Press Release

New Knowledge-Based Authentication Offering from RSA, the Security Division of EMC, Designed to Deliver Stronger Security and Convenience to Customers

RSA®’s New Release of Its Knowledge-based Authentication Service Provides More Accurate Verification and Stronger Assurance for Companies Working to Comply with FACTA Red Flags Guidelines

BEDFORD, Mass., June 24, 2008 - 

RSA, The Security Division of EMC (NYSE: EMC), today announced the latest release of its RSA Identity VerificationTM knowledge-based authentication system — a system that has previously been successfully used by companies to reduce costs and to improve security and customer satisfaction.

RSA's knowledge-based authentication (KBA) solution is designed to instantly verify customers' identities and to provide organizations with a higher level of confidence, while simultaneously reducing the risk of fraud associated with handling critical customer information.

Customer Success

One organization that has successfully leveraged RSA's solution is BNY Mellon Shareowner Services ("Shareowner Services"), an industry leading provider of stock transfer and related services that operates as part of The Bank of New York Mellon. Shareowner Services was seeking an identity assurance solution that would offer its customers the convenience of real-time authentication, while managing the risk associated with this type of information and still ensuring the security and privacy of shareowner data. The RSA Identity Verification solution helped Shareowner Services to achieve this goal, and also to improve its customer satisfaction levels and reduce call center operating costs.

"RSA's KBA solution provides real-time confirmation of customer identities, enabling companies like ours to tailor the authentication layers to satisfy business and security needs, while also protecting customers' privacy and providing a positive customer experience, with real-time secure access to our self-service Web sites," said Marc Librizzi, CIO of BNY Mellon Shareowner Services. "After implementing the RSA Identity Verification solution, we also experienced a secondary benefit, which was a significant reduction in our Call Center volume that translated to cost savings."

The RSA Identity Verification solution is supported by a highly-intelligent questioning technology that incorporates actual non-financial customer data in order to authenticate the customer in real-time, while simultaneously protecting the customer and enhancing the overall user experience. The ability to provide instantaneous matching — coupled with the fact that the answers to the questions are not easily found through searching the Internet — greatly reduces the possibility of online fraud through identity theft. Additionally, because data maintenance is not required, organizations are able to manage costs while still ensuring customers have an additional layer of security.

New Release of RSA Identity Verification

RSA, The Security Division of EMC is also today announcing the latest release of the RSA Identity Verification knowledge-based authentication service. The new version contains several enhancements that provide improved security and a more accurate verification. These new features include:

  • New Question Engine —  Additional intelligence has been added to the question engine, enabling the improved use of customer data to provide more top-of-mind questions for customers that are also statistically more difficult to beat for fraudsters.
  • Improved Identity EventTM Module — RSA has extended the service's capability to proactively monitor suspicious activity in order to better anticipate the fraudulent use of identity information. The improved Identity Event module enables adaptive system behavior that allows for both the use of questions types and question configurations to be dynamically altered - further improving verification in real-time.
  • Current Address Verification — RSA has extended the service's capacity to ensure data quality by evaluating if the submitted postal address is a current or recent address for the customer.
  • New Question Type — RSA has enhanced the diversity of information that is utilized in the service — and the accuracy of the authentication — with a new question type based on the year that an individual lived in a particular city.
  • Improved Reports — RSA has allowed service customers to choose from additional reports, allowing for ongoing configuration enhancements and improved return-on-investment.

"Traditionally identity verification systems ask questions which users have self-selected," said Chris Young, Vice President and General Manager, Identity Access & Assurance Group at RSA, The Security Division of EMC. "The RSA Identity Verification system, on the other hand, has built a new question generation engine that employs sophisticated business rules and algorithms which require no prior selection on the part of the consumer for a secure and accurate authentication."

RSA's KBA system is effective for account originations, credit card activations, service transactions, password resets and a number of other scenarios — and it is designed to work across all user touch-points: call center, online, or in-person. The transaction-based architecture means customers do not need to purchase additional software or hardware and deployment is easily configured to meet business and security requirements.

FACTA Red Flags Guidelines

The FACTA Identity Theft Red Flags guidelines require U.S. financial institutions and creditors to develop and implement a written identity theft prevention program that mitigates the risk of identity theft for both new and existing accounts in an array of industries, including financial services, utilities, health care, and telecommunications. The new enhancements in RSA's Identity Verification service are designed to provide stronger assurance for financial institutions and creditors working to comply with FACTA's Identity Theft Red Flags guidelines.

Specifically, RSA's new KBA system is engineered to provide improved accuracy in authenticating users by measuring the level of risk associated with an identity, basing much of its strength on precisely the type of information the regulation calls out as valuable - by going beyond the information typically found in an individual's wallet or consumer report. RSA Identity Verification is configurable to automatically adjust questions during the authentication process to meet the specific nature of the risk associated with an identity.

About EMC

RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle – no matter where it moves, who accesses it or how it is used.

RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit and

Press Contacts

Lona Therrien
RSA, The Security Division of EMC
781-515- 5449

Sandra Heikkinen
OutCast Communications

RSA, RSA Identity Verification and Identity Event are either registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. EMC is a registered trademark of EMC Corporation. All other products and/or services are trademarks of their respective owners.