Alliance & Leicester Selects PassMark to Protect Online Banking Customers

March 16, 2006
Two-way authentication helps financial customers avoid phishing, key logging and man-in-the-middle attacks

LONDON and MENLO PARK, CA - Alliance & Leicester, one of the United Kingdom's major financial institutions, will now provide a greater level of security and protection against fraud and identity theft for its nearly five million customers using the Two-Factor Two-Way AuthenticationT system from PassMark Security.

With PassMark, online customers will log on to their accounts with secure, mutual authentication and get additional layers of risk-based transaction security that prevent phishing, key logging and man-in-the-middle attacks.

The Alliance & Leicester is the first bank in the UK to provide its customers with this added level of security.

"We looked at our options, and what we like about the PassMark solution is that it shows our customers that Alliance & Leicester is at the forefront of online security, yet is easy to use and does not require our customers to add any hardware or software," said Ian Tandy, director of E-Commerce, Alliance & Leicester.

The PassMark system combines several countermeasures against online threats in a single security solution for Alliance & Leicester.

The system securely identifies the bank's customer by using the customer's own computers and phones as second-factor authenticating hardware tokens.

Network security specialists call this approach strong "two-factor" authentication. Adding the hardware token as the "second factor" in addition to the password significantly strengthens security because an attacker cannot access an account without it.

The system authenticates the financial institution to the customer with a PassMark -- a secret image and text known only to the site and that customer. When a customer sees his unique PassMark, he instantly knows that the email or Web site he is looking at came from the real site -- not an impostor.

Real-Time Risk-based Transaction Monitoring. This back-end capability analyzes transactions as they happen and gives financial institutions risk-based decision-making tools that can spot and stop threats before it is too late. The system can even identify new emerging attacks, not just known ones, using a state-of-the-art analysis technology called "neural networks." Combining the PassMark two-factor two-way technology with this back-end analytic technology provides long-term protection from evolving threats.

"We give Alliance & Leicester and its customers the best of both worlds. The PassMark will make online customers more confident they are at the bank's Web site, and the other features of the system ensure that the person accessing the account is the customer," said Lin Johnstone, CEO of PassMark Security.