HOME » IN THE NEWS
CSO logo
March 24, 2015
Those extra five or ten seconds, while only slightly inconvenient, could have saved Premera, Anthem, and Target, said John Zurawski, vice president at Chicago-based Authentify Inc.

“The Anthem breach was discovered when a user happened to notice activity against their own account,” he said. “If that user had been required to re-authenticate via a separate channel, via their mobile phone for instance, the Anthem breach would have been discovered sooner. I suspect the same is true of Premera.”
MREM logo
March 19, 2015
During the FS-ISAC Workshop in Malaysia next week, Authentify Managing Director, Robert Soden, will host a session to explore the various fraud exploits that are threatening to FIs today and the security practices available to prevent those exploits. The session will study how out-of-band, two-factor and multi-factor authentication work to create a stronger security posture and how implementing these practices “post-login” adds further security while preserving a simple user experience.
Opus Research logo
March 18, 2015
For its part, Authentify sees the healthcare market as a booming opporutnity: “Authentify’s voice biometrics and mobile applications, paired with LifeMed ID’s automated patient identity solution, allows Authentify to expand into the healthcare market by offering a solution that helps solve the problems of accurate patient identification, record matching and patient authentication from any medical facility with a simple issuance process and minimal technical impact,” said Jeff Wilberg, director of business development at Authentify.
Biometric Update logo
March 17, 2015
Authentify, Inc. announced it has partnered with LifeMed ID, Inc. to provide “Better Together”, a combined mobile patient authentication solution with automated registration workflow for patient identity validation, accurate medical record matching, insurance verification and payment processing in healthcare.
March 17, 2015
The Authentify and LifeMed ID partnership provides a downloadable mobile application for a patient, serving as an identity token at registration to ensure accurate identity at all points of service. Once staff enrolls a patient, the patient will then download Authentify's voice recognition application to their personal mobile device.
Network World logo
March 16, 2015
Our roundup of intriguing new products from companies such as EiQ Networks and Identiv.
MobileWorldID logo
March 13, 2015
A new multi-factor authentication system could be a major tool in protecting call centers from fraud. The system, made by Authentify, is called Authentify xFA SecureCallCenter, and is an SDK aimed primarily at financial institutions for integration with their mobile apps.
Network World logo
March 13, 2015
"A call center is a particularly challenging place to authenticate individuals," said Peter Tapling, CEO at Chicago-based Authentify Inc. "It's generally based on things like mother's maiden name, Social Security numbers, and addresses."
Planet Biometrics_logo
March 11, 2015
The new SecureCallCenter application assists mobile app users who wish to speak to a call center representative. To do so, a user logs into their copy of the institution's mobile app. The end user then taps a call center button, which triggers Authentify xFA's biometric authentication sequence.
Interactive Intelligence logo
March 10, 2015
"The SecureCallCenter functionality provides a one-touch connection to an institution's call center," said Alan Dundas, Authentify's vice president of Product Architecture. "As financial services customers migrate to using mobile channels as the primary connection to their accounts, reusing the authentication from the mobile app across a different contact channel makes a great deal of sense."
Bloomberg Business logo
March 10, 2015
Authentify, a leader in mobile, multi-factor authentication services for protecting user accounts from unauthorized access, today announced Authentify xFA™ SecureCallCenter, to help financial institutions fight fraud by imposters and protect call center representatives from social engineering attempts.
Information-Security-Buzz_logo
March 10, 2015
Were Sherlock Holmes engaged to look into the epidemic of data breaches, his first admonition might be reprised from The Hound of the Baskervilles, “The world is full of obvious things which nobody by any chance ever observes.”
CRN logo
March 10, 2015
As judged by analyst firm Cybersecurity Ventures.
Hacksurfer.com logo
March 4, 2015
"The fraudsters must be calling the call center, convincing someone to add an Apple iPhone 6 or better to an account, and asking to activate Apple Pay. The actual Apple Pay activation is initiated between Apple and the Bank. Apple passes to the Bank a person’s stolen credit card info, including the details backing their iTunes account," said Authentify's John Zurawski.
