Thought Leaders in Cyber Security: Datablink CEO Alexandre Cagnoni (Part 2)

Sramana Mitra: Are your customers large enterprises or mid market? Where is the sweet spot of your audience?

Alexandre Cagnoni: I would say that it would be medium and large enterprises. In the financial sector, we have both medium and large banks that have millions of devices. We have customers with 10 to 20 users using our solution, and we also have customers with millions of tokens deployed.

Sramana Mitra: I would like to do three different sector-based discussions next. Let’s talk about banking. What is the competitive landscape around fraud prevention and authentication solutions in the banking industry that you play in and how do you compete?

Alexandre Cagnoni: It’s interesting to see that each region has a different requirement or need. At the end, they all have the same issues. Fraudsters are using all the technology available to get to your account and do wire transfers and even pay bills using your account. A lot of banks have been deploying some sort of risk-based solutions, but we know that that’s not enough. In 2011, there were a huge number of frauds in US. Even the FBI was involved.

At this time, the FFIEC defined a new directive for banking transactions. They were recommending what is called an out-of-band transaction validation, which basically means that if I’m doing a transaction over the Internet, I need to use something external to validate the transaction. For example, my mobile phone. In this way, you can guarantee that a real person is doing the transaction.

As an example, we have a case of a bank in Brazil that’s 100% digital. They don’t have branches. They do everything through mobile and Internet. Depending on the risk of the transaction, they’re going to send a push message to our mobile token and say, “Are you trying to do this transaction?” It’s going to show where you’re trying to wire money to and how much. You have the opportunity to approve the transaction on your phone. What you see is what you sign. You have the opportunity to really validate the transaction through your phone or any hardware token.

The biggest opportunity for us in this market is for a solution that can not just authenticate users. A lot of people are used to tokens and just typing a one-time password (OTP) that changes every 30 or 60 seconds. We do a little bit more than that. We not only authenticate the users, we also do transaction validation. If the bank sees a high-risk transaction, they have the opportunity of validating the transaction.

Sramana Mitra: Let’s take the next sector use case. You talked about the general corporate fraud prevention. How do you play in that? Whom are you competing with there?

Alexandre Cagnoni: In terms of corporate security, we’re talking about companies that need to prevent unauthorized access to their systems. Let’s take Home Depot for example. According to their report, it took only one username and password from a service provider which had access to the network so that the hackers could invade the network and gather all information about credit cards and emails.

The way we work is providing an authentication platform either by using your mobile phone or your token where you can assure that the right person has the right access to your system. One of the things that differentiates us from a lot of the vendors that are around is most of the other vendors use OTP. The phone or token is generating dynamic passwords. Someone could potentially call me using what we call social engineering and say, “I’m from this company. We’re having a problem with your account. It is locked so I need your OTP in order to unlock your account.” A lot of users provide their OTP.

We have different ways of authenticating. We authenticate using a push message in your app saying, “This person is trying to access your account at Salesforce. Do you authorize the access?” This prevents unauthorized access or social engineering. We also have the challenge response authentication. Let’s say I’m trying to access Salesforce on my computer, I have to take my mobile app and point to the screen, read the code, and it will generate a password that only my phone can generate. It makes sure that you’re the right person in front of the computer. This is how we differentiate from the market. We do offline authentication. We also do push-based authentication, which I feel is the future. The future is in migrating from SMS-based authentication to a push-based authentication.

This segment is part 2 in the series : Thought Leaders in Cyber Security: Datablink CEO Alexandre Cagnoni
1 2 3 4 5