Northern Lights Federal Credit Union (NLFCU) of Vermont has taken a proactive measure to defend members against cyberattacks aimed at their PCs by providing a secure browser from IronKey, the leader in data security and online access. The credit union will issue its members IronKey Trusted Access for Banking, a secure browsing solution that prevents identity theft, payments fraud and online banking account takeover.
Northern Lights Credit Union is one of the first to offer Trusted Bookmarks, a new feature of Trusted Access for Banking allowing members to safely access popular websites using a ‘white list’ managed by the credit union. With Trusted Access, customers know they are accessing an authentic site and their transactions are not being monitored or tampered with by crimeware.
“Our focus is on protecting our customers online when they access their accounts or pay using Northern Lights credit and debit cards,” said Rita St. Arnauld, CEO of Northern Lights FCU. “Now we can give our clients a portable secure browser that protects them even if their PC is infected with computer viruses or Trojans. And it gives them a way to make sure they are at the actual sites of top online merchants, not a copycat phishing site. We see Trusted Access as a big advantage for our customers and for us.”
Northern Lights worked with industry expert John Revilla, CEO of the CUSAG, LLC, on the IronKey implementation. “Now that the Durbin amendment has gone into effect and lowered interchange rates for debit transactions, credit unions need to focus on reducing their risks, especially in ‘card not present’ (CNP) online payments. By using IronKey Trusted Access for Banking, Northern Lights lowers its risk with online payment transactions, increases the security of its online banking and delivers real value-added service for its customers. I see this as a very strategic move that gives them a competitive edge and clear differentiation."
Trusted Access adheres to a tougher new set of guidelines from the Federal Financial Institutions Examinations Council (FFIEC) – whose members include the National Credit Union Administration (NCUA) – for securing online banking and money transfers.
IronKey Trusted Access for Banking stops hackers where they are attacking – at the customers’ PC. Even if a computer is infected with malware, the online banking session remains safe, secure and private. Trusted Access provides a secure Web browser protected in a fully virtualized, read-only environment tailored to protect online transactions from known and unknown crimeware. Demand for Trusted Access has grown because it’s proven to protect against the latest zero-day attacks that would go undetected by antivirus or other signature-based software countermeasures, as highlighted in the FFIEC’s review of today’s threatscape.
One of the layered security controls recognized by the FFIEC guidance to help prevent fraud is the use of USB devices “that increase session security when plugged into the customers’ PC.” They are effective because they “enable a secure link between the customer’s PC and the financial institution independent of the PC’s operating system and application software,” according to the FFIEC document. “The only commercially available product that fits this description completely is IronKey Trusted Access for Banking. Northern Lights is stepping ahead of its competition and demonstrates how credit unions are competing with new innovations and real value-add service to attract customers,” stated IronKey CEO Arthur Wong.
In addition, IronKey Trusted Access meets NACHA and FBI recommendations for safe online banking by providing a dedicated, isolated and secure browser environment. And the secure browser approach is recognized by Gartner as one of the five critical security controls for preventing online banking fraud.1
More information about Northern Lights FCU and IronKey's Trusted Access for Banking is available online.
1“The Five Layers of Fraud Prevention and Using Them to Beat Malware,” Gartner, April 2011
About IronKey Trusted Access for Banking
IronKey’s Trusted Access solves a problem that until now has been out of the financial institution’s control – the vulnerability of the client's PC to financial malware attacks such as ZeuS and SpyEye. These crimeware toolkits combine keyboard loggers, man-in-the-browser, ‘backconnect’ Trojans, and DNS tampering attacks that go undetected by up-to-date anti-virus software, firewalls and other software-based security. In a period of 12 months, over 70,000 ZeuS variants were detected in the wild, with many, many more going undetected. Using these tools, criminals defeat sophisticated bank security controls including one-time passcode token authentication and dual user payment authorization. Trusted Access enables banks and credit unions to protect their business and retail customers/members, even if the client’s own computer is infected with the worst possible malware, by isolating their online access in a safe, financial institution-managed environment that is independent of the PC. The solution includes the Trusted Access USB security device, which launches a protected, virtualized operating system and Web browser that only works with the IronKey Trusted Network and limits the user’s online access to financial institution-approved sites.
Ranked as the 14th best venture-funded company in The Wall Street Journal's "Next Big Thing 2011" survey, IronKey (IronKey.com) secures data and online access for individuals, enterprises, and governments. IronKey solutions protect remote workers from the threats of data loss, compromised passwords, and computers infected by malicious software and crimeware. IronKey multi-function devices connect to a computer's USB port and are easy to manage with the IronKey management service. This allows users to securely carry sensitive corporate data, strongly authenticate to VPNs and corporate networks and isolate online banking customers from Advanced Persistent Threat attacks. IronKey customers include Fortune 500 companies, healthcare providers, financial institutions and government agencies around the world. Trusted Access for Banking has also won numerous awards such as ‘FutureNow 2010 Top 5’ from Bank Technology News.
“Protecting Online Banking Customers from Evolving Cyber Crime Threats,” a 20-minute online webcast from IronKey, can help you understand the risks facing anyone using a PC for online banking and why anti-virus software and firewalls and other conventional safeguards are not able to stop these attacks. The webcast explains the latest bank phishingattacks, the ZeuS Trojan and SpyEye, the "mule" economy and dozens of other topics relevant to understanding and fighting this serious crime wave.
“Trusted Access Guided Demonstration” provides a complete product demonstration and example attacks. Presented by Kapil Raina, senior product manager at IronKey, the demonstration also shows how banks can easily issue and manage Trusted Access.