Security start-up banks on online success

24 Jul 2006

An Irish IT security start-up is in early-stage discussions with several Irish banks about deploying its patented technology for authenticating online customers, has learned.

The company, 2SA+, was spun off from the Dublin-based IT security firm Ward Group last year and has developed a two-factor authentication system that can be used for online banking services. Patents for this system have been supported by Enterprise Ireland.

For 2SA+, the USA is a prime market because of a new regulation advising banks that they must have strong authentication for their online services by the end of this year in order to decrease the chances of frauds and phishing. “The US is a target but you’ve got to get peer status,” said Pat McKenna, chief technology officer with 2SA+. “If you want to sell a security product into a bank, if it looks for a reference site it looks for a peer like another bank, as against a school or university.”

According to McKenna, the 2SA+ product, called FlexGrid, is considerably cheaper to implement for banks than password-generating token technology which is based on the same authentication principle. He confirmed that 2SA+ has had discussions with three Irish banks about possibly implementing the system. “I’d say we will have some acceptance testing by Christmas,” he said.

Two-factor authentication is so called because it requires something the user knows — such as a PIN number — and something they have. In the latter case, it is a card with a grid showing a range of numbers unique to every customer. When visiting an online bank using this system, the user enters their ID as usual and would then be prompted with a sequence of numbers with a grid reference below each one.

By looking at the screen, only the genuine user would be able to tell which of those numbers match their PIN code. By typing in the numbers located at the same grid reference on their card, the user would be allowed to access the site. Each time the customer visits the site, the PIN would appear in a different sequence or would refer to a different point on the grid, so that the user never enters the same combination of numbers twice. An online demo of the system is available at

McKenna pointed out that with the 2SA+ product, the user’s PIN code is never sent via the internet and therefore can’t be compromised or hacked. Equally, if the user loses their card containing the number grid, that itself is useless without the PIN, which only the customer knows. “The security is in the process, not all the lines of code,” McKenna added.

By Gordon Smith