SlideShare una empresa de Scribd logo

Online banking security_vasco

Hai Nguyen
Hai Nguyen
Economía y finanzasEmpresariales
1 de 4
Descargar para leer sin conexión
How to secure online banking from man-in-the-middle attacks WHITE PAPER
www.vasco.comwww.vasco.comThe world’s leading software company specializing in Internet Security How to secure online banking from man-in-the-middle attacks Online banking has been steadily growing over the past decade. Almost every bank worldwide is offering online banking services to its retail customers. According to Forrester online banking adoption in the US will by 2011 grow with 55% to roughly 72 million households. By then 76% of the online households will bank online. The growth in online banking adoption in the US also comes from the younger Generation Y who grew up with the internet and they are already confidently shopping online. But how secure is online banking? Are our financial transactions at risk due to man-in-the- middle attacks? What is man-in-the-middle attack and how can banks protect themselves and their clients? MAN-IN-THE MIDDLE ATTACKS Man-in-the middle attacks are on the rise. In recent reports Gartner already advises to protect against more-sophisticated attacks. Moreover, recent cases in Europe and the US demonstrate that fraudsters are developing more complex mechanisms to intercept and alter financial transactions. Man-in-the-middle attacks typically are attacks on online banking systems. The fraudster is nestling himself in the communication flow between the customer and the bank with the aim of manipulating the transaction data to his own advantage leaving the bank and the customer unaware. Technically speaking, man-in-the-middle attacks can take two forms: remote and local man-in- the-middle attacks. With remote man-in-the-middle attacks, the fraudster will use a myriad of techniques, such as phishing and pharming, to lure the banking customer to a rogue website. When the banking customer logs onto his account to make a transaction, the rogue website is obtaining the password and transaction details, such as the beneficiary’s bank account number and the monetary amount of the transaction. The transaction details often will be altered and used by the fraudsters on the real banking website to their financial benefit. A local man-in-the-middle attack is carried out by malicious software that is installed on the end-user’s computer. This software, also called spyware or crimeware, typically infects the computer through downloads or e-mail attachments. Once the software is installed, it tracks which websites the end-user visits. When the crimeware detects that the end-user is visiting an online banking website, it waits for the user to be logged on and then initiates or alters financial transactions without the user knowing. » According to Forrester online banking adoption in the US will by 2011 grow with 55% to roughly 72 million households. By then 76% of the online households will bank online. » Gartner already advises to protect against more-sophisticated attacks. » VASCO’s solutions for online banking are used by more than 1200 banks worldwide.
www.vasco.comwww.vasco.comThe world’s leading software company specializing in Internet Security HOW CAN BANKS AND CUSTOMERS PROTECT THEMSELVES? The customer should learn to behave securely when banking over the Internet, just as he should do with other applications such as buying goods online. It is therefore very important that the customer becomes familiar with the “Internet street smarts” and be able to assess the risks involved in visiting strange websites and downloading (il)legal software. He should also be decently equipped before setting foot on the Internet, and have anti-virus, anti-spam and anti-spyware software installed on his computer. Banks should take precautions as well, and strengthen access control to their online banking applications by means of authentication technology. Strong authentication mechanisms come in two important flavors: one-time passwords and electronic signatures. One-time passwords are used for the authentication of the end-user when he logs onto the application. One-time passwords are generated based on a variable parameter, such as the time or a random number. They are valid for only a limited amount of time (typically in the range of minutes) and can only be used once. The strength of one-time passwords lies in the fact that they narrow down the window of opportunity for a fraudster to perform an attack. Hence, it becomes more difficult to perform fraudulent activities, especially when compared to the possibilities to perform fraudulent