Commenting on a report from the European Forum on the Security of Retail Payments – which recommends the use of strong two (or more) factor authentication for online payments – SecurEnvoy says it welcomes the conclusions.

 According to Steve Watts, co-founder of the tokenless® two-factor authentication specialist, news of the report’s recommendations are effectively qualified with an observation that the client-side hardware for use with the authentication process may not be as easy to use as you might think.

“Coupled with the fact that the report makes reference to the issue that, if something goes wrong with the authentication hardware, then solving this problem takes time – i.e. `It is desirable that PSPs perform the screening and evaluation procedure within an appropriate time period, in order not to unduly delay execution of the payment service concerned’ - this is why we recommend that clients use our tokenless two-factor authentication (2FA) system as, because it is a mobile phone-based process, it is very easy to solve problems in real time,” he said.

 “This is one of the key advantages of using a tokenless form of authentication with a mobile phone as the authentication medium, as most problems can be solved by simply rebooting the mobile handset – just try doing that with a sealed hardware authentication token,” he added.

 Watts went on to say that he welcomes another observation of the news report, namely that most Web sites make it quick and easy – almost too easy - to reset a single-factor authentication password if the user has forgotten the code.

 For most users of online services, he says, it is often a straight choice between using a relatively insecure authentication process – i.e. using an ID and password – or using a relatively cumbersome authentication hardware device, which requires the user carry the hardware token around with them.

 With SecurEnvoy’s SecurAccess tokenless® 2FA technology, he adds, there is no need to use an hardware-based authentication token, as SecurAccess turns any mobile that can receive SMS texts into an authentication token.

 This is, he explained, a key step in making the process simple enough for all staff within an organisation to use without too much thought - essentially allowing organisations to provide remote staff with industry standard 2FA without the pain and cost of deploying legacy hardware tokens.

 Using this approach, says Watts, allows organisations to achieve what IT professionals called `stakeholder buyin’ and encourages to think positively about the authentication process – as well as using the secure login process without worrying about losing a token or having to understand how the token works.

 Furthermore, he adds, because SecurAccess integrates fully with Microsoft Active Directory, Novell E-Directory, Sun Directory Server and OpenLDAP technologies, it easy to integrate from the IT side of things, with no additional database being required.

 “The bottom line here is that, not only is tokenless 2FA technology just as secure as a hardware token-based system, but it’s a whole lot easier for staff to understand and use. And, of course - from a direct and indirect cost perspective - it is a lot cheaper to deploy and maintain,” he said.

 “Factor in the additional advantage that the system can be changed on the fly if needed – which is something you cannot easily do a hardware token-based platform – and it’s no wonder that a growing number of businesses are moving up to the multiple advantages that tokenless 2FA technology now offers them,” he added.

 “It is interesting to note that the news report recommends that organisations come up with a `Plan B’ option for when their hardware system fails to deliver. With a tokenless 2FA platform, a Plan B option will almost certainly not be required – this is another advantage of an integrated software-based approach.”

 For more on SecurEnvoy please see http://www.securenvoy.com or http://www.bringyourowntoken.com

 For more on the European Forum’s latest security report: http://bit.ly/Iic1dG

 ENDS (600 words)