While the barium ferrite and card-swipe readings can help identify the user, they can also prevent attackers from capturing the data from one session and replaying it for a later one, Eisen says. They register a high percentage of matching factors in order to confirm the user, but they are never exactly the same, so if identical attempts occur, that indicates a compromise.
For example, with the card swipe, a 60% match is enough to confirm the card is authentic. In a demonstration of the technology, the first swipe registered 83% and a second swipe of the same card registered 79%. A swipe of two legitimate Arizona driver’s licenses issued to Eisen registered only a 4% match.
The system includes a means to derail attempts to physically force a legitimate user to log in, say at gunpoint. Users can register so-called duress cards with the service that, if run through the scanner, signal that the user is being forced to authenticate against their will. The attempt is shut down.
In addition to the $99 cost of the dongle, Trusona charges $1 per transaction. Each customer can have three devices, three tokens and three magnetic cards registered to their account. Eisen says the product is aimed at users whose authorizations carry a lot of weight, such as bank customers who are capable of moving thousands or millions of dollars or corporate executives with access to critical data.
Founded in 2015, Trusona is the second company founded by Eisen, who used to run fraud detection for American Express, in collaboration with Frank Abagnale, the former con-man and subject of the movie “Catch Me If You Can,” who is now a consultant to the FBI on working fraud and identity theft cases. The earlier company, 41st Parameter, which dealt with fraud prevention, was bought by Experian.
The two men worked together to hone the Trusona architecture. Eisen would work out what he thought was a feasible solution, and Abagnale would poke holes in it. Eisen would fix them and Abagnale would try again until they came up with the system.
They say they are motivated by helping to stop the crime typically funded by thefts related to identity compromises such as drug dealing, human trafficking and child pornography. “We want to leave a better network to the next generation than the one we got,” Eisen says.
Trusona is based in Scottsdale, Ariz., and has received an $8 million investment from Kleiner, Perkins, Caulfield and Byers.
Sign up for CIO Asia eNewsletters.