action when using static passwords. One-time passwords, however, do not provide protection against the injection of or alteration to financial transactions. In order to resolve this problem electronic signatures should be used. Electronic signatures, the second type of authentication mechanism, authenticate the financial transactions. E-signatures allow the bank to verify whether a transaction was initiated by the genuine end-user and was not altered in transit. It prevents the fraudster from submitting transactions or modifying existing transactions. As a result e-signatures offer the ideal security control against both local and remote man-in-the-middle attacks. HOW DOES IT WORK? When the end-user wants to make a financial transaction using e-signature, a Message Authentication Code (MAC) will be calculated over the transaction. The calculation uses the original transaction and a secret key as input. The secret key is something the end user shares with the bank and which is only known by them. The result of the calculation is the so-called MAC, or e-signature. The end-user electronically submits the transaction and the corresponding MAC to the bank. Upon receipt, the bank computes the MAC over the transaction with the secret key. It then compares the calculated MAC with the MAC it received from the end-user. If both are the same, the bank is sure that the genuine end-user submitted the transaction, and that the transaction was not modified in transit. As a result, the financial transaction can then be processed. If there is no match, the bank knows that either a crook submitted the transaction, or the transaction data was altered in transit. In that case, the bank rejects the transaction.
We can conclude that the calculation mechanisms, the use of a secret key more specifically, used to generate e-signature, effectively protect banks and end-users against men-in-the-middle attacks and therefore ensure secure online financial transactions. VASCO Data Security is specialized in strong two factor authentication. VASCO’s solutions for online banking are used by more than 1000 banks worldwide.The solution is typically based on VACMAN Controller technology and Digipass authentication. VASCO has embedded its software client authentication product Digipass into its VACMAN Controller server side authentication products. This means that banks which installed VACMAN Controller, can immediately protect their customers’ assets against phishing, pharming, man-in-the-middle attacks and Trojan Horses with best-of-breed Digipass strong authentication and e-signature technology. If the customer wants, he can diversify its authentication offerings to its different user segments. To do so, he can choose from a range of more than fifty Digipass authentication products, ranging from one button token, web and mobile phone authentication mechanisms and card readers. Frederik Mennes, Security Architect at VASCO Data Security Learn how to protect your online banking users from Man-in-the-Middle attacks. Attend one of our upcomming Banking Summits. Get an overview at: www.vasco.com/events BOSTON (North America) phone: +1.508.366.3400 email: info-usa@vasco.com SYDNEY (Pacific) phone: +61.2.8061.3700 email: info-australia@vasco.com SINGAPORE (Asia) phone: +65.6323.0906 email: info-asia@vasco.com BRUSSELS (Europe) phone: +32.2.609.97.00 email: info-europe@vasco.com www.vasco.com VASCO designs, develops, markets and supports patented DIGIPASS® , DIGIPASS PLUS® ,VACMAN® , IDENTIKEY® and aXsGUARD™® authentication products for the financial world, remote access, e-business and e-commerce.With tens of millions of products sold,VASCO has established itself as the world leader in Strong User Authentication for e-Banking and Enterprise Security for blue-chip corporations and governments worldwide. About VASCO Copyright © 2009 VASCO Data Security, Inc, VASCO Data Security International GmbH. All rights reserved. VASCO® , Vacman® , IDENTIKEY® , aXsGUARD™™, DIGIPASS® and ® logo are registered or unregistered trademarks of VASCO Data Security, Inc. and/or VASCO Data Security International GmbH in the U.S. and other countries. VASCO Data Security, Inc. and/or VASCO Data Security International GmbH own or are licensed under all title, rights and interest in VASCO Products, updates and upgrades thereof, including copyrights, patent rights, trade secret rights, mask work rights, database rights and all other intellectual and industrial property rights in the U.S. and other countries. Microsoft and Windows are trademarks or registered trademarks of Microsoft Corporation. Other names may be trademarks of their respective owners.