Security Affairs logo
March 3, 2015
The security web portal csoonline.com reported the declaration of John Zurawski, Vice President of marketing at Authentify, regarding the Apple Pay fraud, that confirm thirty percent of cross channel fraud are conducted through social engineering attacks against call center.
Yahoo Finance logo
March 2, 2015
Authentify, a leader in mobile, multi-factor authentication for protecting user accounts and sensitive data from unauthorized access, today announced that its Authentify xFA(TM) solution has been named a finalist for authentication solution of the year in Info Security Products Guide's 2015 Global Excellence Awards. Authentify, the company, has also been ranked 46th among the hot cybersecurity firms to watch in the Cybersecurity 500 compiled by Cybersecurity Ventures.
CSO logo
March 2, 2015
"The call center is typically there to resolve an issue – not do any banking. In the Apple Pay fraud discussed, the fraudsters must be calling the call center, convincing someone to add an Apple iPhone 6 or better to an account, and asking to activate Apple Pay. The actual Apple Pay activation is initiated between Apple and the Bank. Apple passes to the Bank a person’s stolen credit card info, including the details backing their iTunes account," he said.
Cutimes.com Logo
March 1, 2015
After a recent revelation by international security software firm Kaspersky Lab that some of the largest banks in the world had an estimated $1 billion stolen from them during the past 24 months, a few questions linger.
Secure ID
February 25, 2014
There is a dichotomy between the authentication practices of an employee versus those of the consumer or home user. An employee is influenced by a paycheck and the corporate IT department and as long as they’re being paid, the IT department specifies and directs what type of authentication strength the employee is required to use.
CSO logo
February 9, 2015
"This type of session hijacking attack is post-login - once you login, the network maintains a session token that indicates the user in this active session was authenticated. Malware on your computer or in your browser - the advanced persistent threat or APT - captures that session token and is able to maintain and use it. It's a validated session, so even your two-factor authentication is beaten," Zurawski explained.
ITWorld Canada logo
February 9, 2015
CSO Online also asks if two-factor authentication could have prevented the attack. It seems unlikely given the attacker apparently already had a DBA’s credentials. “It will be interesting to discover of what exactly the DBA’s credentials consisted,” the site quotes John Zurawski, vice-president at Authentify, as saying. “If they were simply a username and a password, shame on Anthem. Even President Obama has figured out that systems containing PII need two-factor authentication, and said so in his Presidential cybersecurity directive.”
Benzinga logo
January 27, 2015
Authentify xFA™ by Authentify is now available on the Samsung Solutions Exchange™, enabling network security developers to secure online properties or networks with two-factor or multi-factor authentication on Samsung devices. The Samsung Solutions Exchange addresses the needs of line of business owners by creating holistic mobile solutions on a robust portfolio of enterprise-grade Samsung Mobile devices.
Korea Bizwire logo
January 14, 2015
Authentify, a Gartner “Visionary” authentication services vendor, today announced that its Authentify xFA mobile multi-factor authentication app was selected as the Most Innovative e-Security Solution by judges of the 2015 Technoviti Awards, sponsored by Banking Frontiers.
fedscoop logo
January 13, 2015
"The truth of the matter is information sharing is working," said John Zurawski, vice president of Chicago's Authentify Inc. "Organizations such as the Financial Services Information Sharing and Analysis Center successfully alert members to new threats, provide information on fixes and other important aspects of keeping the financial services industry safe from cyber threats.
GlobeNewswire logo
January 6, 2015
Authentify, a Gartner "Visionary" vendor of mobile multi-factor authentication services, will participate in TECHNOVITI 2015, a contest sponsored by Banking Frontiers to be held concurrently with IBEX India 2015, 15-17 January 2015. The Authentify xFA™ mobile multi-factor authentication service is under consideration for the Most Innovative e-Security Solution.
