Sellers of security technology for online banking that once pushed only their own ideas are looking more and more alike.
Though wider product lines are typical of a maturing industry, they also show that ways to counter online fraud are evolving.
A year ago phishing was considered to be among the most dangerous online scams. Banks were looking for ways to improve authentication to protect customers who had been tricked into revealing their online banking user names and passwords when they log in.
But banks are now focusing on dangers at other stages of the online banking session, and vendors of login protection are also offering safeguards for these stages too.
One vendor gearing up to do so is RSA Security Inc., one of the best-known names in the security technology industry. Its password tokens - keyfob-size gizmos that generate a new login code every 60 seconds - are widely used to protect corporate data networks.
Though tokens are considered effective, the Bedford, Mass., company has had little success persuading U.S. banks to give them to customers. It announced one big-name customer, E-Trade Financial Corp., early this year, and a few small banks have also agreed to use them.
Critics say that companies can afford to give them to their employees, but that banks, which would need millions of them for their online banking customers, cannot. Though a survey RSA commissioned concluded that customers would willingly pick up the cost, several analysts said their own surveys show otherwise.
And using the tokens adds steps to the login procedure, which analysts say customers hate.
So RSA announced Dec. 5 that it had agreed to buy Cyota Inc. of New York, whose anti-fraud service monitors the transactions that customers initiate after they log in.
This service, usually invisible to customers, is designed to interrupt an online banking session if a transaction seems risky or uncharacteristic. It can also draw from observations of other Cyota customers' sites to spot criminals who are trying to steal from several companies simultaneously.
Several large banks already use the service, and last week Cyota announced that Washington Mutual Inc. of Seattle will do so.
Art Coviello, RSA's president and chief executive, said one reason for buying Cyota is to expand RSA's security offerings for financial companies. "Culturally, in the U.S., there's this propensity toward nonintrusive or noninvasive security," he said.
"If we did not do an acquisition like Cyota, we would be ceding a big market opportunity," Mr. Coviello said. "Rather than give it up, we wanted to embrace it."
In July, months before the deal was announced, Cyota expanded its product line. It added software that displays a preselected image to customers when they log in, to verify that the Web site is not a fake.
PassMark Security Inc. of Mountain View, Calif., already sold similar software. And not to be left out, this summer PassMark introduced a version that includes a transaction-monitoring feature somewhat like Cyota's.
Amir Orad, Cyota's executive vice president of marketing, said banks want several types of security but do not want to deal with many vendors. "One of the main things we're hearing from the market, again and again, is 'We don't want to use pinpoint solutions,' " he said.
Another vendor that has expanded its product line this year is Bharosa Inc. of Santa Clara, Calif., which offers software to protect against keyloggers - viruses that monitor everything victims type, including online banking passwords.
The software creates what Bharosa calls "virtual authentication devices" - keypads that appear onscreen so people can "type" a password by clicking a mouse on the correct characters.
This year Bharosa upgraded the software for use after people log in. Now a keyboard can appear when the customer wants to do some banking activities, such as view check images.
"Security should be flexible," said Jon B. Fisher, who co-founded Bharosa and is its chief executive.
With its latest upgrade, "these authentication devices can sit at any customer touchpoint," not just online but also on automated teller machines, Mr. Fisher said.
Bharosa will add more authentication methods in the first quarter, he said. The company has no bank customers, but Mr. Fisher said it is talking to three top-100 banks.
Avivah Litan of Gartner Inc. in Stamford, Conn., said the growing similarity of the vendors' offerings is a sign that the security industry has matured and is "shaping up to meet the demands of the banks."
The market for online banking security products and services will grow to $150 million to $225 million by 2008, said Ms. Litan, a vice president and research director at the market research company.
RSA and Cyota are in a strong position, she said, because "a lot of banks want to deal with established public companies."