Recomendados

Online banking trojans
Online banking trojansOnline banking trojans
Online banking trojans
Andre N. Klingsheim
 
Securing your web application through HTTP headers
Securing your web application through HTTP headersSecuring your web application through HTTP headers
Securing your web application through HTTP headers
Andre N. Klingsheim
 
ONLINE BANKING
ONLINE BANKINGONLINE BANKING
ONLINE BANKING
deepa
 
Online banking
Online bankingOnline banking
Online banking
Preet Raj
 
Security In Internet Banking
Security In Internet BankingSecurity In Internet Banking
Security In Internet Banking
Chiheb Chebbi
 
E banking security
E banking securityE banking security
E banking security
Iman Rahmanian
 
Online banking ppt
Online banking pptOnline banking ppt
Online banking ppt
Vishnu V S
 
Study of Online Banking Security Mechanism in India: Take ICICI Bank as an Ex...
Study of Online Banking Security Mechanism in India: Take ICICI Bank as an Ex...Study of Online Banking Security Mechanism in India: Take ICICI Bank as an Ex...
Study of Online Banking Security Mechanism in India: Take ICICI Bank as an Ex...
IOSR Journals
 

Recomendados

Online banking trojans
Online banking trojansOnline banking trojans
Online banking trojans
Andre N. Klingsheim
 
Securing your web application through HTTP headers
Securing your web application through HTTP headersSecuring your web application through HTTP headers
Securing your web application through HTTP headers
Andre N. Klingsheim
 
ONLINE BANKING
ONLINE BANKINGONLINE BANKING
ONLINE BANKING
deepa
 
Online banking
Online bankingOnline banking
Online banking
Preet Raj
 
Security In Internet Banking
Security In Internet BankingSecurity In Internet Banking
Security In Internet Banking
Chiheb Chebbi
 
E banking security
E banking securityE banking security
E banking security
Iman Rahmanian
 
Online banking ppt
Online banking pptOnline banking ppt
Online banking ppt
Vishnu V S
 
Study of Online Banking Security Mechanism in India: Take ICICI Bank as an Ex...
Study of Online Banking Security Mechanism in India: Take ICICI Bank as an Ex...Study of Online Banking Security Mechanism in India: Take ICICI Bank as an Ex...
Study of Online Banking Security Mechanism in India: Take ICICI Bank as an Ex...
IOSR Journals
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
Hai Nguyen
 
Sms based otp
Sms based otpSms based otp
Sms based otp
Hai Nguyen
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
Hai Nguyen
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
Hai Nguyen
 
Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheet
Hai Nguyen
 
Rsa two factorauthentication
Rsa two factorauthenticationRsa two factorauthentication
Rsa two factorauthentication
Hai Nguyen
 
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Hai Nguyen
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
Hai Nguyen
 
Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 en
Hai Nguyen
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authentication
Hai Nguyen
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterprise
Hai Nguyen
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authentication
Hai Nguyen
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462
Hai Nguyen
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheet
Hai Nguyen
 
Hotpin datasheet
Hotpin datasheetHotpin datasheet
Hotpin datasheet
Hai Nguyen
 
Gambling
GamblingGambling
Gambling
Hai Nguyen
 
Ds netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationDs netsuite-two-factor-authentication
Ds netsuite-two-factor-authentication
Hai Nguyen
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationx
Hai Nguyen
 
Csd6059
Csd6059Csd6059
Csd6059
Hai Nguyen
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for banking
Hai Nguyen
 
Gurley shaw Theory of Monetary Economics.
Gurley shaw Theory of Monetary Economics.Gurley shaw Theory of Monetary Economics.
Gurley shaw Theory of Monetary Economics.
Vinodha Devi
 
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
dipikadinghjn ( Why You Choose Us? ) Escorts
 

Más contenido relacionado

Más de Hai Nguyen

Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
Hai Nguyen
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
Hai Nguyen
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
Hai Nguyen
 
Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheet
Hai Nguyen
 
Rsa two factorauthentication
Rsa two factorauthenticationRsa two factorauthentication
Rsa two factorauthentication
Hai Nguyen
 
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Hai Nguyen
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
Hai Nguyen
 
Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 en
Hai Nguyen
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authentication
Hai Nguyen
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterprise
Hai Nguyen
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authentication
Hai Nguyen
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462
Hai Nguyen
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheet
Hai Nguyen
 
Hotpin datasheet
Hotpin datasheetHotpin datasheet
Hotpin datasheet
Hai Nguyen
 
Ds netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationDs netsuite-two-factor-authentication
Ds netsuite-two-factor-authentication
Hai Nguyen
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationx
Hai Nguyen
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for banking
Hai Nguyen
 

Más de Hai Nguyen (20)

Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
 
Sms based otp
Sms based otpSms based otp
Sms based otp
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
 
Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheet
 
Rsa two factorauthentication
Rsa two factorauthenticationRsa two factorauthentication
Rsa two factorauthentication
 
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
 
Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 en
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authentication
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterprise
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authentication
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheet
 
Hotpin datasheet
Hotpin datasheetHotpin datasheet
Hotpin datasheet
 
Gambling
GamblingGambling
Gambling
 
Ds netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationDs netsuite-two-factor-authentication
Ds netsuite-two-factor-authentication
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationx
 
Csd6059
Csd6059Csd6059
Csd6059
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for banking
 

