Vault ID, a single-function USB token, contains a smart-card chip that stores usernames and passwords for all online accounts.
With 63 million American adults banking online and millions falling victim to identity theft, GuardID Systems, a San Mateo, Calif. startup, forecasts shipping 250,000 ID Vaults.
The company boasts a consumer security device that protects against phishing, pharming and keystroke logging. ID Vault, a single-function USB token, contains a smart cardchip that stores user names and passwords for all online accounts.
Users can plug the "digital vault" into their PCs and click on icons for secured favorites. From there, they can choose the accounts they want to access. Pages loads automatically, saving the effort of launching browsers. The device sends encrypted data without requiring users to type access codes.
"You get used to the convenience and forget about how it's protecting you," GuardID Systems CEO Jerry Thompson said during an interview Tuesday.
ID Vault relies on proprietary software to monitor and update IP addresses on a database of 4,000 financial institutions. If a hacker tries redirecting users to an invalid site, the program warns that it is not "compatible."
If someone steals an ID Vault and attempts to log on to the owner's accounts, the information is wiped from the memory after three unsuccessful logon attempts -- but not before giving the opportunity to insert the 20-digit serial number that came with the device.
GuardID Systems offers a two-pack, with a spare token for backup, and the program allows users to print a copy of their user names and passwords. The financial site monitoring service is free for the first year and available by subscription after that.
The Federal Financial Institutions Examination Council decided last year to require banks to institute a two-layered authentication approach to prevent identity theft and account fraud. The council did not endorse specific technology, but identified USB tokens as one possibility. The council noted that the devices are difficult to duplicate, tamper resistant, user-friendly, convenient, and simple to implement.
"An effective authentication system is necessary for financial institutions' compliance with requirements to safeguard customer information; to prevent money laundering and terrorist financing; to reduce fraud and the theft of sensitive customer information, often the precursor to identity theft; and to promote legal enforceability of financial institutions' electronic agreements and transactions," the council stated when delivering the guidance.
Thompson said those users should be guarding access to financial information and other online accounts, especially as hacking becomes increasingly serious.
"Many, many of these hackers have gone from harassing you to trying to steal from you," he said. "It's generally random, not focusing on an individual. It's the low-hanging fruit. Most people are not aware there is anything they can do to prevent ID theft, and people are spending fortune on ID theft insurance. It seems that the practical thing is to prevent it and they need to know that there's a way to do that."
Approximately 27 million American adults have been victims of ID theft in the last five years, according to the Federal Trade Commission.
Gardner Research said GuardID Systems could block phishing and pharming more proactively than browser plug-ins and enhancements.
GuardID Systems began shipping the product, which costs $49.95, to Circuit City, CompUSA and Best Buy last month. The product is also selling through Internet resellers like Amazon.com.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.