IronKey's Trusted Access for Banking secure browsing solution meets the new online banking security guidelines from the Federal Financial Institutions Examination Council (FFIEC), the company announced today. The FFIEC member agencies have directed examiners to formally assess financial institutions under the authentication supplement beginning in January 2012.
”The FFIEC Internet banking guidance calls for multiple layers of security controls to prevent fraud and importantly, the guidance identifies the IronKey Trusted Access design as one of the five relevant and effective controls cited for preventing fraud,” said David Jevans chairman of IronKey and the Anti-Phishing Working Group (APWG).
One of the layered security controls recognized by the guidance to help prevent fraud is the use of USB devices ”that increase session security when plugged into the customers’ PC.” They are effective because they ”enable a secure link between the customer’s PC and the financial institution independent of the PC’s operating system and application software.” The only commercially available product that fits this description completely is IronKey Trusted Access for Banking.
The IronKey Trusted Access for Banking approach delivers the capabilities bank examiners will now look for, requires no changes to bank systems, and stops hackers where they are attacking--- at the online banking customer’s PC -- even if it is infected with the worst possible crimeware such as ZeuS, SpyEye, Sunspot, and OddJob.
IronKey Trusted Access also meets NACHA and FBI recommendations for safe online banking by providing a dedicated, isolated, and secure browser environment. The secure browser approach is also recognized by Gartner as one of the five critical security controls for preventing online banking fraud.1
IronKey Trusted Access for Banking is an intelligent security software and Internet security service that is as easy to use. Trusted Access provides a secure Web browser protected in a fully virtualized, read-only environment tailored to protect online banking sessions from known and unknown crimeware. Even if a computer is infected with malware, the online banking session remains safe, secure, and private. Unlike other approaches, Trusted Access protects an online banking client even if his or her computer is infected with the latest zero-day attack that would go undetected by antivirus or other signature-based software countermeasures, as highlighted in the FFIEC’s review of today’s threatscape.
The FFIEC has six voting members: the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the National Credit Union Administration, the Office of Thrift Supervision, and the State Liaison Committee.
More information about IronKey's Trusted Access for Banking is available online.
1“The Five Layers of Fraud Prevention and Using Them to Beat Malware,” Gartner, April 2011
About IronKey Trusted Access for Banking
IronKey’s Trusted Access solves a problem that until now has been out of the bank’s control – the vulnerability of the client's PC to financial malware attacks such as ZeuS and SpyEye. These crimeware toolkits combine keyboard loggers, man-in-the-browser, ‘backconnect’ Trojans, and DNS tampering attacks that go undetected by up-to-date anti-virus software, firewalls and other software-based security. In a period of 12 months, over 70,000 ZeuS variants were detected in the wild, with many, many more going undetected. Using these tools, criminals defeat sophisticated bank security controls including one-time passcode token authentication and dual user payment authorization. Trusted Access enables banks to protect their business clients, even if the client’s own computer is infested with the worst possible malware, by isolating their online access in a safe, bank-managed environment that is independent of the PC. The solution includes the Trusted Access USB security device, which launches a protected, virtualized operating system and Web browser that only works with the IronKey Trusted Network and limits the user’s online access to bank-approved sites.
Ranked as the 14th best venture-funded company in The Wall Street Journal's "Next Big Thing 2011" survey, IronKey (IronKey.com) secures data and online access for individuals, enterprises, and governments. IronKey solutions protect remote workers from the threats of data loss, compromised passwords, and computers infected by malicious software and crimeware. IronKey multi-function devices connect to a computer's USB port and are easy to manage with the IronKey management service. This allows users to securely carry sensitive corporate data, strongly authenticate to VPNs and corporate networks and isolate online banking customers from Advanced Persistent Threat attacks. IronKey customers include Fortune 500 companies, healthcare providers, financial institutions and government agencies around the world. Trusted Access for Banking has also won numerous awards such as ‘FutureNow 2010 Top 5’ from Bank Technology News.
“Protecting Online Banking Customers from Evolving Cyber Crime Threats,” a 20-minute online webcast from IronKey, can help you understand the risks facing anyone using a PC for online banking and why anti-virus software and firewalls and other conventional safeguards are not able to stop these attacks. The webcast explains the latest bank phishingattacks, the ZeuS Trojan and SpyEye, the "mule" economy and dozens of other topics relevant to understanding and fighting this serious crime wave.
“Trusted Access Guided Demonstration” provides a complete product demonstration and example attacks. Presented by Kapil Raina, senior product manager at IronKey, the demonstration also shows how banks can easily issue and manage Trusted Access.