartered in 1948, Jeffco Credit Union is a member-owned, not-for-profit financial cooperative. Jeffco Credit Union is a $160 million financial institution serving over 23,000 members, which include Jeffco School District employees, students, family members and residents in Jefferson County, Colorado. For more information, please visit: www.jeffcocu.coop.

September 16, 2008 – PhoneFactor, a leading provider of security products and services, today announced that West Corporation, a leading provider of outsourced communication solutions, has selected its phone-based authentication technology for their home-based agent program, West at Home. PhoneFactor helps West protect its clients’ customers from potential identity theft and credit card fraud.

West Corporation was seeking a two-factor authentication solution that complied with Payment Card Industry Data Security Standards (PCI DSS) for their home-based agents throughout the country. The solution needed to be simple to use and rapid to deploy to their thousands of home-based agents, as well as affordable to setup and maintain. After carefully evaluating several options, West chose PhoneFactor to secure remote access to the call center systems used by their home-based agents to take orders and process credit cards.

“The PhoneFactor solution gives us the strong two-factor authentication that we need to meet the industry’s strict regulatory requirements,” stated Rachel Roberts, Information Services Project Manager for West Corporation. “PhoneFactor fit all of our requirements and gave us a great alternative to costly security token solutions.”

About West at Home
West at Home is one of the nation’s leading providers of home-based customer contact solutions. West at Home helps Fortune 1000 companies deliver unparalleled results through a combination of higher quality, better educated agents and a highly scalable, state-of-the-art infrastructure. West at Home employs the industry’s most comprehensive agent training, management and monitoring processes and features multi-layered security protection. This helps companies protect their customer data, achieve a higher level of quality service, improve staffing flexibility and realize a greater return on their investment.

West at Home is a subsidiary of West Corporation, the nation’s leading provider of outsourced communication solutions. For more information, please visit www.westathome.com.

About West Corporation

West Corporation is a leading provider of outsourced communication solutions to many of the world’s largest companies, organizations and government agencies. West helps its clients communicate effectively, maximize the value of their customer relationships and drive greater profitability from every interaction.  The Company’s integrated suite of customized solutions includes customer acquisition, customer care, automated voice services, emergency communications, conferencing and accounts receivable management services.

Founded in 1986 and headquartered in Omaha, Nebraska, West has a team of 39,000 employees based in North America, Europe and Asia. For more information, please visit www.west.com.

September 9, 2008 – PhoneFactor, a leading provider of security products and services, today announced that Loomis, an international leader in the cash handling services industry, has selected PhoneFactor as its two-factor authentication solution in the US.

Loomis’ high profile customers in the financial, commercial and retail sectors rely on Loomis to protect their assets. That responsibility extends to the sensitive data about Loomis’ operations and that of their clients, housed on the Loomis corporate network. After evaluating several options for two-factor authentication, Loomis chose to implement PhoneFactor to protect remote access to its network and the client information it contains.

PhoneFactor adds a second layer of security – an automated phone call – to Loomis’ existing remote access platform. Loomis employees simply login to the company VPN just like they do today, and instantly they get a call. They answer the call and press # to complete their log in. A hacker would need to know the employee’s log in information and have physical possession of their phone to gain access to the Loomis network.

“Protecting our customers’ data is every bit as important as protecting their cash. Security is our number one priority,” stated Wayne Sadin, Chief Information Officer at Loomis. “PhoneFactor allowed us to add a critical extra barrier against unauthorized access with limited impact on our employees.”

About Loomis
Loomis is the cash handling services division of Securitas AB, a world leader in security. Loomis offers secure and efficient cash distribution, processing and recycling solutions for financial institutions, retailers and other commercial enterprises through an international network of 420 operating locations in eleven European countries and the US. Loomis employs approximately 20,000 people. For further information about Loomis US operations, visit www.loomis.us

The Research Institute was searching for a secure two-factor authentication solution that did not require them to provide and maintain security tokens. The Research Institute evaluated several two-factor authentication solutions on the criteria of ease of use, flexibility, security, scalability and cost. PhoneFactor’s unique phone-based approach was selected as the two-factor authentication method for granting outside access to The Research Institute’s network.

PhoneFactor adds a second layer of security to The Research Institute’s existing login processes. It works with the user’s phone, so there are no devices to distribute and nothing to install. Users simply login with their user name and password and instantly they get a call. They answer the call and press # to complete their log in.

