news_VASCO questions FFIEC’s supplementary recommendations for a more secure Internet banking environment

July 12, 2011
Company calls new guidelines “a step in the right direction, but not nearly good enough”

OAKBROOK TERRACE, Illinois and ZURICH, Switzerland – July 12, 2011 – VASCO Data Security International, Inc. (Nasdaq: VDSI; www.vasco.com), a leading software security company specializing in strong authentication products and services, questions the Federal Financial Institutions Examinations Council (FFIEC) supplementary guidelines to its Internet Banking Environment Guidance issued in 2005.

VASCO believes that the original (2005) guidelines were not strong enough, and resulted in breaches. Due to the vagueness of the 2005 guidelines, many banks chose inexpensive but unsafe security measures including questionnaires about their mother’s maiden name and the color of their pets’ paws. This “meets minimum approach” has made the U.S. banking sector the target of internationally organized fraud schemes. The 2011 addendum to the FFIEC’s recommendation for a more secure Internet banking is, according to VASCO, a step in the right direction, but not nearly good enough.

The much anticipated recommendations do emphasize the importance of periodic risk assessments, layered security and appropriate customer authentication mechanisms as to mitigate risks against increasingly sophisticated fraud schemes. The council advocates more complex authentication mechanisms be put in place to protect retail as well as business customers against account hacking and identity theft. As proven abroad, only the implementation of strong two-factor authentication, including the use of electronic signatures to neutralize man-in-the-middle attacks, is an efficient method to make online banking a safer business channel.

VASCO, as a world leader in authentication, has one of the most complete lines of security products and services for strong user authentication and e-signatures available in the market today, helping financial organizations comply with FFIEC’s recommendations. With over 1,700 financial institutions worldwide in its customer base, the company already demonstrated its expertise and experience in securing customer credentials and financial transactions.

VASCO’s range of e-signature solutions guarantees transaction security and protects customers against man-in-the-middle attacks. The electronic signature is calculated using unique factors including the components of the specific transaction such as transaction amount and destination, source account information as well as timer and counter values. An e-signature allows the bank to verify that a transaction was initiated by the genuine end-user; if the transaction is not validated, the signature will be rendered useless. Consequently, the banking server can flag the transaction as possible fraud and act accordingly. The end-user in turn can rest assured that his transaction was not altered in transit.

“Effective security measures are essential to safeguard customers’ credentials and protect high-value transactions from being misdirected”, says Ken Hunt, Chairman & CEO of VASCO Data Security. “For VASCO, the FFIEC’s guidelines are a step in the right direction, but we believe that more is needed. VASCO will take its responsibility as a market leader. We will continue our endeavors to raise security awareness with both end-users and financial organizations. We hope that the FFIEC recommendations will contribute to enhance the security of the US online banking market, raising the overall banking security level to that of comparable industrialized nations.”

VASCO is a leading supplier of strong authentication and e-signature solutions and services specializing in Internet security applications and transactions. VASCO has positioned itself as a global software company for Internet security serving a customer base of approximately 10,000 companies in more than 100 countries, including more than 1,700 international financial institutions. VASCO’s prime markets are the financial sector, enterprise security, e-commerce and e-government. Forward Looking Statements: Statements made in this news release that relate to future plans, events or performances are forward-looking statements. These forward-looking statements (1) are identified by use of terms and phrases such as “expect”, “believe”, “will”, “anticipate”, “emerging”, “intend”, “plan”, “could”, “may”, “estimate”, “should”, “objective” and “goal”, “possible”, “potential”, and similar words and expressions, but such words and phrases are not the exclusive means of identifying them, and (2) are subject to risks and uncertainties and represent our present expectations or beliefs concerning future events. VASCO cautions that the forward-looking statements are qualified by important factors that could cause actual results to differ materially from those in the forward-looking statements. These risks, uncertainties and other factors have been described in greater detail in the Annual Report on Form 10-K for the fiscal year ended December 31, 2009 filed with the Securities and Exchange Commission and include, but are not limited to, (a) risks of general market conditions, including currency fluctuations and the uncertainties in world economic and financial markets, (b) risks inherent to the computer and network security industry, including rapidly changing technology, evolving industry standards, increasing numbers of patent infringement claims, changes in customer requirements, price competitive bidding, and changing government regulations, and (c) risks specific to VASCO, including, demand for our products and services, competition from more established firms and others, pressures on price levels and our historical dependence on relatively few products, certain suppliers and certain key customers. Reference is made to VASCO's public filings with the U.S. Securities and Exchange Commission for further information regarding VASCO and its operations. This document may contain trademarks of VASCO Data Security International, Inc. and its subsidiaries, including VASCO, the VASCO “V” design, DIGIPASS, VACMAN, aXsGUARD and IDENTIKEY. For more information contact: Jochem Binst, +32 2 609 97 00, [email protected] Follow us on Twitter: http://twitter.com/VASCODataNews