RSA Sells Off Knowledge-Based Authentication Service To LexisNexis


LexisNexis Risk Solutions acquired RSA's dynamic knowledge-based authentication technology in a deal that ends a six-year relationship between the two companies.

Atlanta-based LexisNexis said it would integrate the technology into its identity-proofing portfolio for identity management and anti-fraud. Knowledge-based authentication is used by financial services firms, call centers and other companies to verify a person's identity through a series of questions, which are generated through public databases.

EMC acquired the technology in 2007 as part of its acquisition of Verid and placed it in the RSA authentication business. In a blog post, Sean Brady, an RSA product marketing manager, said the company sold off the business to focus on its SecurID hardware token business and other core competencies. Brady said RSA and LexisNexis had been working closely together to support the verification service.

[Related: Big Data Could Bolster Security Models, But It's Early: RSA Chairman]

"LexisNexis has been a key data services provider for the RSA Identity Verification service, supplying the identity-specific data necessary to perform identity-proofing and verification," Brady wrote. "LexisNexis has also been a reseller of the RSA Identity Verification service into a number of accounts."

Brady said LexisNexis will assume full command over operations, road map and support following a brief transition period. LexisNexis will put in place a new account team and change the domain and branding of the service, he said.

The space for knowledge-based authentication and call center anti-fraud services has grown in recent years. Atlanta-based Idology competed directly with Verid at the time it was acquired by EMC. A number of businesses also competed with RSA, including Equifax and TriCipher, now part of VMware.

All the services use dynamic knowlege-based authentication technology to tap into various public record databases to quickly generate questions. Most companies such as RSA that offer an interface to do knowledge-based authentication on the back end are just hooking up to a database resource, said Eve Maler, a principal analyst at Forrester Research. The services differentiate themselves by being able to quickly generate the right questions to verify the individual, Maler said.

"It's not typically used by a website for routine authentication; it's used for voice channels a lot," Maler said. "Call centers typically don't have very good ways to verify caller identities."

Other companies provide verification and fraud detection through other methods. Atlanta-based startup Pindrop Security, which specializes in phone fraud, uses publicly available information to cull a database of fraudulent phone numbers and assigns risk scores based on a number of factors.

LexisNexus said it would integrate the technology into its verification service. The company's knowledge-based anti-fraud product is called InstantID Q&A and is used by more than 200 organizations, the firm said.

"This investment demonstrates our commitment to provide -- and continuously improve -- our capabilities in identity management to help our customers make the right decisions and fight fraud, while protecting their customers from identity theft," Dennis Becker, vice president of identity management at LexisNexis, said in a statement.

PUBLISHED APRIL 4, 2013