CSO logo
December 16, 2014
A fully encrypted laptop hard drive that requires a user password on boot up helps protect the enterprise against data theft and misuse when a laptop is lost or stolen. “You can achieve this kind of roll out in months,” says Zurawski.
Payments Source logo
December 8, 2014
For all the advantages e-payments offer, the average consumer is still not convinced it’s safe or secure. Unfortunately, it’s hard to argue otherwise, given recent history.
ITA logo
December 4, 2014
Ken Balich has been working for Authentify for 13 years, and has been one of the foundational members in building it to where it is now. Authentify delivers intuitive and consistent multi-factor authentication services that are dependable and multi-layered, protecting user accounts or key information from unauthorized access.
Network World logo
November 18, 2014
When you setup your network's security plan, quite often you have the big picture covered but some times there are those minute details that get shelved or forgotten. Here are a few items IT security officers should make sure they have covered.
The Street logo
November 12, 2014
Fingerprint authentication has become the go-to technology for Apple (AAPL) and Samsung (SSNLF) devices. But there are a host of other biometrics -- from eyeball scans to voice and facial recognition -- that are competing to become the dominant security method in the financial-services industry.
Secure ID
November 6, 2014
Authentify Inc. announced that Data Center Inc. (DCI), the privately-owned developer of iCore360 core banking software and related technologies, has agreed to supply its nationwide community bank clients with Authentify’s phone-based authentication services for its Inter@ct online banking features.
CRM Buyer logo
November 4, 2014
"A digital credential is only as strong as the registration process used to issue the credential. How Starwood verifies that the smartphone app is installed on a phone that belongs to the person claiming it as theirs is a critical function," Zurawski noted.
CNBC logo
November 3, 2014
"Authentify helps us provide our banks and their customers with greater protection against the increasing online criminal element," said Daren Fankhauser, DCI vice president of Research & Development. "Authentify has direct experience in our customer space, and we believe we selected the best."
CNN Money
November 3, 2014
"This isn't a battle being fought over security or ease of use," noted John Zurawski, an executive at Authentify, which secures payments. "It's a battle being fought over interchange fees that merchants pay."
CIO Review logo
October 2014
"The challenge faced by the educators is to adopt a mechanism which would ensure the identity of the students who enroll for remote courses,” remarks Tapling. Authentify’s services enable educators to perform real-time, multi-factor user authentication to ensure the same student who does the work is the same student taking tests and getting the credit.
Benzinga logo
October 22, 2014
Authentify has been named one of the "20 Most Promising Educational Tech Solution Providers" for its innovative and cost-effective identity verification solutions in use at many educational institutions around the country. The honor was recently bestowed by CIO Review, a technology magazine that focuses on sharing innovative enterprise solutions.
GlobeNewswire logo
October 6, 2014
Throughout the month of October, Authentify will be sharing password and authentication tips, ideas and security techniques to promote National Cyber Security Awareness. Each week will focus on a different topic related to cybersecurity.
PRWeb logo
October 2, 2014
The BIG Awards specialize in recognizing top-performing companies and organizations with a proprietary judging process scored by well-known and experienced leaders and executives from around the globe.
Bank Info Security logo
October 2, 2014
John Zurawski, vice president of security firm Authentify, says small business customers of Chase impacted by the breach should take steps to ensure their employee and payroll accounts are secure. "Small businesses should immediately change their passwords," he says. "The businesses affected should consent to any additional authentication factors the bank may offer."
NBC News Chicago logo
September 30, 2014
“Company officials say the hackers may have captured "account numbers, expiration dates, other numerical information and/or cardholder names," but it's not known whether they were successful in capturing the customer data.
VentureBeat logo
September 29, 2014
“The skill set of the hackers is evident in the source code. 60 to 70 percent of malware is copied from existing strains. Where the creativity lies now is in the masking and hiding of the malware within the systems, that often can’t detect it. The malware is constantly being adjusted in order to stay ahead,” Rolfe said.
