Strong Authentication for Online Consumers: Entrust IdentityGuard

Open Versatile Authentication Platform for Consumers

Organizations with vested interest in the success of the online channel continue to fight to maintain and restore customer confidence in online services. Identity-related online attacks, such as account hijacking through phishing and man-in-the-middle attacks, are amongst the world's fastest-growing crimes. Identity theft and online fraud are growing problems for both customers and corporate brands. The damages can be devastating.

Single-factor authentication, such as a username-password combination, is recognized as "not strong enough" to defend organizations or their customers. Risk assessment requires that more online transactions use multifactor authentication as part of a layered approach, matching authentication to risk and reducing the impact on users.

---

More than 60 million customers using credit-reporting applications

More than 150,000 banking customers with record-setting voluntary enrollment

40,000 banking customers and growing

---

Detect, defend and adapt with Entrust IdentityGuard
Entrust IdentityGuard is an award-winning versatile authentication platform that provides one of the widest ranges of multifactor authentication capabilities on the market today. It enables organizations to more effectively protect end-users from fraud by tailoring authentication strength to the risk of a given transaction. Entrust IdentityGuard delivers proven capabilities to help:

Detect and defend

• Use non-invasive authentication methods with minimal impact on the user experience
• Add strong authentication using easily understood methods
• Secure the most sensitive user identities using open multifactor authentication capabilities, including a physical second factor with grids and one-time-password (OTP) tokens

Adapt

• Manage cost and complexity with a single platform that provides one of the widest ranges of authentication capabilities on the market
• Streamlined administration and central policy management helps reduce the risk of policy inconsistency and compliance issues
• Be ready for what comes next thanks to an open architecture and stable platform committed to adding new and innovative multifactor authentication options, including Entrust's patented grid authentication and IP-geolocation for risk-based authentication leveraging the Entrust Open Fraud Intelligence Network
• Proven solution used by multiple large financial institutions today including Commercebank, Bank of New Zealand, and Schufa

As the technology environment changes and new and innovative methods of authenticating users emerge, the open architecture of the Entrust IdentityGuard versatile authentication platform has built-in flexibility to evolve. In addition, natural evolutions such as adding additional token options, PKI authentication or even biometrics can be achieved rapidly.

Entrust IdentityGuard can perform the level of authentication required to respond to rising threat levels, while reducing the impact on the user experience and managing limited security budgets. In combination with zero-touch fraud detection, Entrust IdentityGuard delivers a true risk-based authentication solution.

Range of multifactor authentication capabilities
Entrust IdentityGuard is a versatile authentication platform that delivers a diverse range of multifactor authentication options, which enable stronger authentication without requiring client-side software, hardware or significant changes to the user experience.

Along with the platform's mutual authentication options, authentication capabilities include IP-geolocation, machine, knowledge-based, out-of-band OTP (via SMS or voice), grid-based and OTP hardware tokens like the Entrust IdentityGuard Mini and Pocket tokens.

As a single point of authentication, Entrust IdentityGuard supports user-name and password authentication, which enables organizations to manage all types of authentication through a single, proven security infrastructure. Organizations can choose how they want their users to authenticate depending on user type and their assessment of the risk of fraud for specific transaction types.

Entrust IdentityGuard can be readily extended to other delivery channels including interactive voice response (IVR), mobile and in-person transactions. Many of the solution's authentication methods can be leveraged across multiple platforms and used in conducting various types of transactions without typically requiring specialized hardware or direct hardware connections with the computer. In addition, the flexibility of the platform can easily accommodate accessibility requirements of a diverse consumer population, including the visually impaired.

The range of authentication methods provided by Entrust IdentityGuard is supported by a single administrative layer that allows organizations to manage all users through one process while being able to tailor the specific authentication policy on a per-user or group basis. The security of the Entrust IdentityGuard versatile authentication platform is built on Entrust's FIPS 140-2-validated cryptographic engine.

Match authentication to risk
By design, Entrust IdentityGuard is a flexible, scalable platform that affords organizations the ability to tailor the appropriate authentication method to match a particular transaction's risk. An organization can layer open multifactor authentication methods — including physical two-factor authentication and mutual authentication — across different users and transaction types.

Non-invasive, risk-based platform
In addressing the requirement to strengthen authentication, perhaps the greatest consideration is minimizing any disruption to the user experience. Each authentication interaction with the user runs the risk of resulting in an abandoned transaction or support call. Entrust IdentityGuard helps minimize the likelihood of these events by delivering non-invasive, easy-to-use authentication methods that only are employed when required, based on the risk of the specific transaction.

By supporting methods such as machine authentication and leveraging IP-geolocation data from the Entrust Open Fraud Intelligence Network, organizations can increase the confidence that the legitimate user is accessing their account, with minimal disruption to the online experience. If these initial methods suggest some risk in user identity, such as a blacklisted or suspicious user IP, additional authentication can be layered to address an escalation of risk.

Entrust is a trusted security advisor
As trusted layered security experts, Entrust delivers a proven versatile authentication platform used by the world's leading financial institutions such as Schufa and Commercebank. A trusted security advisor for national governments and the Fortune 500, Entrust builds solutions that can be adapted as new threats emerge and authentication requirements evolve.

• North American Commercebank Deploys Entrust IdentityGuard to Safeguard Customers
• Skanska Terminates Use of High-Priced Tokens, Opts for Entrust's Versatile Authentication Solution
• Entrust IdentityGuard Versatile Authentication Platform Surpasses $10 Million in License Revenue, 9.2 Million Users
• SC Magazine: Entrust IdentityGuard Earns Best Buy Award, Five-Star Rating

• Security Beyond Today: Layered Security for Addressing Fraud Today
• Man-in-the-Middle Attacks: Helping to Eliminate the Threat
• Securing What's
  At Risk

• Strong Authentication Demo
• Entrust IdentityGuard Tutorial

• Hitting a Moving Target: Protecting You & Your Customers from Online Fraud
• A Revealing Look at Fraud Detection & Authentication

• IDC Report
• Forrester Report
• Online Banking Security Consumer Survey

• Risk Based Consumer Authentication
• Entrust IdentityGuard for Consumers

• Savings Calculator