RSA launches identity verification product for UK

The product uses credit reference information to devise a series of multiple choice questions for authenticating people
Written by Tom Espiner, Contributor

Security company RSA has launched an authentication product in the UK which attempts to verify identities through a series of multiple choice questions.

The product, called RSA Identity Verification, uses information gleaned from credit reference agency databases and other data sources to formulate the questions.

"Based on your name and postal address, we use RSA services to aggregate information that only you can answer: information that is top-of-mind for you, but is harder for others to research and guess," said RSA head of identity verification services Brian Knauss on Friday.

The questions might pertain to an old address that is associated with the user or to the user's mortgage provider, said Knauss.

RSA Identity Verification is aimed at financial institutions and retail organisations with an online presence. The product is also suitable for call-centre authentication of users, said Knauss.

The RSA product has hosted verification for online authentication, while call-centre operatives can use a web application to hook into RSA's service. Knauss declined to say which credit reference agencies RSA would use for UK users.

Knauss said the product is intended to reduce the efficacy of third-party identity theft. However, he said that the product would not mitigate a man-in-the-middle attack hijacking a browser session.

"If the consumer is providing the right information, the session would proceed," said Knauss. "If the session is hijacked, this solution wouldn't change that."

RSA piloted Identity Verification with four customers before the product was launched in the UK on Wednesday. The product has been available in the US for five years.

Pricing is negotiable depending on the scale of usage, said Knauss.

Editorial standards