IBM tackles online banking fraud
(3 November 2008 – USA) IBM has unveiled a prototype USB device that is designed to bring a new level of security to online banking for consumers.
The new technology, which was coined the Zone Trusted Information Channel (ZTIC), plugs into the USB port of any computer and creates a direct, secure channel to a bank's online transaction server.
It therefore bypasses the PC which could be infected by malicious software (malware) or susceptible to hacker attacks.
In addition, a smart card can be inserted into the device, to help protect against man-in-the-middle attacks, which are designed to subvert normal two factor authentication systems by intercepting confidential user credentials as they are passed online.
The consumer can use the security stick to logon and validate all transactions via a display, while the USB device is securely connected to the server.
The USB device adds an extra level of security to the existing authentication solutions provided by smart card, PIN or one-time validation code, in order to counter the newest and most highly manipulative security threats.
IBM says the pilot devices, which do not require changes to the software on the bank's server or client's PC, are now available for financial institutions to trial.
Peter Buhler, manager, computer science, Zurich Research Lab, IBM, said that in the presence of an ever more professionally operating e-crime scene, it became obvious that PC-software based authentication solutions were potentially vulnerable and that an innovative solution needed to be found.
It therefore bypasses the PC which could be infected by malicious software (malware) or susceptible to hacker attacks.
In addition, a smart card can be inserted into the device, to help protect against man-in-the-middle attacks, which are designed to subvert normal two factor authentication systems by intercepting confidential user credentials as they are passed online.
The consumer can use the security stick to logon and validate all transactions via a display, while the USB device is securely connected to the server.
The USB device adds an extra level of security to the existing authentication solutions provided by smart card, PIN or one-time validation code, in order to counter the newest and most highly manipulative security threats.
IBM says the pilot devices, which do not require changes to the software on the bank's server or client's PC, are now available for financial institutions to trial.
Peter Buhler, manager, computer science, Zurich Research Lab, IBM, said that in the presence of an ever more professionally operating e-crime scene, it became obvious that PC-software based authentication solutions were potentially vulnerable and that an innovative solution needed to be found.
Subscribe