Último

VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
Call Girls Service Pune ₹7.5k Pick Up & Drop With Cash Payment 9352852248 Cal...
Call Girls Service Pune ₹7.5k Pick Up & Drop With Cash Payment 9352852248 Cal...Call Girls Service Pune ₹7.5k Pick Up & Drop With Cash Payment 9352852248 Cal...
Call Girls Service Pune ₹7.5k Pick Up & Drop With Cash Payment 9352852248 Cal...
roshnidevijkn ( Why You Choose Us? ) Escorts
 
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Call Girls in Nagpur High Profile
 
(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7
(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7
(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Top Rated Pune Call Girls Shikrapur ⟟ 6297143586 ⟟ Call Me For Genuine Sex S...
Top Rated Pune Call Girls Shikrapur ⟟ 6297143586 ⟟ Call Me For Genuine Sex S...Top Rated Pune Call Girls Shikrapur ⟟ 6297143586 ⟟ Call Me For Genuine Sex S...
Top Rated Pune Call Girls Shikrapur ⟟ 6297143586 ⟟ Call Me For Genuine Sex S...
Call Girls in Nagpur High Profile
 
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
amitlee9823
 
Top Rated Pune Call Girls Lohegaon ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Lohegaon ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Top Rated Pune Call Girls Lohegaon ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Lohegaon ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Call Girls in Nagpur High Profile
 
VIP Independent Call Girls in Taloja 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
VIP Independent Call Girls in Taloja 🌹 9920725232 ( Call Me ) Mumbai Escorts ...VIP Independent Call Girls in Taloja 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
VIP Independent Call Girls in Taloja 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
falcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunitiesfalcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunities
Falcon Invoice Discounting
 
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
From Luxury Escort : 9352852248 Make on-demand Arrangements Near yOU
 
VIP Call Girl in Thane 💧 9920725232 ( Call Me ) Get A New Crush Everyday With...
VIP Call Girl in Thane 💧 9920725232 ( Call Me ) Get A New Crush Everyday With...VIP Call Girl in Thane 💧 9920725232 ( Call Me ) Get A New Crush Everyday With...
VIP Call Girl in Thane 💧 9920725232 ( Call Me ) Get A New Crush Everyday With...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...
Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...
Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...
priyasharma62062
 
8377087607, Door Step Call Girls In Kalkaji (Locanto) 24/7 Available
8377087607, Door Step Call Girls In Kalkaji (Locanto) 24/7 Available8377087607, Door Step Call Girls In Kalkaji (Locanto) 24/7 Available
8377087607, Door Step Call Girls In Kalkaji (Locanto) 24/7 Available
dollysharma2066
 
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbaiVasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
priyasharma62062
 
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 

Último (20)

Gurley shaw Theory of Monetary Economics.
Gurley shaw Theory of Monetary Economics.Gurley shaw Theory of Monetary Economics.
Gurley shaw Theory of Monetary Economics.
 
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
 
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
 
Call Girls Service Pune ₹7.5k Pick Up & Drop With Cash Payment 9352852248 Cal...
Call Girls Service Pune ₹7.5k Pick Up & Drop With Cash Payment 9352852248 Cal...Call Girls Service Pune ₹7.5k Pick Up & Drop With Cash Payment 9352852248 Cal...
Call Girls Service Pune ₹7.5k Pick Up & Drop With Cash Payment 9352852248 Cal...
 
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
 
(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7
(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7
(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7
 
Top Rated Pune Call Girls Shikrapur ⟟ 6297143586 ⟟ Call Me For Genuine Sex S...
Top Rated Pune Call Girls Shikrapur ⟟ 6297143586 ⟟ Call Me For Genuine Sex S...Top Rated Pune Call Girls Shikrapur ⟟ 6297143586 ⟟ Call Me For Genuine Sex S...
Top Rated Pune Call Girls Shikrapur ⟟ 6297143586 ⟟ Call Me For Genuine Sex S...
 
