RSA Security Inc. has long been considered a major provider of general-purpose security technology, but until recently it was less of a force in banking.
But its purchase Monday of the banking security software vendor PassMark Security Inc. of Menlo Park, Calif., brought it one of the financial industry's best-known authentication software products. PassMark plus Cyota Inc. of New York, which RSA bought in December, make it one of the banking industry's top security vendors.
"With the successful integration of Cyota, and our acquisition of PassMark today, RSA is now the undisputed leader in online banking authentication," said Art Coviello, its president and chief executive, in a call to analysts Monday.
Banks use PassMark's flagship product to assure customers that their Web site is legitimate, not a fake created to trick people into revealing personal information. Customers select an image that is later displayed when they log in to a bank's site.
The software also examines customers' computers when they log in to make sure they are using a known computer system; those who attempt to log in from an unknown system must answer challenge questions to verify their identity.
Such software is a form of multifactor authentication - that is, it requires more than just the standard user name and password.
One of PassMark's most important customer is Bank of America Corp., the top online banking provider, which has implemented the software for all of its customers.
Last year the Federal Financial Institutions Examination Council issued guidelines last year urging financial companies to implement stronger online authentication procedures by the end of this year, and many banks are evaluating multifactor authentication.
Banks that are evaluating such software are looking the hardest at Cyota and PassMark, according to Aite Group LLC.
The Boston research firm polled 21 of the 50 banking companies with the most checking accounts. Of those that had narrowed their focus to four or fewer vendors, 79% were evaluating Cyota and 71% PassMark, Aite reported last week. (The online banking vendor Corillian Corp. of Hillsboro, Ore., came in at a distant third, at 36%.)
RSA said it had paid $44.7 million for PassMark: $9 million in cash and the rest in RSA stock. It also set aside $2.7 million for employee retention and termination costs. For accounting purposes, using its stock price over the past week, it estimated the deal cost at $48.2 million.
On Monday, RSA raised its forecast of its own second-quarter revenue to a range of $89 million to $94 million, from $88 million to $92 million. It predicted that PassMark would add $4 million to $5 million of revenue in the remainder of 2006 and $10 million to $15 million in 2007.
By late Monday, RSA stock was trading at $19.73, up 0.92% from Friday's close.
Mr. Coviello said there is a lot of overlap between the PassMark and Cyota product lines. For example, much like PassMark's software, Cyota's eStamp enables people to select an image that banks display when they log in.
PassMark also has a transaction-monitoring system that can prompt banks to require additional authentication for high-risk transactions. Cyota's flagship product, Risk Based Authentication, does the same thing but also works with Cyota's eFraudNetwork to pool data from other financial customers to spot fraud patterns industrywide.
The eFraudNetwork captured much of the spotlight during Monday's conference call. Chris Young, an RSA senior vice president and the general manager of its Cyota Consumer Solutions unit, said that "having the opportunity to add the scale and the reach of Bank of America" to the network would make it "a lot more valuable to our customers."
Bill Harris, PassMark's founder and chairman, was named a member of RSA's board. He said that Bank of America's online banking site gets 3.5 million to 4 million visitors per day. The Charlotte banking company has said it has more than 15 million active online banking customers. (It did not define "active.")
But Mr. Coviello, Mr. Young, and Mr. Harris were all careful to describe Bank of America's participation in the eFraudNetwork as an "opportunity," and not a certainty.
Gwenn Bezard, a research director at Aite Group, said RSA would likely do everything in its power to persuade B of A to participate. "I'm not saying they won't charge for it, but they could definitely discount the price," he said.
B of A would probably be interested in joining, Mr. Bezard said. A spokeswoman for the banking company said it was too early to tell.
Mr. Bezard said the deal was less about technology than the power of the PassMark brand. Cyota's authentication software is "at least on par with PassMark, probably even superior with the eFraudNetwork," he said. However, "because Bank of America has selected PassMark, a lot of banks that have looked at this space have to look at PassMark."
Before buying Cyota, RSA's main offering for banking authentication was passcode tokens, which it has long offered to corporations for internal security. These devices, which generate a new passcode every minute or so, are considered a very effective form of multifactor authentication, but critics have said that they are too expensive to work for online banking, because banks would have to deploy millions of them.
RSA's main token customer is E-Trade Financial Corp. of New York, but even E-Trade has backed away from the technology. It said in November that it expects to be using something else in a few years.
In February, PassMark announced a marketing pact with Vasco Data Security International of Oakbrook Terrace, Ill., a token provider that competes with RSA. Mr. Coviello said that relationship will "diminish decidedly."
