sb-au logo
Story image

Sydney authentication provider to work with US National Cybersecurity Center of Excellence

23 Aug 2017

Sydney-based cybersecurity firm TokenOne is now the first Australian company to be selected for a consortium project for the US National Cybersecurity Center of Excellence (NCCoE), alongside enterprise heavyweights such as RSA and CA Technologies.

The Multifactor Authentication (MFA) for e-Commerce project will put transaction security in the spotlight, particularly for those in retail and e-commerce industries in the US. The aim is to steer discussion away from passwords and to alternatives such as multifactor authentication.

Callsign, CA Technologies, Rivetz, RSA, Splunk, TokenOne, and Yubico are all collaborators in the project. The consortium will also produce standards-based solutions and recommendations for those in retail and ecommerce as to how to conduct secure business.

“Consumers, retailers, payment processors, banks, and card issuers are all impacted by fraud. Part of e-commerce fraud reduction includes an increased level of assurance in purchaser or user identity,” comments NCCoE’s Sarah Kinling.

“Retailers recognize that customers could be put off by the complexity that multifactor authentication mechanisms may add to the purchasing checkout and post transaction processes,” Kinling continues.

The project will consider multifactor authentication in terms of risk calculations, transaction details, web session monitoring and device identification, which can all determine that fraud may be happening.

“Multiple forms of multifactor authenticators, such as FIDO, out-of-band, and one-time-password devices will be considered to provide retailers and their customers a diverse set of implementation options. All products incorporated into the reference design will be standards-based commercially available and open source products,” Kinling explains.

TokenOne’s technology allows businesses, customers and individuals to access services through a unique PIN that is visible to nobody else, including the service that is being accessed. No algorithms are involved.

Users can verify their real-world credentials and identity, use their device as a token and then create a secret PIN. This authentication method works with more than 2500 supported sires and services, including Google Apps, Zendesk, Cisco, AWS, Adobe Document Cloud, Salesforce and Marketo.

 “TokenOne is a 'Zero Knowledge Password Proof'. The TokenOne user knows their PIN but never enters it, or reveals it to anyone, not even to the service the user is accessing,” a statement says on the company’s website.

TokenOne plans to expand worldwide and says the NCCoE project is a huge milestone.

The company also offers a partner program for value added resellers, referral partners, system integrators and ISVs and distributors.

The program provides dedicated channel support, accelerated time to market training and certification, increased ongoing revenues and a dedicated partner portal.

TokenOne is backed by investors such as Singtel Innov8. Retired FBI assistant director Charles Archer sits on the company’s advisory board.

Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Fortinet’s ‘zero trust’ approach redefining security
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why taking a ‘zero trust network access’ approach to cybersecurity requires fully-integrated and comprehensive security services and policies.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
Remote staff overestimating knowledge of cybersecurity basics
‘Unconscious incompetence’ is one of the most difficult issues to identify and solve with security awareness training.More