A product Cyota Inc. is unveiling today verifies to users that a Web site is legitimate.
eStamp is similar in concept to a PassMark Security Inc. product that Bank of America Corp. is rolling out to all its online banking customers. Both products display a pre-selected image on a Web site to prove that people have not been lured to a counterfeit site.
Amir Orad, Cyota's executive vice president of marketing, said that the rise in demand for this type of protection demonstrates a shift in priorities on the part of both banks and consumers.
Cyota has focused in the past on fraud detection. The New York company says its flagship product, eSphinx, has reduced unauthorized online access to deposit accounts by 80% at the banks using it.
However, bankers and others say that such anti-fraud systems, which work behind the scenes and are invisible to the end user, do little to increase people's confidence in their banks.
"We did have customers telling us, 'We would like more visibility to it'," Mr. Orad said.
Cyota has six active customers using eSphinx, which it announced in April. Mr. Orad said three of them told Cyota that they wanted a way to show their customers that the banks are doing something to protect them from online fraud.
"Banks have those two goals - a sense of security, and actual security," Mr. Orad said. eSphinx provides the latter, he said, but not the former - it does not make its presence known to the average customer.
The idea for eStamp started to form more than three years ago, when Cyota developed SecureSuite, which Visa U.S.A. and MasterCard International are using. When enrolled customers make purchases at participating merchants' sites, SecureSuite responds with a pre-selected personalized phrase that confirms the site's legitimacy.
PassMark's namesake product displays a personalized graphic and a phrase to consumers when they log in to a Web site, which verifies that the site is real and provides people with a sense of security before initiating transactions.
Mr. Orad said the Cyota initially considered using a graphic for SecureSuite, but abandoned the idea because "back then, the text was good enough."
He said SecureSuite has millions of end users. Spokespeople for Visa and MasterCard said they could not comment on the SecureSuite technology.
PassMark has two announced banking customers, Bank of America and Stanford Federal Credit Union of Palo Alto, Calif.
B of A said in May that it would add PassMark, under the name SiteKey, to all its online banking systems. The Charlotte-based company has been doing this gradually; most recently it said Thursday that the technology had been made available to its customers in Florida.
Mr. Orad said Bank of America has provided a major boost to the concept of using a personalized graphic to make security systems visible to customers. Recent recommendations from the Financial Services Technology Consortium and the Federal Deposit Insurance Corp. also influenced Cyota's decision to add a graphic to its SecureSuite software, he said.
The eStamp software will be offered free to eSphinx users. It will also be available by itself, for 10 cents per user, though Mr. Orad pointed out that eStamp alone would do nothing to detect fraud.
"Validating yourself to the user is not enough," he said. "If you do just that, it's like putting a sign on the front of the bank saying it's secure, but not putting any guards and locks inside the branch."
PassMark's software also attempts to block unauthorized access to accounts by requiring people to register the computers with which they expect to log in to a bank's Web site. The Redwood City, Calif., company has acknowledged that its product is not designed to spot fraudulent transactions, and the next version, due out this summer, is expected to include fraud-detection capabilities similar to those of eSphinx.
Avivah Litan, a vice president and research director at Gartner Inc. in Stamford, Conn., said that phishing frauds are a growing concern among consumers and that they are asking for assurance that they are at a legitimate bank site. Phishers send e-mails purporting to come from a bank that coax people to fraudulent Web sites and get them to reveal personal information that could be used in identity theft.
Ms. Litan said her research shows that "89% of consumers said it was really important that the site authenticate itself to the consumer. They want some proof that they're not on a spoof site."