American Banker Logo
September 26, 2014
"It's entirely possible they are somehow connected to your network for backup and archive," he added, which is where Bash becomes more dangerous. Most ATMs do not use the Linux operating system, but banks that build their own ATM software often use Linux, he said.
IT Business Edge Logo
September 25, 2014
One of the reasons this is so serious, Alan Dundas, vice president and product architect for Authentify, told me in an email, is because the Linux bash shell is everywhere. Many of the devices within the spectrum of the Internet of Things have Linux roots, and they weren’t designed for patches or to detect and prevent malware.
KrebsOnSecurity logo
September 16, 2014
Too many organizations only get religion about security after they’ve had a serious security breach, and unfortunately that inaction usually ends up costing the consumer more in the long run. But that doesn’t mean you have to be further victimized in the process: Be smart about your financial habits.
Mobile Market Portal Logo
September 11, 2014
As victimized celebs vowed to take legal action on these hackers, the photo hacks might just convince all users on the necessity to employ strong security measures to protect their data and persuade mass-market deployment of stronger authentication tools like two-factor authentication in the cloud, said John Zurawski
Tech News World logo
September 11, 2014
“Now that Jennifer Lawrence, Kate Upton, and others have become the poster children for hacked cloud storage, more users are beginning to understand that a little more inconvenience may be better than the alternative,” says John Zurawski.
Payments Source logo
September 9, 2014
Consider using the end user’s same mobile device, but instead of an upfront OTP for login purposes, one might use the voice channel post-login. The voice channel represents a completely different communication band from the SMS or data channel on a phone. It represents a way to do an out-of-band two-factor authentication.
Bank Info Security logo
September 4, 2014
Peter Tapling says many retail breaches start with a network intrusion that is typically traced back to weak credentials. “Any merchant that does not have two-factor authentication in place for employees and suppliers is gambling that they won’t be next.”
eWeek Logo
September 3, 2014
Security response teams at some of the card-issuing banks have already started buying back credit card numbers believed stolen in the suspected breach at Home Depot, according to John Zurawski, vice president of marketing for Authentify.
CSO logo
September 3, 2014
The consensus, Peter Tapling added, is that there’s a possibility the perpetrators of this apparent breach may be the same group of Russian and Ukrainian hackers responsible for the recent data breaches at JPMorgan and other banks.
SmartData Collective logo
September 3, 2014
"Consumers are starting to accept them as a collateral damage to the e-commerce economy. This is rather unfortunate as the costs involved in the data breaches are in the end paid for by the consumers."
IT Security Guru logo
September 3, 2014
"The number of compromised cards could rival the Target breach if indeed this breach affected all 2,200 Home Depot stores and the breach goes back to April 2014. The ‘American Sanctions’ name for the card batches for sale are an interesting twist. Is this just a group that sympathizes with Russia? Or is it a state actor involved directly?"
Cyber Defense Magazine logo
August 2014

According to Aland Dundas, “The problem lies with the practice of delivering a one-time password to the end user via SMS. In general, OTP approaches of this type were fine several years ago. They’re just not as secure as they once were. The cybercriminals have developed their own countermeasures.”

David Strom's Web Informant logo
August 25, 2014
"xFA can add multifactor security to any web service with a few lines of code. We tested xFA on a small network in August 2014. It has cloud-based components to manage multifactor security, along with apps for iOS and Android."
PYMNT.com logo
August 25, 2014
"Bankers should also watch for a wave of fraud tied to identity theft and credit scams, and thoroughly authenticate every request for a credit card replacement, new credit card or loan as well as unusual electronic funds transfers," said John Zurawski
Credit Union National Association (CUNA) logo
August 22, 2014
Add shipping giant United Parcel Service (UPS) to the list of merchants that have suffered a data breach that compromised its customers' credit and debit card information.
American Banker Logo
August 21, 2014
Community Health Systems runs a network of 206 hospitals and hundreds of satellite doctors' offices across 29 states. The breach at the company is potentially worse than the one at Target Stores that compromised 110 million customer account records last year, according to John Zurawski, vice president of security software company Authentify.