“PhoneFactor has provided an easy, secure and flexible two-factor authentication to front end our current SSL VPN solution,” stated Scott Kowal, Senior Network Engineer at The Research Institute. “This is a significant improvement compared to our static username and password solution.”
“PhoneFactor eliminates the need for expensive and cumbersome tokens,” said Tim Sutton, CEO of Positive Networks. “With so much focus on HIPAA regulations, it was extremely critical that they protect their sensitive data with a highly secure but yet affordable and user-friendly solution.”

About Nationwide Children’s Hospital Research Institute
Ranked in the U.S. News & World Report’s 2008 list of “America’s Best Children’s Hospitals,” Nationwide Children’s Hospital is one of the nation’s largest not-for-profit freestanding pediatric healthcare networks providing care for infants, children, adolescents and adult patients with congenital disease. As home to the Department of Pediatrics of The Ohio State University College of Medicine, Nationwide Children’s Hospital physicians train the next generation of pediatricians and pediatric specialists. The Research Institute at Nationwide Children’s Hospital is one of the top 10 National Institutes of Health-funded free-standing pediatric research facilities in the U.S., supporting basic, clinical and translational research activities at Nationwide Children’s Hospital. With more than 300,000 square feet of dedicated research space, The Research Institute is organized into 13 Centers of Emphasis encompassing gene therapy; molecular and human genetics; vaccines and immunity; childhood cancer; cell and developmental biology; perinatal research; injury research and policy; microbial pathogenesis; cardiovascular medicine; quantitative and computational biology; biobehavioral health, innovation in pediatric practice; and clinical and translational research. Nationwide Children’s remains true to its original mission since its founding in 1892 of providing care regardless of any family’s ability to pay.
More information is available by calling (614) 722-KIDS (5437) or through www.NationwideChildrens.org/research.

PhoneFactor turns any phone into an authentication device and has been optimized to secure access to computers using LogMeIn services, which enable millions of people to connect to and remotely control their computers both at home and at work. With PhoneFactor, users will get a call on their mobile (or landline) phone when logging into a computer using LogMeIn. The user simply answers and presses # to authenticate their login. PhoneFactor enables LogMeIn to be the first remote connectivity service to offer secure two-factor authentication capabilities at no extra cost.

“As market factors continue to push businesses to support telecommuters and remote workers, tools like LogMeIn become more vital than ever,” said Marton Anka, CTO, LogMeIn, Inc.  “Tools such as PhoneFactor could speed that migration by adding another two-factor authentication method.”

“We are providing a second critical layer of security to LogMeIn solutions,” said Tim Sutton, CEO of Positive Networks. “By offering PhoneFactor’s two-factor authentication free of charge, we are not only adding a double layer of security, but we are also making it economically accessible.”

Both LogMeIn and PhoneFactor are web-based services that can be set up in minutes.  LogMeIn users can add PhoneFactor to their service by going to www.phonefactor.com.  PhoneFactor is compatible with the free version of LogMeIn, as well as LogMeIn Pro and the IT Reach service.

August 13, 2008 – Positive Networks, a leading provider of security products and services, today announced PhoneFactor 2.1, the newest version of the company’s award winning, phone-based, two-factor authentication service. In an effort to combat the growing number of attacks against corporate networks, PhoneFactor 2.1 includes enhancements which enable companies to quickly deploy and easily manage two-factor authentication across their entire enterprise.

With the number of people affected by identity and data theft growing each day (40 million users were affected in the TJX data breach), the need for secure, two-factor authentication has increased significantly. Consumer advocates and regulatory agencies are pushing companies to immediately implement safeguards to protect access to customer and credit card data.

PhoneFactor 2.1 allows companies to rapidly enable two-factor authentication to secure access to their corporate networks and the data which they contain. PhoneFactor adds a second layer of security – an automated phone call – to existing login processes. It works with the user’s existing landline or mobile phone, so there are no devices to distribute or certificates and software to install.

“Companies are putting their own and their customer’s data at risk each day that their network can be accessed using only a password,” said Tim Sutton, CEO of Positive Networks. “With the complexity of deploying traditional two-factor solutions, it’s easy to see why. PhoneFactor 2.1 offers a strong layer of defense against these attacks and the new features make it extremely easy to roll-out to their entire user base.”

PhoneFactor 2.1, combined with other recent releases, adds the following premium features:

• Directory Integration Module – Automatically enable new users for PhoneFactor and update existing users by synchronizing with an existing Active Directory or LDAP server.
• User Portal Module – Enable users to complete their PhoneFactor enrollment in minutes from any web browser. Help Desk staff can use the portal to make phone and PIN changes, create a one-time bypass, and add new users.
• Platform: Call Rollover – If a user can’t be reached at their primary phone number (there is no answer or voice mail is detected), PhoneFactor can automatically dial the user’s backup phone number.