End-to-End Fraud Prevention of e-Banking Channels

1,201 views
1,165 views

Published on

Published in: Economy & Finance, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,201
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

End-to-End Fraud Prevention of e-Banking Channels

  1. 1. BANKING 2.0: TOWARDS NEXT GENERATION INTERNET BANKING EASE OF USE OF ATM WITH THE FLEXIBILITY OF INTERNET BANKING T he economic and competitive environment of The use of email by the bank to communicate with its today puts an increasing pressure on Banks & customers has led to a spate of phishing attacks with Financial Institutions (Banks) to increase somebody else impersonating the Bank to steal revenues and reduce costs. This can be done by customers’ personal information and logon credentials. increasing customer acquisition and providing Owing to this a lot of customers today are afraid of doing excellent customer service using cheaper channels. Online Banking and the Banks are unsure whether the millions of transactions hitting their server everyday are Over the past few decades, technology has transformed from genuine Internet Banking customers or from a the way Banks do business. They are operating on 24x7 fraudster. These reasons create a fundamental barrier for and 365 days basis. Now they do not need physical the bank to effectively utilize the Internet as a banking proximity to reach out to their customers and can service service delivery channel. them in any nook and corner of the world. EXISTING SOLUTIONS The technology revolution of new channels for banking started with the ATM. The convenience of the ATM A lot of products such as RSA/Vasco/VeriSign hardware transformed the cash dispensing aspect of Banks. tokens, Risk-based Authentication, Device Fingerprinting, Internet Banking leveraged the Internet channel to PKI client certificates claim to provide a solution to these enable the customers to access their bank from the problems. But despite having these products: comfort of their homes. The 3 most critical drivers for 1. Has the Bank’s business increased? Internet Banking have been: 2. Has the Internet Banking usage increased? 1. A channel that still offers the lowest cost per transaction 3. Have the Bank’s costs reduced? 2. Offering services to customers without any 4. Have the products really solved the security geographical limitations - increasing customer problem? reach INTERNET BANKING 2.0 3. On demand Banking – customers are in touch What if the Bank could have a technology that: with the bank always at any time of the day 1. Provided features of an ATM - “branded secure FUNDAMENTAL BARRIERS transaction machine” (except cash dispensing) As more and more banks offer Internet Banking, the 2. was simple to use, similar to ATM, hence would distinction between the services offered by them have not require any additional customer education – diminished. Additionally, the Customers’ PC and the use your PIN and do banking Internet have become the favorite hunting grounds for people and organizations with malicious intent to steal 3. retained the flexibility of Internet (browser identity and information of the Banks’ customers and based) Banking commit fraudulent activities. 4. would allow the bank to securely communicate Unlike ATM, the browser acts as an Internet Banking with the customer, eliminating the use of emails channel for any bank and the Bank does not have any and other insecure channels control over the integrity and security of the browser or 5. would allow the bank to market new products the Internet channel. Hence the Bank cannot brand it and and services, and that too personalized neither can protect its customers from man-in-the- 6. was based on military grade security technology middle and man-in-the-browser programs. Neither can (and 2FA enabled) the Bank control the processes running on its Customers’ PC which can steal the Login/Password/OTP data of the 7. the customers could carry with them in their customers. pockets! BANKING 2.0: TOWARDS NEXT GENERATION INTERNET BANKING 1