Stock Market Brief Deck (Under Pressure).pdf
Stock Market Brief Deck (Under Pressure).pdfStock Market Brief Deck (Under Pressure).pdf
Stock Market Brief Deck (Under Pressure).pdf
 
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
 
Top Rated Pune Call Girls Lohegaon ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Lohegaon ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Top Rated Pune Call Girls Lohegaon ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Lohegaon ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
 
VIP Independent Call Girls in Taloja 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
VIP Independent Call Girls in Taloja 🌹 9920725232 ( Call Me ) Mumbai Escorts ...VIP Independent Call Girls in Taloja 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
VIP Independent Call Girls in Taloja 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
 
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
 
falcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunitiesfalcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunities
 
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
 
VIP Call Girl in Thane 💧 9920725232 ( Call Me ) Get A New Crush Everyday With...
VIP Call Girl in Thane 💧 9920725232 ( Call Me ) Get A New Crush Everyday With...VIP Call Girl in Thane 💧 9920725232 ( Call Me ) Get A New Crush Everyday With...
VIP Call Girl in Thane 💧 9920725232 ( Call Me ) Get A New Crush Everyday With...
 
Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...
Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...
Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...
 
8377087607, Door Step Call Girls In Kalkaji (Locanto) 24/7 Available
8377087607, Door Step Call Girls In Kalkaji (Locanto) 24/7 Available8377087607, Door Step Call Girls In Kalkaji (Locanto) 24/7 Available
8377087607, Door Step Call Girls In Kalkaji (Locanto) 24/7 Available
 
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
 
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbaiVasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
 
