According to eWeek, RSA is "reshuffling." Apparently, they've purchased Cyota, they're reorging the whole engineering staff (yikes), and they've lost their CFO! Look, I'm all for RSA buying companies - RSA needs to do something in order to stay alive (their revenue is at flatline right now), and they need to do it fast while there's still something left to buy stuff with. But they need to be smart about it - no aimless flailing around looking for a new business model. In my opinion - Cyota isn't going to get RSA where they want to be. What are they getting from Cyota? Cyota primarily targets FS and has 2 types of products: there's fraud prevention and B2C two-factor auth. Uh-oh.
First of all, I've said it before, and I'll say it again - two factor auth is going nowhere in FS. RSA says, "Financial services customers, in particular, are looking for different types of authentication solutions," but I have yet to speak with anyone actually in FS who has more than a passing interest.
And their fraud prevention can be summed up in two words: "payments" and "phishing". Uh-oh again. Is Verified by Visa still around? I thought it went the way of SET. Look - until Amazon and WalMart support VBV by default this technology is going exactly nowhere. The top priority for an online merchant isn't fraud-prevention - it's keeping shoppers from abandoning their carts. Slow or unresponsive servers mean abandoned carts. Bank's authentication servers have a different set of needs - and you can bet your bottom dollar that maximal performance for the VBV server isn't a top priority. From the merchant's point of view, having to make requests to some "could be faster" bank authentication server in order to authentication the user (again) adds to the transaction time - and leads directly to lost sales. Do you think preventing 100k in fraud is worth losing 3M in lost sales? Not an equation I'd be comfortable with if I were Amazon. Look, despite the shift in liability offered by VBV, the economic incentive is for merchants *NOT* to support it.
The only potential upside is the Cyota anti-phishing. They don't make enough information available on their website for me to criticize it, so maybe it's great and worth the huge bucks RSA's laid out. But I doubt it.