  2. 2. REL-ID TRUBANK 2.0 4. Dedicated Customer Care Channel for secure communications with customers. The REL-ID TruBank 2.0 is a USB-based custom-branded delivery channel that can be used by banks to offer 5. Secure Desktop Technology for protection services to their customers. against malicious programs on the User’s machine The TruBank 2.0 consists of the following: 6. Secure Transaction Authentication, Verification 1. Custom-branded browser application for and Signing provisioning of various services to the customers. 7. Out-of-Band Authentication using Mobile SMS 2. Built-in REL-ID Mutual Authentication Protocol to One-Time-Password Solution create a mutually authenticated secure channel over the internet. 8. TruSite Website Authentication Technology 3. Rel-ID TruToken for 2-factor authentication REL-ID POCKET BANKING MACHINE FEATURES 1. Branded Secure Browser a. Look and feel of the TruToken Browser can be completely customized/ personalized. b. Banks can market new products and services to the customer c. Banks can securely communicate with the customers (optional chat and messaging tool for sending account statements etc) d. Removes the security vulnerabilities like man-in-the-browser attacks of Internet Explorer/FireFox etc. 2. Agile a. TruBank 2.0 USB form factor provides for maximum mobility b. Can be totally remotely managed c. Can be optionally installed on Personal Laptop’s and Home PC’s 3. Uses military grade security technology TM a. Built-in multi-factor authentication technology (TruToken ) which is based on REL-ID Mutual Authentication Protocol (RMAP) b. Identity credentials (Login-ID/Password/PIN etc) are NOT transmitted over the communication channel – hence providing protection from the most sophisticated attack vectors like man-in-the- middle attacks c. Provides end-to-end encryption over and above SSL d. Creates a run-time secure desktop environment to protect from Man-on-the-machine/key-logger attacks e. Provides transaction signing, verification and authentication features over a separate channel REL-ID TRUBANK 2.0 BUSINESS BENEFITS 1. Introduces a new channel (a game changer) that combines the best of ATM and internet banking channels while removing the vulnerabilities and limitations of both 2. Significantly reduces transaction costs 3. Banks can promote new services and products, that too personalized 4. Based on military grade security providing end to end security without compromising on agility 5. Significantly improves customer trust, communication and hence retention 6. No change in user behavior, since using TruBank 2.0 is similar to using an ATM and normal Internet Banking, hence very little or no customer education required BANKING 2.0: TOWARDS NEXT GENERATION INTERNET BANKING 2
  3. 3. REL-ID POCKET BANKING MACHINE SCREENSHOTS TRUBANK 2.0 WITH TRUTOKEN Secure Customizable Browser (protects from man-in-the-browser attacks) Secure Desktop (protects from trojans/password sniffers) Bank’s Server Internet RMAP+SSL Channel Mutual authenticated connection (protects from man-in-the-middle attacks) USB Form Factor for mobility Built-in 2FA Mutual Authentication Token (provides for additional user authentication) Dedicated Customer Care Channel (protects from email attacks) TRUBANK 2.0 WITH INTEGRATED CUSTOMER SERVICE APPLICATION AND SECURE MESSAGING BANKING 2.0: TOWARDS NEXT GENERATION INTERNET BANKING 3
  4. 4. FUNDAMENTAL BARRIERS OF INTERNET BANKING 1.0 Browser is an universal client unlike an ATM, hence you cannot brand it, and protect it from man-in-the-browser programs Unauthenticated connection – resulting in man-in-the-middle and phishing attacks (making Hacker’s Machine OTP ineffective) Internet Bank’s Server Transactions cannot be digitally signed, resulting in Customer PC non-repudiation issues You cannot control the processes running on the OS - Trojans (password sniffers) can read Fraudulent Emails the login/password/OTP data Start your relationship with us | www.uniken.com | info@uniken.com | US: +1 (813) 943-3552 | India: +91 (020) 20250003 COPYRIGHT © 2007-09 Uniken Systems Pvt. Ltd. 052009 All rights reserved. No part of this work may be reproduced, stored in a retrieval system, adopted or transmitted in any form or by any means (electronic, mechanical, photographic, graphic, optic recording or otherwise), translated in any language or computer language, without the prior written permission of Uniken Systems Pvt. Ltd. Due care has been taken to make this document as accurate as possible. However, Uniken makes no representation or warranties with respect to the contents hereof and shall not be responsible for any loss or damage caused to the user by the direct or indirect use of this document. Furthermore, Uniken reserves the right to alter, modify or otherwise change in any manner the content hereof, without obligation of Uniken to notify any person of such revision or changes. REL-ID, REL-ID Logo, REL-ID Tag Line, TruToken, TruSite are registered trademarks of REL-ID Technologies, Inc. a wholly owned subsidiary of Uniken Business Solutions, Inc. BANKING 2.0: TOWARDS NEXT GENERATION INTERNET BANKING 4

×