RSA Buys For The Bank, Restructures

Identity and access management experts RSA Security got a little more secure with the $145 million purchase of anti-fraud and anti-phishing software vendor Cyota.

The deal, the combination of a cash and stock purchase buyout, is expected to close within 30 days, according to RSA Security officials Monday.

RSA Security officials also announced an engineering restructuring that phases out 120 positions in its Vancouver, Canada, San Mateo, Calif., and New York City offices. The positions at these companies will move to expanded operations in Australia and India as well as its office in Bedford, Mass.

Officials expect the move to be completed December 2006. The restructuring move is expected to cost the company between $10 million and $14 million.

The company’s CFO, Jeff Glidden, also announced his retirement Monday, to take a job outside the security industry. Art Coviello, RSA Security president and CEO, will act as interim CFO until a replacement is found.

The Cyota buy gives RSA Security increased presence in the ever-paranoid financial services industry, where phishing attacks and online fraud undermine their effectiveness with its customers. Cyota, according to officials, provides online security and online anti-fraud software to 42 of the world’s top 50 banks.

The company sells a product called the eSphinx, which authenticates every user and transaction based on the user’s PC and profile and giving it a threat rating. The rating is assessed against Cyota’s eFraudNetwork, a database containing fraud information from all its customers, to see whether the incoming information has been spotted as fraud by another financial institution.

The acquisition also gives the enterprise authentication vendor a consumer product to expand its security portfolio. That’s important, as banks look for ways to strengthen its authentication measures to customers.

“Through our combination with Cyota, RSA Security will become the leader in the protection of consumer identities and remote transactions,” Coviello said in a statement. “Our customers will benefit from enhanced flexibility, and consumers will also be able to enjoy — through their account providers — access to strong authentication and transaction protection solutions that fit their lifestyles and security needs.”

RSA Security expects to position the combined offerings to meet the security needs of the e-commerce world as well among end-users, merchants and their transactions. According to a November report by e-payment and risk management vendor CyberSource fraud will account for $2.8 billion of 2005 revenues, an 8 percent gain from 2004.

Cyota technology is expected to launch some new services for RSA Security, including a a 24×7 phishing attack alert system and transaction protections using authentication.

According to officials, bank customers using the combined technology will be the first to use a risk-based, layered authentication approach that incorporates watermarking, digital certificates, smart cards, tokens and anomaly detection.

There’s been a number of consolidations within the security industry of late as vendors look to push their offerings into other market niches.

In October, Symantec paid $209 million for security and policy compliance vendor BindView Development Corp., giving the popular security company an agent-less component to its agent-based management product.

Last week Hewlett-Packard shelled out an undisclosed amount to purchase single sign-on provider Trustgenix, used in HP’s OpenView Select Federation software.