RSA, based in Bedford, Mass., will pay $145 million, including $136 million in cash, for Cyota, which is privately held. The company said it plans to blend its secure authentication hardware and software with Cyotas anti-fraud technology to protect consumer identity and online transaction information.
The acquisition came amid news of shuffling at RSA, which also announced the departure of Jeff Glidden, the companys chief financial officer, and a plan to restructure and consolidate its engineering staff globally.
Cyota makes a number of secure authentication and anti-fraud products that are used by banks and financial services companies. The companys products all rely on Cyotas eRiskEngine and eFraudNetwork technology, which compile data from a number of sources to spot fraudulent activity.
Cyotas eVision and FraudAction are anti-fraud and anti-phishing products that are used by banks to spot and shut down phishing Web sites that pose as legitimate customer portals to steal sensitive information. SecureSuite is a payment security platform that is used by credit card-issuing banks to authenticate online payments.
The company also sells eSphinx, a two-factor authentication technology for online banking customers, and eStamp, a Web site watermarking program that is designed to thwart online fraud.
RSA said it will combine that risk calculation technology with its own products and sell risk-based layered authentication products. The company also plans to sell itself as a one-stop shop for online security that can sell to banks, e-commerce companies, and consumers and merchants.
"Financial services customers, in particular, are looking for different types of authentication solutions," said John Worral, vice president of worldwide marketing at RSA.
RSA will be able to offer customers a range of authentication technology, from inexpensive solutions like challenge/response questions that add an additional factor to user names and passwords, to more expensive smart-card technologies that use digital signing and digital certificates, Worral said.
"It comes down to determining the right solution based on the risk, the potential downside and … the cost of ownership," Worral said.
In the short term, RSA will be integrating Cyotas risk services into RSAs consumer authentication business. The company sees affinities between Cyotas monitoring, risk analysis and alert services, and RSAs token business. In the future, RSA tokens could be used to authorize—or block—transactions that are flagged by Cyotas real-time monitoring service, Worral said.
RSA may be trying to tap into growing demand among financial services companies for technology that can spot fast-moving and ill-defined threats like phishing and pharming attacks, as well as Trojan horse programs.
The company may also be looking for a way to build on the success it has had in the financial services arena with customers like eTrade Financial Corp., said John Oltsik, a senior analyst with Enterprise Strategy Group in Milford, Mass.
"It seems like theyve decided that [securing consumer financial transactions] is a niche they want to focus on," he said.