RSA Buying Authentication Vendor Cyota

RSA Security Inc., which is seeking better access to the U.S. online banking authentication market, announced Monday that it is buying the security technology vendor Cyota Inc. for $145 million.

The company also announced a restructuring and the resignation of its chief financial officer.

RSA, of Bedford, Mass., is one of the biggest names in authentication; many companies use its one-time password-generating tokens to protect their data networks. But only a few financial services customers use its authentication technology for consumer online banking, and it has said that it wants to be a bigger provider to this market.

The largest of its publicly announced U.S. online banking customers is E-Trade Financial Corp. of New York, which began offering RSA tokens this year to its customers for accessing their online accounts. A few small banks have followed suit this year.

Cyota also counts E-Trade as a customer, along with nine of the top 12 banking companies in North America and the United Kingdom.

RSA's tokens are effective, but they are expensive. For example, E-Trade charges $25 to some of its customers who use the tokens, but picks up the expense for its most valuable customers.

Some observers have said that the tokens are manageable for a company with a few thousand employees that wants to protect its network, but can become unwieldy for a banking company with several million online banking customers.

"We needed to make major changes to grow our business," said Art Coviello, RSA's president and chief executive, in a conference call Monday. "We needed an expanded set of technologies to meet customer demand."

Cyota, of New York, offers transaction monitoring and anti-phishing technology, and Mr. Coviello said it can "be relatively easy to implement on a broader scale."

George Tubin, a senior analyst at TowerGroup Inc., a unit of MasterCard International, said RSA's tokens have been a hard sell for consumer-facing uses.

Consumers are loath to change their passwords, much less supplement those passwords with a piece of hardware, Mr. Tubin said. "RSA has had hardware-based approaches for authentication, and they were going to miss out on this opportunity."

Though Cyota has had some success with its software-based offerings, it still needed a strong brand behind it. "Banks are very hesitant to talk to these very small, not-well-funded companies," Mr. Tubin said.

The deal is expected to close within 30 days, and Cyota would continue to operate independently.

Naftali Bennett, Cyota's chief executive, said on the conference call that "the market opportunity in front of us is enormous."

Avivah Litan, a vice president and research director at Gartner Inc. in Stamford, Conn., said that "RSA really understood that the U.S. banks are not going to buy their tokens," despite some success it has had with tokens in other countries. "They were missing deals by just having this token solution," she said, and "Cyota really does have traction within the financial services market."

RSA said the chief financial officer, Jeff Glidden, resigned to work in another industry. In addition, Mr. Coviello, who will take on the duties of CFO until a replacement is hired, announced some restructuring that would eliminate 120 engineering jobs in three locations and move them to the Bedford headquarters or overseas.

RSA's stock took a dive, dropping 14.86%, to $11.23, by 3:30 p.m.

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER