News
First Data Selects IronKey to Help Clients Prevent Online Banking Fraud
August 2011 by Marc Jacob
First Data Corporation will refer clients of the First Data Internet Banking solution to IronKey’s Trusted Access as an option to help them protect their customers from potential attacks by criminals on an online banking user’s PC.
IronKey Trusted Access is a secure browsing solution that financial institutions provide to their Internet banking customers. Trusted Access helps to avert criminal attacks that use malicious software such as ZeuS, SpyEye, Sunspot, and OddJob, as well as new threats that continue to evolve. According to research firm Gartner Inc., crimeware designed to take over online banking accounts and steal money is now the most significant threat concerning U.S. banks.
Trusted Access will assist First Data clients who choose the service in meeting Federal Financial Institutions Examination Council (FFIEC) guidelines for new online security controls. Trusted Access is a fraud prevention solution that may be implemented as part of a financial institution’s layered security program, which is required by the FFIEC’s new Internet authentication guidelines. Financial institutions will be evaluated under these new guidelines beginning in January 2012.
"Online account takeovers and fraud are significant concerns for financial institutions today," said Cindi Lieblich, vice president of Product Development for First Data. "Because Internet banking fraud often starts with an attack on the account holders’ PCs, regulators and industry experts recommend that financial institutions protect Internet banking sessions with layered security controls. With IronKey Trusted Access, the First Data Internet Banking solution offers an additional layer of fraud protection using industry-leading technology that enables our clients to further differentiate their product offerings and capture new business."
IronKey Trusted Access is an intelligent security software and Internet security service that is easy to use. Trusted Access provides a secure Web browser protected in a fully virtualized, read-only environment tailored to protect online banking sessions from known and unknown crimeware. Even if a computer is infected with malware, the online banking session should remain safe, secure, and private. Unlike other approaches, Trusted Access assumes a client’s computer is infected with the latest zero-day attack that would go undetected by anti-virus and other software technologies. The IronKey solution includes the Trusted Access USB security device, which launches a protected, virtualized operating system and Web browser that only works with the IronKey Trusted Network and, when deployed, limits the end user’s online access to bank-approved sites.
Trusted Access is designed to protect online banking sessions from keyboard logger, man-in-the-browser, ’backconnect’ Trojan, and DNS tampering attacks. It is also designed to protect online banking sessions from zero-day attacks, spawned by the continuous introduction of new financial malware that goes undetected by up-to-date anti-virus software, browser plug-ins, firewalls and other security software used by online banking users. Instead of trying to detect every known and to-be-developed attack, Trusted Access assumes a computer is infected with crimeware and provides the user an isolated, safer, and more secure online banking experience.
In a period of 12 months, more than 70,000 ZeuS variants were detected in the wild, with many, many more going undetected. A staggering 25% of computers, according to latest reports from the Anti-Phishing Working Group (APWG), are infected with banking Trojans such as ZeuS and SpyEye, used by criminals to take over online bank accounts and steal millions from businesses and municipalities.
