EC Identiv's Post Password Era Solutions Gaining Traction As Company Strengthens Its Financial Position

TM editors' note: This article discusses a microcap (<$100M market cap) stock. Such stocks can be easily manipulated; do your own due diligence.

Lately, we have seen many headlines about how large companies are experiencing security breaches that have resulted in sensitive customer information being exposed to theft. 

• In yet in another string of security breaches, JP Morgan Chase (NYSE:JPM) revealed that 76 million households' and seven million businesses' contact information were compromised, in a filing with the Securities and Exchange Commission (SEC) recently.

The compromised information included names, addresses, phone numbers and e-mail address, as well as internal JPMorgan Chase information about the users, according to the filing. The bank did say however that the more sensitive information such as bank account numbers and credit cards was not affected.

• In another recent security breach, Home Depot (NYSE:HD) said on September 8th of this year that cyber thieves compromised financial information of its customers. According to the company:

On Sept. 8, we confirmed that our payment data systems were breached, which could potentially impact customers who used a payment card at our U.S. and Canadian stores in 2014, from April to September. Today, we are able to tell you that the malware used in the recent breach has been eliminated from our U.S. and Canadian networks.

Thankfully, it appears the cyber thieves in this case have been using the information to buy small insignificant everyday items such as beverages and meals at McDonald's, so it's likely the thieves in this case were just a bunch of bored kids, otherwise the damage would have been much greater by now.

• Cyber thieves used stolen/guessed passwords recently to 'steal' nude pictures of actress Jenifer Lawrence and model/actress Kate Upton from Apple's (NASDAQ:AAPL) cloud storage system. Representatives for both Upton and Lawrence had to work very hard to stop the spread of these personal pictures, and the theft has left users of Apple's cloud feeling rather insecure about their personal items stored there.

• Target (NYSE:TGT) had its data breach occur around Thanksgiving of 2013. In that case, it appears that cyber thieves installed malware unto one of Target's internal servers that stores customer credit card data. In fact, it's believed the Home Depot breach occurred in the same way.

It's really only a matter of time until more sophisticated cyber thieves will get the type of financial information in their hands that could lead to a potential financial crisis for both the businesses affected and their respective customers.

We believe a small company headquartered in the California Bay Area, Identiv (NASDAQ:INVE), has solutions that businesses and investors need to be aware of.

The cyber thieves were able to install malware in servers of Home Depot and Target that still use passwords for authentication. This gave access to the credit cards prior to encrypted storage. In simple terms, a credit card is swiped at the time/point of sale. Afterwards, it's stored and encrypted internally before being charged by the credit card company. What the thieves did was intercept the credit card numbers using malware installed on the internal servers which directed the card numbers to be sent to them.

Identiv's solution is geared for the internal server of a business. Passwords to gain authentication are not used, so Identiv's solution is part of the "post password era."

Identiv produces and manages strong two-factor authentication credentials. The company provides a service that issues and manages the life cycle of the credential (smart card or other form factor). The credential and the processor on the device are used to generate private keys inside the hardware itself. The service works with managed Public Key Infrastructure (PKI) providers like Symantec or Verizon, as well as an in-house PKI system to provide the customers with one of the strongest methods we have to protect Identity.

The complexity of smart credentials has always been in how they are managed. Typically complex expensive Card Management Systems and Public Key Infrastructure are used. Identiv's solutions allow customers to take advantage of a secure credential without having to install the complex and expensive system to manage them. The credential can be used with managed or in-house PKI systems.

With the Identiv cloud-based service for issuing trusted credentials for its customers, the company provides a service-based solution to a lot of difficult questions such as:

  • How do we protect the computers our users are logging into?
  • What is a technology that everyone already knows how to use?
  • How difficult is it to use this technology in our environment(s)?
  • How do we protect our customer information?
1 2 3 4
View single page >> |

Disclosure: I am long INVE.

How did you like this article? Let us know so we can better customize your reading experience. Users' ratings are only visible to themselves.

Comments

Leave a comment to automatically be entered into our contest to win a free Echo Show.
Mike Nolan 5 years ago Member's comment

"Thankfully, it appears the cyber thieves in this case have been using the information to buy small insignificant everyday items such as beverages and meals at McDonald's, so it's likely the thieves in this case were just a bunch of bored kids..."

Or, more likely they are professional thieves who start out with minor charges to see if the card holders are observant enough to catch them. If not, they are emboldened to start spending them more freely - a common tactic.

Scott Matusow 5 years ago Author's comment

your comment does not make much sense to me. The thieves knew from the get go their actions were exposed, so did the card companies, Any charges would be refunded immediately, so in this case, it was not on the consumer. Therefore, we stand by our view that the thieves were likely high tech script type kiddies who found a weakness in the network to exploit.

John Fitch 5 years ago Member's comment

I actually did some more research as you suggested and what I found were multiple accounts of people being impressed with the complexity of the hacks. For example, Time Erlin, a director of IT security and risk strategy: "the thing that strikes me is the level of organization, the level of planning." Highly unlikely to just be a bunch of kids. Also found that the card information was being sold underground up to a million at a time for up to $100 a piece. Not exactly McDonald's money..

Scott Matusow 5 years ago Author's comment

Our point is that one day, if companies do not switch to the type of tech Identiv offers, we will likely see cyber terrorism, in which not only will info be stolen, but entire financial systems could become shut down.

John Fitch 5 years ago Member's comment

Interesting point Mike, and one that did not occur to me. It does seem unlikely that a hack of this magnitude could have been orchestrated by a bunch of "bored kids." It would take expertise and experience to pull off.

Scott Matusow 5 years ago Author's comment

Nope, it's actually very easy to pull off with simple scripts. This is the major problem we are facing -- the ease of doing it. Do some more research on the Target and Home Depot breach and you will see that what I am saying is accurate!

Joe Black 5 years ago Member's comment

Great article, Identiv is looking good to me.

John Fitch 5 years ago Member's comment

Interesting read! What would happen if you lose your card or forget your pub key? I used Google 2FA and when I lost my phone it was a pain to try and get back my codes because for some reason my cell phone provider was having issues supplying me with a SIM card with the same exact number as my previous device. Sometimes added security comes at a cost of greater annoyances, but for things like financial data it's worth taking the extra step.

Kevin Xcintrik 5 years ago Member's comment

The main auth is a certificate auth via a CA(certificate authority). A IT department could backup your key but that wouldn't make sense for security. Ideally you would have them generate a new certificate to put on your new card for you. At the same time they would revoke your previous certificate at the CA as someone could have it.

Scott Matusow 5 years ago Author's comment

it's on Identiv servers, and can be retrieved in a matter of minutes