Sunday, April 09, 2006

Device From 1980s Makes Phishing Attacks Impossible

Kendal Halt Story

A recent survey estimated that almost two million Internet users in the U.S. inadvertently gave personal information to cyberscammers last year. Increasingly the weapon of choice is a "phishing" expedition, in which a con artist poses as your bank and asks you to go online and confirm details such as your account number or password. Such attacks cost credit card companies and banks some $1.2 billion in 2004. But a small technology firm came up with a security solution to stop phishing attacks years ago. Only recently, says Kendall Hunt, the founder and CEO of Vasco Security, based in Oakbrook, Ill., has the market come around to the login security pass that Vasco has been selling for nearly a decade.

Launched out of Hunt's basement in 1984, Vasco is now among the hottest firms in the data-security industry offering computer security solutions. Its projected revenues for 2005 will climb 74%, to $52 million, while profits are on track to rise 20%, to $33 million. Vasco's stock, which trades on Nasdaq, has surged nearly 400% over the previous 12 months, to nearly $11.

The anti-phishing technology Vasco developed is called two-way authentication. It uses a small token, called Digipass, that shows a six-digit number that changes every 30 seconds. To log on to a bank's website, a user must enter the number from the token. A server at the bank or credit card company keeps track of which numbers are currently valid for which users. In other words, no Digipass, no access.

To be sure, Digipass hardly boasts cutting-edge technology. Similar security products are sold by larger firms, such as RSA in Bedford, Mass., which has 65% of the market. And as Internet security rivals contend, two-way authentication is "only a small piece of the security pie," says Brad Miller, CEO of Milford, Conn.-based Perimeter, which provides data-security services ranging from firewalls to spam to phishing prevention and content filtering. What sets Digipass apart is its price, about $7 a user on average, compared with $10 or more for rival models. It's a no-frills version, safer than passwords alone and good for tasks such as online banking and e-mail. Whether this technology will finally end phishing attacks is yet to be seen.

During the past decade most of Vasco's clients were overseas. (It does business in about 80 countries.) "A lot of U.S. companies simply weren't that interested in data security," says Hunt, 60. "I guess the market wasn't quite ready." But with phishing and other online fraud on the rise, the market here is more than ready now.