RSA Security said on Monday that it acquired PassMark Security, a maker of lightweight authentication technology.
RSA paid $44.7 million in cash and stock for PassMark, of Menlo Park, Calif., and plans to add the company's technology to expand a growing portfolio of consumer authentication technology, including products and services acquired with Cyota in December last year.
PassMark makes Web authentication technology that allows Web sites to use multiple "factors," such as user names, passwords, and challenge questions to verify log-ins. The company also has technology for displaying unique images, or "PassMarks," that help defeat phishing attacks on Web sites.
Bank of America uses a version of PassMark's technology to secure sessions at its online banking Web site. Smaller banks, credit unions, and banking service providers also use the technology.
In a statement, RSA said that the acquisition will help the company become a "strategic hub" for the financial marketplace. RSA will have authentication products for customers, merchants, and online transactions.
RSA inherits PassMark's portfolio of authentication technology, including image- and voice based authentication, which the company plans to add to its RSA Adaptive Authentication product line.
PassMark's technology will give RSA the "best of the different authentication methods out there," said Chris Young, a senior vice president in RSA's consumer division. "It gives customers the ability to combine one time password tokens with risk based authentication and device profiling," he said.
PassMark's customers will also be able to contribute to eFraudNetwork, a cross-bank antifraud network, RSA said.
Those customers, including Bank of America, will not be required to join eFraudNetwork, but Young said most will want to do so, especially with a deadline from the federal FFIEC at the end of the year that requires multi-factor user authentication, Young said.
PassMark is best known for its Web site watermark technology but RSA was probably interested more in the company's risk profiling technology, which allows PassMark to identify and track which computers an individual uses to access online banking sessions, said John Pescatore, a vice president at Gartner Inc.
The PassMark technology doesn't have the appeal to enterprises that the SecurID secure token business did, but will help RSA win business to employee and business to consumer deals, helping customers keep from getting phished and giving end users more confidence in online transactions.
PassMark and RSA's $145 million purchase of Cyota in December are energizing the company's authentication business, given the slow but steady growth in the token business, said John Oltsik, a senior analyst at Enterprise Strategy Group.
The acquisitions make RSA one of the biggest players in a multi-factor authentication business, which will heat up with the FFIEC deadline and the growing demand for easy to deploy technology to secure Web based services, Oltsik said.