MasterCard has announced the launch of a solution that harnesses the mobile phone as a form factor for its Chip Authentication Program. According to MasterCard," the initiative focuses on enabling consumers to authenticate their banking and online transactions through their own mobile phone with solutions from three leading industry vendors." READ MORE

Ten industry leaders — Yahoo!, PayPal, Google, Equifax, AOL, VeriSign, Acxiom, Citi, Privo and Wave Systems — have announced "they will support the first pilot programs designed for the American public to engage in open government — government that is transparent, participatory, and collaborative. This open identity initiative is a key step in President Obama's memorandum to make it easy for individuals to register and participate in government websites — without having to create new usernames and passwords. Additionally, members of the public will be able to fully control how much or how little personal information they share with the government at all times."

These companies will act as digital identity providers using OpenID and Information Card technologies. The pilot programs are being conducted by the Center for Information Technology (CIT), National Institutes of Health (NIH), U.S. Department of Health and Human Services (HHS), and related agencies. The participating companies are being certified under non-discriminatory open trust frameworks developed under collaboration between the OpenID Foundation (OIDF) and the Information Card Foundation (ICF) per the federal government Trust Framework Provider Adoption Process. READ MORE

MasterCard has announced that it has approved personal card readers and authentication servers from four vendors for MasterCard Advanced Authentication for Chip - a new EMV authentication solution that leverages the hundreds of millions of EMV cards already in the wallets of cardholders. According to MasterCard, "banks looking to manage the growing threat of online fraud can today deploy this best-of-breed two-factor authentication solution by working with leading providers to the payments industry: DSSS, Gemalto, Logos and Thales." READ MORE

Gemalto has announced commercial launch of the Ezio Optical TAN, a unique optical authentication reader for online banking access that is specially designed for the German market. According to the company, "the reader, the size of a credit card, fits in a wallet along with the banking card. Users present the device in front of their computer screen and optical sensors capture the data they would normally enter from the reader keypad to carry out and sign online transactions. No software needs to be installed to use the device." READ MORE

Acxiom has announced the introduction of a digital identity card as a beta offering for retail merchants, corporations, financial institutions and other organizations that wish to offer a privately branded identity card to their customers.

According to Acxiom, "a digital identity card allows consumers to establish new online accounts and log in to existing accounts with a unique, encrypted identity that is stored on the consumer’s personal computer. This is the digital equivalent of a privately branded identity card that is typically carried in a person’s wallet." READ MORE

Equifax has announced "a suite of products and industry initiatives to protect consumers' identity online and enhance security for personally identifiable information. Led by Ron Carpinella, vice president of identity management and identity marketing, Equifax's "Identity 2.0" program builds a pipeline of products that make online transactions easier and more secure for consumers and businesses. The Equifax I-Card(TM) and its enhanced authentication offering, eIDverifier(R), are two of the company's initiatives." READ MORE

VeriSign has announced its VIP Access for Mobile application is now available in the Apple iTunes App Store. The application turns the iPhone into a dynamic VIP one-time-password (OTP) credential that can be used in conjunction with a username and password to strengthen the security of online accounts. See Glenn Fleishman's review on TidBITS. READ MORE

ThreatMetrix, a on-demand fraud detection company, has announced that it has relocated to the US from Australia where the firm had been based since its inception in 2005. "A pioneer in device identification technology, which is quickly becoming the de facto standard in online fraud detection, ThreatMetrix will operate from Los Altos, California, in the heart of Silicon Valley. The company will continue to maintain research-and-development operations in Australia." READ MORE

iovation has announced that it "helped eCommerce companies stop more than 3.5 million fraudulent activities in 2008. Using innovative device reputation technology to identify computers that have been associated with fraud or abuse in the past, iovation enables online businesses to proactively block bad transactions before they happen to reduce fraudulent activities and other unwanted behavior across multiple industries." READ MORE

Gemalto has announced that its Ezio Pocket Reader is "the first fully certified reader made available to the market for MasterCard Advanced Authentication for Chip. The Advanced Authentication for Chip specification allows two-factor authentication on any EMV card already in use, whether or not it has been personalized according to the MasterCard Chip Authentication Program™ (CAP)." READ MORE

Authentify has announced that HSBC has deployed Authentify’s services to protect online and remote transactions from fraud. According to the company, "HSBC, the world's largest bank by asset size, is using Authentify’s services to automatically authenticate online users attempting certain transaction against HSBC accounts. The out-of-band process requires user or transaction specific details to be entered via telephone, separately from the Internet side of the exchange. The process isolates the authentication from Internet threats making it more difficult to tamper with an account even if armed with compromised identity information." READ MORE

The Federal Trade Commission has issued a report titled "Security in Numbers - SSNs and ID Theft" recommending five measures to help prevent Social Security numbers from being used for identity theft. Principal among the report’s recommendations is that Congress consider taking action to strengthen the procedures that private-sector organizations use to authenticate their customers’ identities. READ MORE

Visa has announced that Visa cardholders in Taiwan and mainland China are the first Visa cardholders in the world to be able to use a new mobile phone-based one-time password to authenticate themselves when they use their Visa card for purchases over the internet.

