Banks and companies have designed different security strategies to try and make sure that the person logging in to a service really is who they claim to be. From cards with coordinates to virtual keyboards, numerous authentication systems have already been undermined by cyber-criminals — often using banker Trojans designed to attack a specific organization. This is what is known as a targeted attack.
If a user discovers that their bank account has been raided, they file a claim with their bank in order to receive reimbursement. However, the bank must also take quick action in order to stop the attack and prevent other users from falling victim to the fraud. To do so, they must identify the malware responsible, find a way to block its effects and actually implement the necessary measures. This usually takes them a minimum of 48 hours—a window of vulnerability during which time the amount of money lost could increase considerably.
The situation is as follows: banks and financial entities spend considerable sums on online security. Despite this fact, they have to cover huge financial losses every year despite “being protected”. Why? Because they didn’t check the weakest link in the authentication process: the user. If a user happens to be infected by a newly created banker Trojan, then all the banks’ security efforts could be in vain.
To solve this problem, Panda Security has created Panda Security for Internet Transactions. This service allows banks and other financial entities operating online to scan the users’ PCs for malware. If they find that the user is infected, access to the banking website is denied, stopping the fraud from entering the system.
Blocking access, however, is just one of the options, as the service is completely configurable. Clients can determine how the scan operates, if it is mandatory or not, what malware samples must be present on the user’s computer for a transaction to be prevented, if infected users are notified, how they are notified, etc.
The scan is totally transparent and takes place in real time, so users can continue using the Web without problems. It is also fast - taking less than five seconds. Using this technology, users can feel much more secure about making online transactions and the transmission of confidential data.
The speed and transparency of the service is a key element. If it were a slow or cumbersome process, many banks would rather assume the losses deriving from fraud than trouble their clients with an awkward process. This high speed is possible because the signature file and the other scan components are not downloaded onto the users’ computers; they just have to install a small ActiveX control the first time that they use the service. The rest of the process is online and contains information on over two million malicious codes—making it one of the largest malware databases ever created.
Banks and companies will see their expenses notably reduced thanks to this service, as there will be less fraud-related losses to cover. They will also have greater control, as they will know what malware is affecting their clients at all times and how to stop it.
It is, to sum up, a development that will reduce financial losses for banks and will notably increase end-users’ confidence in online transactions.
By Bruno RodrÃguez, International Business Development Manager for Panda Security
This comment has been removed by a blog administrator.
ReplyDelete