iovation Announces AccountLock(TM); Consumer Online Fraud Detection Application Exceeds FFIEC Guidelines for Financial Institutions

PORTLAND, Ore.--(BUSINESS WIRE)--Dec. 7, 2005--iovation, the first online fraud detection solution that tracks the reputation of devices, today announced the release of AccountLock(TM), a family of authentication products that guard against unauthorized account access while offering multiple levels of user control, visibility and implementation stages depending on institution's needs. AccountLock is an enterprise application targeted to financial institutions requiring strong, online authentication methods to meet FFIEC guidelines. Built on the company's widely adopted ieSnare(TM) and Device Reputation Authority(TM) (DRA) online risk management system, iovation's AccountLock product line offers immediate and long-term defense against unauthorized account access.

"Consumers are ready for financial institutions to take action against fraudsters who attempt to access account information. We created AccountLock to meet this demand," said Greg Pierson, president and CEO of iovation. "iovation has affordable, visible and effective solutions that consumers actually want to use."

“The Javelin 'A.C.E.' assessment model for strong authentication solutions, based on affordability, consumer usability, and the effectiveness of the solution, places device recognition solutions among the most highly ranked”

In a recent guidance announced by the FFIEC, banks and other financial institutions, "should implement multifactor authentication, layered security, or other controls to mitigate risks." iovation recommends a phased approach to fighting online fraud. First, AccountLock defends online bank accounts by providing a strong two-factor authentication feature -- transforming the user's login device or PC into a powerful second security factor to guard against unauthorized account access. This first line of defense also helps financial institutions meet FFIEC guidelines.

iovation's solutions can further strengthen defenses against unauthorized online access by allowing end-users to exercise control over which computers can access their accounts. Users simply lock a device(s) to their online financial accounts for two-factor two-way authentication. Even if a user is phished, the stolen login ID/Password information is rendered useless unless the fraudster has access to the victim's physical computer. Two-way authentication allows the user to confidently recognize the Web site by pre-defining names for their computer. By deploying AccountLock, banks give consumers the flexibility to control their own access.

Bruce Cundiff, Research Analyst at Javelin Strategy & Research, indicates that limiting online account access to certain devices, PCs and otherwise -- with additional authentication measures necessary for login via unrecognized devices -- is a superior security and authentication solution. "The Javelin 'A.C.E.' assessment model for strong authentication solutions, based on affordability, consumer usability, and the effectiveness of the solution, places device recognition solutions among the most highly ranked," Cundiff said.

AccountLock provides strong multifactor authentication without costly and burdensome hardware by allowing access only from authorized devices. AccountLock provides a layered approach to combating online security and fraud problems. By empowering consumers with the tools to protect their online accounts, AccountLock reduces the risk posed by phishing attacks and other criminal behavior.

About ieSnare and Device Reputation Authority

ieSnare is a back-end fraud protection system that matches distinct device identities to online accounts. A database matching system, called the Device Reputation Authority, links devices and accounts allowing merchants to identify and flag fraudsters without revealing personal information. Once these devices are identified, forensic information can be shared with all organizational networks protected by ieSnare. This allows subscribed networks to make business decisions about individual connections, and allow, limit, or prevent access based on the reputation of the devices involved.

About iovation

iovation, based in Portland, Ore. develops fraud-management systems for companies besieged by significant online fraud issues, particularly stolen credit cards, chargebacks and cyber-crime rings. The company has pioneered a unique online fraud-detection technology that links users and their accounts with physical devices, and shares the reputation of those devices with other subscribers. iovation currently manages the reputation of millions of devices.

Legal Notice: All rights reserved. iovation is either a trademark or registered trademark and the iovation logo is a service mark of iovation. Other product or service names mentioned herein are the trademarks of their respective owners.