Participating in the new Visa service are Chinatrust Commercial Bank and China Everbright Bank in China. The new service utilizes Verified by Visa, an online authentication tool that provides cardholders an increased level of protection when they shop online. READ MORE

A recent survey conducted by Unisys finds that "a majority of Americans are comfortable using common biometric technologies for authentication. More than 70 percent of respondents will trust banks and government agencies to ask them for biometric data for identity verification. Additionally, fingerprints nearly tied personal passwords as the primary preferred authentication method, 73 percent to 72 percent, respectively."

Bank of America has announced the release of the SafePass(R) Card - a "new wallet-sized card essentially builds on SafePass, a one-time-use, six-digit code sent as a text message to consumers' mobile devices to authorize and help safeguard sensitive transactions." READ MORE

PayPal has announced a new way for members to add even more security to their PayPal accounts using their mobile phones. PayPal members can now choose to receive a unique six-digit security code via text message to their mobile phones prior to logging in to their accounts. READ MORE

Equifax has announced the Equifax online identity card or I-Card, with a beta test of what it is calling "a first-of-its-kind digital identity management solution that is designed to make online transactions easier and more secure for both consumers and businesses." READ MORE

Tom Wills, Senior Analyst, Security and Fraud, at Javelin Strategy and Research has published a new report titled "Consumer Authentication for Retail Banking: Compliance Does Not Equal Security".

"With the majority of financial institutions in compliance after the frenzied rush to meet the authentication requirements of the 2005 FFIEC Guidance, a number of financial institutions have relaxed into a satisfied mode. Compliance is not security, however, and complacency increases risk. Weaknesses have already been proven for widely adopted methods such as mutual authentication and device recognition." READ MORE

Aladdin Knowledge Systems has announced a partnership with IdenTrust to provide identity authentication solutions for secure online banking and financial transactions. READ MORE

Citi has announced the launch of a high-assurance digital identity solution — Citi Managed Identity Services - saying it "enables Citi clients to use digital identity and signature technologies to effectively and securely manage the exchange of electronic information in digital commerce and business critical transactions." READ MORE

Gemalto has announced that over one million Barclays Bank customers in the UK are using its cryptographic smart card reader, called PINsentry by Barclays, to provide stronger authentication for online banking. According to Gemalto, "the bank started deploying its strong authentication program in July 2007 and not one PINsentry online customer has suffered fraud since then. User feedback has proven extremely positive and Barclays observed that customer acceptance was higher than anticipated by 30 percent." READ MORE

Google today announced an enhancement to its Gmail service - one that is designed to enhance login security and to better protect Gmail accounts from takeover attempts.

Gmail will soon display information about whether the account is currently open on another computer - as well as displaying recent activity on the Gmail account. Also included is a one click way for a user to sign off any other Gmail sessions that may be in progress.

This is an enhancement to basic sign-on "hygiene" - and an approach that online bankers may want to take a hard look at with respect to adding to their online banking services. TechCrunch comments on this new Gmail feature as well.

ID Analytics has announced the availability of ID Analytics for Authentication - calling it "a network based authentication solution that enables organizations to validate customer identities during online and call center interactions. ID Analytics for Authentication accurately separates legitimate and suspicious identities while reducing customer abandonment rates and lowering the cost of an authentication session by up to 50 percent." READ MORE

Alliance & Leicester Commercial Bank has announced that it has implemented 3D Secure on its BillPay websites. "Better known to the public as “Verified by Visa” and “MasterCard SecureCode”, 3D Secure is designed to protect cardholders against unauthorised use of their debit or credit cards online." READ MORE

The Information Card Foundation has officially launched its web site and posted its announcement press release. The founding companies say it's their goal "to advance a simpler, more secure and more open digital identity on the Internet, increasing user control over their personal information while enabling mutually beneficial digital relationships between people and businesses." READ MORE

Robert Vamosi reports for Cnet News.com on the Information Card Foundation, a new group created by Equifax, Google, Microsoft, Novell, Oracle, PayPal, and others to "increase awareness of the use of electronic ID cards on the Internet, and encouraging interoperability in business around new standards." The Information Card Foundation website should be updated with more information on Tuesday. See also Dark Reading's article today. Laurie Flynn covers the story in Tuesday's New York Times.

Chris Skinner blogs about the results of a discussion earlier this week at the Financial Services Club in London on the question of whether current authentication and identification methods are good enough.

RSA has announced the worldwide availability of the RSA SecurID 1100 Display Card, "an event-based, one-time password (OTP) authenticator in a flexible card form-factor designed to help financial institutions and their customers secure online accounts and transactions with two-factor authentication." READ MORE

Glenbrook's Carol Coye Benson posts a rant on her latest experience as a customer being forced through a knowledge-based authentication drill with a vendor (AT&T) who already knows her well.

Acxiom has announced FactCheck-X Authenticate - calling it "a more secure means of online account authentication. Based on unique, biographically based question-and-answer sessions for account holders, businesses are more secure and customers can experience a better online authentication experience." READ MORE