The Key to Secure Online Financial Transactions

Transcription

1 Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on the Internet. But who ensures the safety of these sensitive financial transactions? We know that sometimes hackers penetrate financial security systems and make big headlines in the news. We also know that these incidents almost always require some compensation to the user, as a means of protecting a company s reputation and restoring consumer confidence. The question is, how do companies protect their online financial systems and reduce their liabilities? AhnLab Online Security is the answer. Preserve your well-earned reputation and ensure the trustworthiness of your online transactions with AhnLab Online Security. Intel R Identity Protection Technology

2 AhnLab Online Security It is critical to ensure that advanced security features are in place to safeguard users financial and personal information. Did You Know? > Introducing the Innovative, Comprehensive Security Solution Who ensures the safety of sensitive financial transactions? How do companies protect their online financial systems and reduce their liabilities? > Given the sensitive nature of e-commerce data, it is critical to ensure that advanced security features are in place to safeguard users financial and personal information. AhnLab Online Security (AOS) is designed exclusively to provide security for online transactions. Regardless of the security protocols used on a local computer, AOS provides complete security for the online transaction. Unlike a typical single-purpose security solution, AOS combines three key security elements into an innovative security solution that prevents the leakage of information and thwarts attempts to compromise online financial transactions. 02

3 Why AOS is better than Conventional Security for Transaction Threats Complete security for online transaction. Threats against transaction systems are typically not one-time events or simple acts of mischief. Instead, they are complex chains of attacks against financial processing systems. The perpetrators of these attacks not only use straightforward techniques, such as keylogging and file stealing, but also highly sophisticated techniques, such as altering webpages and memory locations to carry out prolonged theft and disruption of services. In order to offer adequate protection, security solutions must have the capability to assess and respond to complex and persistent threats for ongoing transactions. Security solutions that are dependent on basic security technologies are unable to identify or properly mitigate today s advanced threats. Anti-malware is based on blacklists, but this simple technology is incapable of responding to emergent or variant hacking threats. Virtual keyboards are used to bypass the inherent vulnerabilities of physical keyboards, but hackers can easily alter webpages or capture screens to disarm this security approach. Also, Virtual Keyboards are vulnerable when capturing data via Browser Help Object (BHO). Secure Socket Layer (SSL) protection is now a required component of transaction-based web applications, but vulnerabilities exist in portions of pages and sites that are unencrypted. One-time passwords (OTPs) are used to protect only the login ID or password, which means that vulnerabilities exist after the credential gateway, and Man-In-The-Browser (MITB) attacks can alter amounts or recipients of financial transactions. Booting & OS execution Transaction services SSL connection Transaction website Internet Blocks viruses and spyware Blocks trojans, worms & malicious processes Prevents HTML injection & cross-site scripting (XSS) Prevents browser help object (BHO) hacking & screen captures Prevents memory hacking, debugging & reverse engineering Prevents phishing & pharming Prevents unauthorized network access Blocks keyloggers Secures keyboards 03

4 AOS Anti-keylogger Stronger Protection with Intel Identity Protection Technology Security solutions that are dependent on basic security technologies are unable to identify or properly mitigate today s advanced threats. AOS Anti-keylogger delivers the protection needed to keep account information safe and prevent theft of sensitive personal data that is input via a keyboard. It encrypts data immediately after input and throughout the transactions in a PC. Even if a keylogger or hacker managed to retrieve the data, it could not be decrypted and used. The anti-keylogger s advanced features include: Detection and notification of keyloggers at the user levels and kernel levels Protection of inputs from USB, PS/2, wireless, and Bluetooth keyboards Combined with Intel IPT, AOS now delivers extra protection to the transaction process. While AOS Anti-keylogger secures and protects the user s primary input data, IPT sends out a secondary authentication method to ensure multiple security layers for online transactions. AOS Anti-keylogger with Intel s IPT enables: Device Identification: Remembering the unique code of AOS on a user s computer, transactions made other than the combination of AOS and IPT is automatically prohibited. End to End Data Protection: By using IPT on both ends of the transaction - from client to server-, the protection covers the entire data stream since the data is encrypted using OTP value created at the client and decrypted using symmetric OTP value created at the server. Even if the data is stolen during the transaction, it cannot be decrypted until it is reached to the server with IPT. Two-Factor Authentication: When the user input is transferred, IPT provides a second set of password in the form of OTP that can only be decrypted by the recipient server. Unless both authentication methods provided by AOS and IPT are confirmed, transaction is prohibited. AOS Secure Browser AhnLab Online Security is an easy-to-implement, easy-to-use solution that enhances the safety and reliability of online transactions. Popular web browsers are vulnerable to malware that can exploit architectural weaknesses. AOS Secure Browser is a dedicated security browser that creates a protected environment for online transactions. It secures sensitive user data against Man-In-The-Browser (MITB) attacks such as memory hacking, webpage alteration, SQL injection, cross-site scripting (XSS), browser help object (BHO) hacking, screen capturing, debugging, and reverse engineering. By creating an independent online space for safe communication, the AOS Secure Browser prevents malware from injecting data and stealing information entered into web browsers. 04