Healthcare Info Security logo
August 21, 2014
"The Heartbleed vulnerability was disclosed April 7," says Alan Dundas, a security architect and vice president at Authentify, an authentication provider. "Community Health has indicated they were breached in April and June. If one were to read those tea leaves, it's entirely possible Heartbleed was the culprit."
Biometric Update logo
August 15, 2014
All of these vulnerabilities and breaches stem from two things: Failures in network security thinking to understand and counter emerging threats, and following the old adage: I don’t need more security until something happens,” said Ken Balich, Chief Information Security Officer at Authentify"
InformationWeek Bank Systems and Technology
August 8, 2014
Overall, the true cost of data breaches is significantly higher than one would think, according to multi-factor authentication provider Authentify. The firm estimates each breach costs about $5.4 million for the affected companies.
InformationWeek Dark Reading Logo
August 7, 2014
"Using hard-coded username and passwords from hardware manufacturers without another layer of protection is security suicide," says Ken Balich, CISO at Authentify."
eWeek Logo
August 4, 2014
One company that has an interesting approach to using smartphones for authentication is Authentify. Authentify’s xFA is a cloud-based voice biometric approach that promises app authentication that would be very difficult to hack.
American Banker Logo
August 4, 2014
"What we have done is make that experience as simple, automated and friction-free for mobile users as SSL or HTTPS is on the Web."
InfoSecurity Logo
August 4, 2014
“The barrier to mass-market deployment of stronger authentication boils down to the impact on the user experience," said John Zurawski, vice president at Authentify"
Cutimes.com Logo
July 28, 2014
“Two-factor authentication has been under attack for a long time,” said Zurawski. “It should be no surprise that criminals have found ways to attack one-time passwords sent in SMS.” What’s a more secure alternative than SMS? Zurawski suggested a voice call to the consumer’s smartphone that reports the login attempt and requires confirmation."
Mobile Market Portal Logo
July 28, 2014
“Authentify, which has been in the news for its secure and affordable authentication solutions, advocates the use of the Authentify xFA platform, which is an easy-to-use, substantially more secure and affordable authentication solution, capable of competing with SMS.”
Secure ID
July 25, 2014
“As we have said many times, not all two-factor authentication techniques are of equal strength,” says John Zurawski. “An authentication technique that is applied after the transaction has been initiated is required. It must also communicate the actual transaction details to the end user via a separate secure communication channel.”
TeleAnalysis Logo
June 16, 2014
Many business cycles have been spent wrestling with the potential vulnerabilities of mobility and BYOD. The newest generations of mobile devices, however, offer considerable promise for strengthening security. Mobile solutions are currently available that offer ‘no typing’ logins using biometrics and cryptographically strong digital certificates for authentication.
data security
June 11, 2014
The new reality for retailers is that any end point, any interconnected system or any route along a network can become a point of entry for a cybercriminal, and the high value target is the data. Given that sobering reality, retailers, the credit industry and the financial services firms supporting them, must move beyond compliance with the Payment Card Industry Data Security Standard (PCI DSS) and broaden the consideration for safer computing and networking at every level.
IT Business Edge Logo
June 9, 2014

“This vulnerability shines a light on the increasing need for financial institutions (FI) to involve account holders in the ‘backend’ protection of their own accounts,” said Andy Rolfe in an email. “A ‘deputized’ customer base can help protect an FI and themselves.”

Beats Electronics
June 3, 2014
"One of the characteristics of being a smaller company is, we can come up with really great ideas and we kind of work really hard to get particular individuals to implement it," Tapling told Benzinga. "There's no replacing Apple making something available to 500 million people in a day. So I think it's going to be a combination."