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
 

Online banking security_vasco

  • 1. How to secure online banking from man-in-the-middle attacks WHITE PAPER
  • 2. www.vasco.comwww.vasco.comThe world’s leading software company specializing in Internet Security How to secure online banking from man-in-the-middle attacks Online banking has been steadily growing over the past decade. Almost every bank worldwide is offering online banking services to its retail customers. According to Forrester online banking adoption in the US will by 2011 grow with 55% to roughly 72 million households. By then 76% of the online households will bank online. The growth in online banking adoption in the US also comes from the younger Generation Y who grew up with the internet and they are already confidently shopping online. But how secure is online banking? Are our financial transactions at risk due to man-in-the- middle attacks? What is man-in-the-middle attack and how can banks protect themselves and their clients? MAN-IN-THE MIDDLE ATTACKS Man-in-the middle attacks are on the rise. In recent reports Gartner already advises to protect against more-sophisticated attacks. Moreover, recent cases in Europe and the US demonstrate that fraudsters are developing more complex mechanisms to intercept and alter financial transactions. Man-in-the-middle attacks typically are attacks on online banking systems. The fraudster is nestling himself in the communication flow between the customer and the bank with the aim of manipulating the transaction data to his own advantage leaving the bank and the customer unaware. Technically speaking, man-in-the-middle attacks can take two forms: remote and local man-in- the-middle attacks. With remote man-in-the-middle attacks, the fraudster will use a myriad of techniques, such as phishing and pharming, to lure the banking customer to a rogue website. When the banking customer logs onto his account to make a transaction, the rogue website is obtaining the password and transaction details, such as the beneficiary’s bank account number and the monetary amount of the transaction. The transaction details often will be altered and used by the fraudsters on the real banking website to their financial benefit. A local man-in-the-middle attack is carried out by malicious software that is installed on the end-user’s computer. This software, also called spyware or crimeware, typically infects the computer through downloads or e-mail attachments. Once the software is installed, it tracks which websites the end-user visits. When the crimeware detects that the end-user is visiting an online banking website, it waits for the user to be logged on and then initiates or alters financial transactions without the user knowing. » According to Forrester online banking adoption in the US will by 2011 grow with 55% to roughly 72 million households. By then 76% of the online households will bank online. » Gartner already advises to protect against more-sophisticated attacks. » VASCO’s solutions for online banking are used by more than 1200 banks worldwide.
  • 3. www.vasco.comwww.vasco.comThe world’s leading software company specializing in Internet Security HOW CAN BANKS AND CUSTOMERS PROTECT THEMSELVES? The customer should learn to behave securely when banking over the Internet, just as he should do with other applications such as buying goods online. It is therefore very important that the customer becomes familiar with the “Internet street smarts” and be able to assess the risks involved in visiting strange websites and downloading (il)legal software. He should also be decently equipped before setting foot on the Internet, and have anti-virus, anti-spam and anti-spyware software installed on his computer. Banks should take precautions as well, and strengthen access control to their online banking applications by means of authentication technology. Strong authentication mechanisms come in two important flavors: one-time passwords and electronic signatures. One-time passwords are used for the authentication of the end-user when he logs onto the application. One-time passwords are generated based on a variable parameter, such as the time or a random number. They are valid for only a limited amount of time (typically in the range of minutes) and can only be used once. The strength of one-time passwords lies in the fact that they narrow down the window of opportunity for a fraudster to perform an attack. Hence, it becomes more difficult to perform fraudulent activities, especially when compared to the possibilities to perform fraudulent action when using static passwords. One-time passwords, however, do not provide protection against the injection of or alteration to financial transactions. In order to resolve this problem electronic signatures should be used. Electronic signatures, the second type of authentication mechanism, authenticate the financial transactions. E-signatures allow the bank to verify whether a transaction was initiated by the genuine end-user and was not altered in transit. It prevents the fraudster from submitting transactions or modifying existing transactions. As a result e-signatures offer the ideal security control against both local and remote man-in-the-middle attacks. HOW DOES IT WORK? When the end-user wants to make a financial transaction using e-signature, a Message Authentication Code (MAC) will be calculated over the transaction. The calculation uses the original transaction and a secret key as input. The secret key is something the end user shares with the bank and which is only known by them. The result of the calculation is the so-called MAC, or e-signature. The end-user electronically submits the transaction and the corresponding MAC to the bank. Upon receipt, the bank computes the MAC over the transaction with the secret key. It then compares the calculated MAC with the MAC it received from the end-user. If both are the same, the bank is sure that the genuine end-user submitted the transaction, and that the transaction was not modified in transit. As a result, the financial transaction can then be processed. If there is no match, the bank knows that either a crook submitted the transaction, or the transaction data was altered in transit. In that case, the bank rejects the transaction.
  • 4. We can conclude that the calculation mechanisms, the use of a secret key more specifically, used to generate e-signature, effectively protect banks and end-users against men-in-the-middle attacks and therefore ensure secure online financial transactions. VASCO Data Security is specialized in strong two factor authentication. VASCO’s solutions for online banking are used by more than 1000 banks worldwide.The solution is typically based on VACMAN Controller technology and Digipass authentication. VASCO has embedded its software client authentication product Digipass into its VACMAN Controller server side authentication products. This means that banks which installed VACMAN Controller, can immediately protect their customers’ assets against phishing, pharming, man-in-the-middle attacks and Trojan Horses with best-of-breed Digipass strong authentication and e-signature technology. If the customer wants, he can diversify its authentication offerings to its different user segments. To do so, he can choose from a range of more than fifty Digipass authentication products, ranging from one button token, web and mobile phone authentication mechanisms and card readers. Frederik Mennes, Security Architect at VASCO Data Security Learn how to protect your online banking users from Man-in-the-Middle attacks. Attend one of our upcomming Banking Summits. Get an overview at: www.vasco.com/events BOSTON (North America) phone: +1.508.366.3400 email: info-usa@vasco.com SYDNEY (Pacific) phone: +61.2.8061.3700 email: info-australia@vasco.com SINGAPORE (Asia) phone: +65.6323.0906 email: info-asia@vasco.com BRUSSELS (Europe) phone: +32.2.609.97.00 email: info-europe@vasco.com www.vasco.com VASCO designs, develops, markets and supports patented DIGIPASS® , DIGIPASS PLUS® ,VACMAN® , IDENTIKEY® and aXsGUARD™® authentication products for the financial world, remote access, e-business and e-commerce.With tens of millions of products sold,VASCO has established itself as the world leader in Strong User Authentication for e-Banking and Enterprise Security for blue-chip corporations and governments worldwide. About VASCO Copyright © 2009 VASCO Data Security, Inc, VASCO Data Security International GmbH. All rights reserved. VASCO® , Vacman® , IDENTIKEY® , aXsGUARD™™, DIGIPASS® and ® logo are registered or unregistered trademarks of VASCO Data Security, Inc. and/or VASCO Data Security International GmbH in the U.S. and other countries. VASCO Data Security, Inc. and/or VASCO Data Security International GmbH own or are licensed under all title, rights and interest in VASCO Products, updates and upgrades thereof, including copyrights, patent rights, trade secret rights, mask work rights, database rights and all other intellectual and industrial property rights in the U.S. and other countries. Microsoft and Windows are trademarks or registered trademarks of Microsoft Corporation. Other names may be trademarks of their respective owners.