Retail Use Case:

Users: A leading Entertainment Company and members of its "preferred customers" program. Around 2,500 initial clients (plus a smaller number of staff users) with the potential to expand far beyond.

Background: The Entertainment Company offers products to a broad range of customers with significant appeal to teenagers. As the percentage of revenue that comes from the Company's website increases, the Company has experienced a high percentage of denied, rejected or returned orders. After analyzing the patterns, the Company has determined that a significant percentage of the returned orders were placed by teenagers using their parent's credit cards without the parent's authorization. This is significant not only because of the cost of handling the returns and reversing the payment transactions, but also because of the perception that the Company is not acting responsibly with respect to its younger customers. (For customer retention reasons, the Company has determined that it is not in its best interest to enforce these transactions although it may have the right to do so.)

While the total number of returned transactions is still relatively small, the problem is rapidly becoming a high visibility and costly problem. As important, the Company believes that its direct competitors are experiencing a similar challenge, and believes that a solution which minimizes this problem can improve the Company's image relative to its competitors.

In addition, the Company's website has experienced roughly the same degree of fraudulent transactions from stolen credit cards as other national retailers. The Company has implemented industry recognized best practices to prevent fraudulent transactions, but believes the cost of dealing with these transactions is still too high. For these reasons, the Company has made a strategic decision to adopt practices and technologies that not only meet but exceed the requirements of the Payment Card Industry Data Security Standard (PCI DSS).

Challenge: Provide an advanced authentication solution linked to the Company's preferred customer program that, by providing an additional authentication factor, will allow the Company to reduce the risk of fraudulent or rejected transactions from its preferred customers. Also, provide the highest levels of security and privacy in accordance with the PCI DSS by encrypting all communications between the Company and its preferred members with unbreakable encryption.

Objective: To present a high-visibility, easy-to-use, scalable, unbreakable authentication and encryption solution that will stand the test of time using a key-chain type of stick drive containing the key that can be delivered to all of the Company's preferred members.

Solution: AlphaCipher iAptus

AlphaCipher iAptus is an authentication and encryption tool designed to work across public networks to provide point-to-point single source secure access to sensitive information. Using point-to-point Digital OTP encryption, the username and password are encrypted then sent to the web server. The Company's web site recognizes user names belonging to its preferred customer program and will only authenticate the user name and password if it is encrypted with the right key. Even if someone has access to the right user name, password and credit card information, the user will not be authenticated unless the information is encrypted with the appropriate key. Thus, simply keeping control over the small stick drive will ensure that only authorized transactions are accepted by the Company.

After authentication, AlphaCipher iAptus encrypts the shopping cart and payment data transmitted to the Company's servers or returned by them. Only clients who have authorized key on their personal security device can gain access to the purchase information even if all other authentication and authorization protections fail. At the same time, Management has full control over the distribution and authorization associated with that key.

Total estimated costs associated with fraudulent or rejected transactions: $5,000,000 to $7,000,000 per year.
Cost for unbreakable authentication and encryption: < $1,000,000