ValidSoft Opens U.S. Office as Part of Global Effort to Help Financial Institutions...

ValidSoft Opens U.S. Office as Part of Global Effort to Help Financial
Institutions Better Protect Against Sophisticated Electronic Attacks
VALid(R) Offers a New and More Secure Form of Non-Repudiation for Financial
Transactions by Combining Web and Telephony-Based Communications Channels
Together to Authenticate Users and Verify Transaction Content

NEW YORK, May 20 /PRNewswire/ -- ValidSoft, a leading supplier of strong
authentication and transaction verification solutions, today announced the
opening of a U.S. office as part of the Company's global directive to help
banks and financial institutions protect against credit card and online
banking fraud perpetrated by sophisticated Internet attacks.  The Company's
VALid(R) suite of products provide protection against the most sophisticated
fraudulent techniques and offers a new method for non-repudiation of financial
transactions, using a separate Out-of-Band (OOB) communication channel to
complete the customer authentication and verify the content of the Web-based
transaction. Use of the second telephony-based channel is vital to uncovering
a potential fraud in the event that the Web-based communication channel is
compromised, allowing the user and the bank to terminate the transaction
immediately and avoid theft and fraud.
    "User authentication alone, regardless of strength or technique used,
including OOB, provides no defense against sophisticated fraud such as
Man-in-the-Middle and Man-in-the-Browser," said Pat Carroll, CEO of ValidSoft.
"One only has to look at the successful attacks on banks the world over that
thought they were protected. Only transaction verification can provide this
level of protection."
    A new approach to non-repudiation, such as that of ValidSoft, is vital for
protecting against the latest most sophisticated forms of attacks like
Man-in-the-Browser (MitB) that alter transaction content in a completely
invisible fashion.   These attacks bypass Public Key Infrastructure (PKI)
encryption and client-side digital certificate protection, rendering this
traditional form of non-repudiation in-effective.
    According to Avivah Litan, VP Distinguished Analyst, Gartner, Inc., "A
Man-in-the-Browser (MitB) attack can usurp or 'piggyback' on a legitimate user
access to the bank's Web site and can be programmed to corrupt a transaction
'in-flight' and prior to PKI encryption/transmission to the Bank. This means
that Digital Certificates can no longer be regarded as a form of non-
repudiation since they are now vulnerable to Man-in-the-Browser attacks."
    In the Hype Cycle for Information Security, 2007, published on September
4, 2007, Out-of-Band technology is now regarded by Gartner, Inc. as early
mainstream.  Many of the leading U.S. financial institutions are actively
looking at embracing OOB as a key component in their fight against fraud.
    In addition to providing a highly secure environment, ValidSoft and the
OOB transaction verification approach can be a business enabling technology.
Banks, governments and other institutions can achieve cost savings by
automating certain manual operations. For example, high-risk, high-cost
transactions such as simple address changes can be migrated to the web in a
completely secure self-service fashion, providing an enhanced service to the
customer and millions in cost reduction to the organization. In today's
restricted market, this will increasingly be seen as the business driver in
deploying OOB transaction verification technology.
    About ValidSoft
    ValidSoft is a global software engineering company that provides the
safest and most effective method for verification and non-repudiation of
financial transactions by using a layered Out-of-Band (OOB) approach for
customer authentication and transaction verification.  Financial institutions
and banks around the world with electronic applications that provide
competitive advantage are embracing the solution as the best means to protect
against fraud and theft from sophisticated attacks that bypass traditional
forms of security such as PKI and two-factor authentication.  Validsoft has
offices in the U.S., Europe and Asia Pacific. For more information, visit
www.validsoft.com.
SOURCE  ValidSoft

Thomas Morling, ValidSoft, +1-732-388-1297, Thomas.Morling@validsoft.com