5 AOS Firewall Most attacks on financial transactions take place through unauthorized network connections or from hacking tools that have already infected the computer. Regardless of the security protocols that are being used on the local computer, AOS Firewall provides a secure environment while a transaction is being made. It protects the user by detecting and blocking unauthorized intrusions and hacking attempts and preventing the leakage of personal information. The firewall s advanced features include: Network monitoring and blocking Real-time detection and prevention of worms, viruses, and hacking attempts Management of shared folders and logs Controlled access to programs, IP addresses, and ports AOS Capabilities Blocks network intrusions and packet manipulation in real time Blocks ZeuS, SpyEye, and other Man-In-The-Browser(MITB) attacks Blocks keyloggers Blocks Man-In-The-Middle (MITM) attacks Prevents debugging, reverse engineering, phishing, and pharming Wide platform support enables secure transactions from PCs to mobile devices AOS FOR MOBILE The number of people accessing their bank accounts and making transfers on their mobile devices is on the rise. Interoperated with either mobile banking apps or web banking through the mobile browser, AOS for Mobile will protect the transaction data sent from the mobile devices. AOS for Mobile features include: Prevents screen capture: Malicious apps targeting mobile banking can take screen captures of the credentials inputted into the screen and send the images to their servers. AOS Mobile stops the screen capture activity itself, making data theft through screen capture impossible. Detects malicious apps or malware: Scans running apps, all installed apps and newly installed apps for malicious activities. AOS for Mobile is updated to the latest engine whenever it is executed. Blocks network-using apps: When AOS for Mobile is active, it will block other network-using apps, eliminating potential risks of intrusions. It also provides a whitelist that allows network connection of preloaded or user-defined apps so that user can stay connected with the apps even when running AOS for Mobile. Direct assessment of threats: AOS for Mobile will immediately send a notification to the user when a threat is detected. User will be able to gain more control over the device security, keeping their device clean and threat-free. 05

6 Benefits AhnLab Online Security is an easy-to-implement, easyto-use solution that enhances the safety and reliability of online transactions. It is also a cost-effective way to minimize fraud losses and curb management costs associated with potential user claims. Companies who employ AOS realize the following benefits: AhnLab Online Security is the proven solution for a safer, more trustworthy online transaction environment. Reduced Costs: AOS can be implemented seamlessly into existing websites. Not only does it reduce costs and labor in the implementing process, but it also reduces costs of potential claims by users. By reducing the incidence of security events and fraud claims, businesses can also benefit from higher productivity. Easy-to-Use, Simple UI: AOS complex and sophisticated technology is wrapped in user-friendly interface. Instant messaging provides notifications of attacks or intrusion attempts and simple configurations allow it to work in the background without interfering with activity on the website. Whether your business is concerned with its current level of transaction security or it is time to gain the strategic advantage for the future, AhnLab Online Security is the proven solution for a safer, more trustworthy online transaction environment. Learn more today by contacting your AhnLab partner or local AhnLab sales representative, or by visiting: About AhnLab AhnLab develops industry-leading information security solutions and services for consumers, enterprises, and small and medium businesses worldwide. As a leading innovator in the information security arena since 1995, AhnLab s cutting-edge technologies and services meet today s dynamic security requirements, ensure business continuity for our clients, and contribute to a safe computing environment for all. We deliver a comprehensive security lineup, including proven, world-class antivirus products for desktops and servers, mobile security products, online transaction security products, network security appliances, and consulting services. AhnLab has firmly established its market position and manages sales partners in many countries worldwide. Contact your AhnLab partner or local AhnLab sales representative, or visit us online: AhnLab Online Security is in collaboration with Intel R Identity Protection Technology Intel, the world leader in silicon innovation, develops technologies, products, and initiatives to continually advance how people work and live. Intel, the Intel logo and Ultrabook are trademarks of Intel Corporation in the U.S. and/or other countries. AhnLab, Inc. / global.sales@ahnlab.com / Tel: , Sampyeong-dong, Bundang-gu, Seongnam-si, Gyeonggi-do, , Korea 2012 AhnLab, Inc. All rights reserved.