Headlines:
Corillian Teams Up with Yodlee
Corillian Corp., of Portland, Ore., has agreed to make its online authentication software compatible with aggregation software from Yodlee Inc. of Redwood City, Calif.
The two companies announced their collaboration Monday and said it would help banks comply with guidelines from the Federal Financial Institutions Examination Council, which encourage financial companies to improve their online security.
Corillian's Intelligent Authentication software grants quick site access to users logging in from their regular computers, through their regular Internet service providers, or under other preestablished conditions. Financial companies can require additional authentication for those seeking access in some other way.
Making it compatible with Yodlee's software would enable Yodlee to gather data from banking companies that use Corillian's software.
Corillian's Web site lists 21 large and midsize banking companies as users of its of online banking software and other products; Yodlee lists 25 banking, brokerage, and portal sites. The two have several customers in common, including Bank of America Corp., Comerica Inc., Compass Bancshares Inc., JPMorgan Chase & Co., National City Corp., and Wachovia Corp.
"As our financial institution clients look to deploy multifactor online authentication solutions, they want the ability to ensure that it seamlessly interoperates with existing online systems like Yodlee's financial applications," said Alex Hart, Corillian's president and chief executive, in a press release.
'Man in the Middle' Protection
The security vendor 41st Parameter Inc. has introduced a product that it says can signal when a criminal may be eavesdropping on an online banking session. The Scottsdale, Ariz., vendor announced the SafeSession anti-fraud software Friday. It monitors customers' online activities to determine when a new piece of hardware - such as a criminal's computer - has joined the session.
Such "man in the middle" attacks can circumvent other forms of strong authentication because the criminal - the man in the middle - relies on the customer to log in to the bank's system. Once the user has accessed the Web site, the criminal can initiate transactions, such as transferring funds.
The software works behind the scenes, said Ori Eisen, 41st Parameter's founder and chief executive. "Invisible security is the perfect solution for the man-in-the-middle attack," he said.