Beats Electronics
June 1, 2014
"Whether or not Apple has this in mind is pure speculation, but many of the biometrics that will become common in the future need a wearable device," Tapling told Benzinga. "Apple just acquired a very 'wearable' assortment of devices with the Beats technology. Imagine a heart rate, blood pressure, vein print built into devices millions of folks wear voluntarily already -- headphones."
Chicago Technology
May 29, 2014
What happens when millions of usernames and password combinations are breached? How bad will it be? IF you're an Authentify customer, you and your end users are still protected employing Authentify's elegantly simple but extremely effective techniques for remote user authentication
fingerprint
May 27, 2014
Mobile authentication provider Authentify is to provide a way for banks, payments networks and other secure service providers to make use of the fingerprint scanner built into the Samsung Galaxy S5 to add an extra layer of security to mobile transactions.
payments
May 22, 2014
"Mobility has added a level of difficulty with regard to knowing your user or customer," says Authentify chief technology officer Andy Rolfe in the release. An end user and a device can be almost anywhere, making biometrics "the most reliable way" to ensure the device is still in the hands of the same user, Rolfe adds. "We are able to handle a wide range of use cases and end-users employing multiple biometrics."
data security
May 7, 2014
Yesterday, Target's CEO Gregg Steinhafel resigned. The recent past has been rough for the top exec, and, although the retailer has had some missteps -- such as its bungled entry into Canada -- it seems likely that its widely publicized and far reaching data breach was the catalyst for this move.
cyber world
May 2, 2014
Individuals resort to lying about themselves to protect their identities when accessing systems in today's imperfect cyber world, says Peter Tapling, president of Authentify, an out-of-band authentication service.
heartbleed
April 30, 2014
The Heartbleed Bug is so widespread around the Internet, that businesses should simply use caution and assume that they have been impacted. Read more at http://www.business2community.com/small-business/protect-small-business-heartbleed-bug-0855204#E6Zib38h1EQdMuyx.99
Info Security
April 18, 2014
The breach of e-commerce retailer LaCie is the latest indicator that more fraudsters are targeting online merchants because card-not-present transactions are particularly vulnerable...
Wall Street
April 21, 2014
Attention on cyber security has skyrocketed since the end of last year thanks to the data breaches that hit several of the nation's biggest retailers.
Bank Technology
April 21, 2014
A recent malware attack targeting bank customers in the Middle East offers some tips on how such attacks can be prevented.
Bank Technology
April, 2014
Cover Story
Finextra
March 17, 2014
We get a lot of questions about what banks should do to protect themselves against online fraud. There seems to be a lot of confusion which only gets worse as dozens and dozens of vendors start to fight different pieces of online fraud.
Digital Tran
March 10, 2014
The coming of Europay-MasterCard-Visa (EMV) chip cards to the U.S. has many American merchants worried about the inevitable shift of credit and debit card fraud from the point of sale to online channels.
Securist
March 10, 2014
The bad guys are taking full advantage of the squishy parts of the Internet's DNA. The result: massive DDoS attacks are disrupting Internet commerce, and slowing down the speed of the web.
Startups
March 4, 2014
Your e-commerce website is riddled and bounded by password barriers. From your main administrative password that allows access to your web hosting control panel to your FTP login access, passwords are deeply important from a digital security point of view.
Secure
February 25, 2014
Authentify announced that it has been selected to support the American Association of Motor Vehicle Administrator's pilot project for raising the level of trust in online identities.
Banker
February 25, 2014
A new set of specifications that could strengthen security for websites and mobile apps is receiving strong support from payments and technology heavyweights.
Forbes
January 31, 2014
Leaked screenshots from @evleaks about Samsung's next Galaxy device, the S5, suggest Samsung is jumping head first into the biometricification ofmobile.
Data Risk
January 29, 2014
Here are three keys trends that departments are facing in their efforts to keep company assets under control and minimize potential sources of ...
Innovation
January 28, 2014
In the decades following the tragedy of 9/11, air travelers around the globe became accustomed to heightened security levels for access to air travel. High security at airports became 'normal.' A similar shift for electronic commerce is inevitable.