14 DAY TRIAL // Wanting to aid the battle against online banking fraud, SafeNet released a new eToken authentication device that financial services organizations can utilize to make eBanking applications and transactions more secure.
By using an optical sensor to read transaction data from the browser, SafeNet eToken 3500 generates a unique electronic signature that validates the process to make sure the transaction cannot be manipulated with Man-in-the-Browser (MitB) or Man-in-the-Middle (MitM) attacks.
“Malware-based attacks against bank customers and employees are levying severe reputational and financial damage on their victims,” revealed Avivah Litan, vice president and distinguished analyst, Gartner Research.
“Fighting these and future types of attacks requires a layered fraud prevention approach,” Litan adds.
He advises organizations to rely not only on secure browsing while performing high-risk transactions, but also on out-of-band or dedicated hardware that verifies the processes.
“Forward-thinking financial services institutions need to approach authentication in a way that goes beyond simply verifying the identity of the user, which can be faked. To combat fraud and manage risk, customers need transaction protection and signing solutions that ensure the transaction itself is validated,” said Andrew Young, vice president of Authentication, SafeNet.
So how does it work?
Unlike other tokens that utilize cards, the eToken 3500 comes with an optical sensor which reads the details of the transaction from the computer’s screen, generating an electronic signature which is input by the user into the browser to confirm the validity of the banking operation.
This way, it’s much more difficult for a cybercriminal to tamper with transactions, but it also protects the user in case he forgets the password or in the unfortunate situation in which a hacker steals his identity.
Recently, we’ve seen a proof of concept video in which Yash K.S., chief technology officer at Red Force Labs, showed how an online banking money transfer could be easily intercepted by a virus, even if one-time password (OTP) devices were utilized.