] Authentify|Register delivers a practical solution to a ] difficult business problem: verifying the identity of a ] Web user. Authentify's powerful solution enables ] organizations to perform real-time, two-factor user ] authentication during an Internet session via a standard ] Web browser and telephone line. By placing an automated, ] outbound telephone call to an end user during an Internet ] session, organizations are able to unlock the power of ] the Internet by leveraging the reach and trust of the ] world's most widely deployed infrastructure, the ] telephone network. Authentify will greatly reduce the ] risk of fraud in online transactions, without sacrificing ] the reach or immediacy of the Internet. Heard about this in an RSA Conf roundup. Interesting concept -- linked back to the BBS days of the SysOp making an inbound call back. The idea is that for doing something "weird" in an ecommerce transaction, the system can verify the user's identity or at least produce an audit log. Obvious questions of how well this handles synthesized voices (Sneakers) and particularly VoIP. But both of those attacks require a great deal more personal attention to perform a more sophisticated attack, and so this is probably a good service for mass-market ecommerce applications. |