SACRAMENTO, Calif. — The Golden 1 Credit Union has become the first CU to deploy the multi-factor authentication solution from Arcot Systems for its online banking members.
But the $6 billion CU didn't really go that much out on a limb. Far from the bleeding edge, Arcot Systems already provides the authentication engine used by more than 10,000 credit unions and banks in the Verified by Visa system, the company says.
The Sunnyvale-based company now offers its software-based version of the PKI (public and private key) hardware token system to providers of online banking. The system also can be extended to the use of digital signatures.
The company's basic system is risk-based authentication, which relies on widely used services like QUOVA to collect information such as IP addresses and then a PIN and user name system to verify the host computer and users attempting to access accounts through the credit union's Corillian online banking system.
"The Golden 1 selected Arcot's cost-effective, software-based authentication solutions for its strong, multi-layered transactional security," says Lisa Swanson, vice president of e-commerce at The Golden 1.
The 600,000-member credit union chose to deploy the risk-based authentication system first and then later move on to the more-advanced system that uses the PKI-based software tokens, says R. "Doc" Vaidhyanathan, vice president of product management for Arcot Systems.
"They're doing this right," Vaidhyanathan says of his new client. "First they brought a dedicated project manager on board and then they put the risk-based solution in first because they wanted to implement something as quickly as possible.
"After they get some penetration for that, then they'll put the software token system in and then move on to digital signing and statements. This really is an excellent way to do this."
Protecting against phishing, man-in-the-middle and spyware attacks is one thing, but getting members to use the system is another, and Arcot designed the system to keep the user experience as simple as possible, Vaidhyanathan says.
"It's very similar to the user name-password system," he says. "The beauty of the way our product works is that it requires two things to make it work. One is the software token itself and the other is the PIN that goes with the token … just like you need the token–the plastic card itself–and the PIN to use an ATM machine, only it's software."
Users sign up for the system at their financial institution's online banking site, then receive a token that comes through the Web page itself and is placed on their machine as a file that the authentication engine recognizes as unique to that particular user.
"That's the key to our strategy, because it keeps the private key part of the PKI system handy, stored in your computer's software. It's our invention and we patented it. It's very foolproof and its very user friendly," Vaidhyanathan says.
In addition to complying with NCUA and other regulatory requirements for online security, "Arcot's technology is able to provide our members with a seamless, user-friendly experience," says Swanson at The Golden One.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
