RSA Security Inc., which has purchased two security companies since December, has combined their software to create a single product for authenticating identities and monitoring transactions for fraud.
The Bedford, Mass., company has long been a major player in the corporate authentication market, but it had struggled in the consumer sector. To remedy this, it purchased Cyota Inc. of New York in December to create the RSA Cyota Consumer Solutions division. In April, RSA bought PassMark Security Inc. of Menlo Park, Calif., and merged it with the division, which was renamed RSA Consumer Solutions.
From a technology perspective, the merger was painless, said Amir Orad, the division's vice president of marketing, who came to RSA from Cyota.
Cyota and PassMark approached the issue of online fraud "from a different direction," but both ended "in the same area," he said in an interview Tuesday.
Observers have said that the Cyota and PassMark products offered very similar functions. Mr. Orad said the parallel became even more obvious when the company merged their applications.
PassMark's flagship product displayed a pre-selected image when users logged on to a Web site, to prove that the site was authentic.
Cyota offered a similar product called eStamp, as well as eSphinx, a fraud detection product that monitored hardware, network settings, and transactions initiated during an online banking session to spot potential fraud. PassMark upgraded its software in October to do the same functions.
PassMark's technology will be sold as part of the next version of Adaptive Authentication, the name RSA gave to eSphinx. The new version will be available in the second half of this month and is being tested by new customers today. It will also be available as an upgrade for PassMark and Cyota products.
Mr. Orad said that the upcoming version of Adaptive Authentication has been installed in two days in a lab setting. It gives financial companies access to all of the features from both the PassMark and Cyota products, and they can switch from one to the other.
For example, a company could use Cyota's behind-the-scenes analytics to provide invisible protection to its online customers, and later provide a more visible defense by using the PassMark image application. Making that change is as simple as flipping a switch, Mr. Orad said.
"That's important, because over time, customers' requirements change," he said.
The product also supports RSA's security tokens, which generate a passcode every minute that must be used to log on to a Web site.
The product costs $1 a user a year, with a minimum cost of several thousand dollars a month - the same price that Cyota and PassMark charged before they were acquired.
Customers also get access to the eFraudNetwork, which RSA acquired as part of the Cyota deal. The network pools observations from many customers to spot fraud trends across banks.
Mr. Orad said that there have been a small number of layoffs related to the consolidation; one of the people who lost their jobs was PassMark chief executive Lin Johnstone.
RSA's development teams are growing, Mr. Orad said. It is keeping PassMark's Menlo Park office and Cyota's Herzelia, Israel, offices, to provide worldwide customer support around-the-clock.
Avivah Litan, a vice president and research director at the Stamford, Conn., market research company Gartner Inc., said the new version of RSA's software would be especially appealing to banks that do business internationally and have to comply with different national regulations.
Ms. Litan said that demand for authentication and transaction monitoring software is growing. "The competition's gearing up, and the market wants competition," she said.
Last week one of RSA's competitors, VeriSign Inc. of Mountain View, Calif., announced that Charles Schwab Corp. had agreed to use its online fraud detection and authentication system.
In November, VeriSign an-nounced that PayPal Inc., the San Jose payments subsidiary of eBay Inc., had agreed to use its software for at least 1 million of PayPal's 105 million users.
"All that PayPal fraud data feeds into the VeriSign fraud detection network," Ms. Litan said. Because PayPal is under constant attack, "they've got great fraud data."
