Monday, December 05, 2005

RSA Acquires Cyota

Congratulations, and thanks, to CEO Naftali Bennett and the whole Cyota team!

I've had the honor of serving on Cyota's board for barely a year, but during that time I've been blown away by Cyota's relentless defense of banks against fraudsters. At a time when phishing, pharming, and identity fraud expose our accounts to easy pickings, the accountholders of Cyota's banking customers have been protected by a formidable suite of anti-fraud services. Thousands of banks--including 8 of the largest dozen in the world--use Cyota to process Verified-by-Visa, authenticate online bank transactions, shut down phishing attacks, and detect credit card fraud in real time. During my service on the board, customers like Capital One, RBC, Barclays, ING, Bank of America, Chase, US Bank, CIBC and Providian so valued the service that Cyota's account churn was absolutely zero.

Naftali and his co-founders Amir Orad, Lior Golan and Gilad Zvi have been sweating at Cyota for years, zigging and zagging through different business models as they crafted the right suite of anti-fraud services. They recruited top talent like CFO Jason Schwartz from, board member and former US Cyber-Security Chief Amit Yoran, VP Sales Geoff Geane from HNC, and Chairman Kelly Doherty (ex Vice Chairman, Bankers Trust). This outcome was not a product of luck.

Congratulations as well to RSA on acquiring this premium property right on the heels of the FFIEC industry directive to secure online bank authentication--RSA has an exciting year ahead. Despite offers from several acquirors, Cyota accepted this particular deal due to RSA's strong brand name and presence in online authentication. (The last time I negotiated a corporate development deal with RSA was in my Los Altos apartment over a poker game with Jim Bidzos, where we decided to spin out his certificate business into a newco, Digital Certificates, Inc., later re-named Verisign.)

Finally, kudos to Justin Label of Bessemer, who chased down Cyota (and every other anti-phishing vendor) as part of a focused road map initiative.


  1. congratulations!!

  2. It seemed like Cyota and its bank customers where the only ones that were applying technology to the phishing problem. I have always maintatined that phishing is the bank's problem, not their users'.

    The effort by large banks to put warnings on their home pages, send communications by mail, and in general eat the losses after considerable heartache on the part of their depositors is futile.

    There is so much banks could be doing. They could notice when their site is being harvested for instance. They could monitor for unusual activity. (Hello??? two accounts were just opened from the same source IP address!)

    RSA already has the solution, strong authentication. But I can see that the industry is scrambling for ways to avoid implimenting strong authentication and it makes sense for RSA to hedge their bets by buying the leader, Cyota.

  3. check out my
    in the UK and Ireland cyota look like phishers