Proactive Endpoint Security a Must for Online Banking

With this approach, consumers’ sensitive information is never present in the data stream until the point of encryption.

September 23, 2010

Despite traditional online security methods, credit card fraud happens every day, costing the financial industry millions of dollars and affecting thousands of consumers.

Many of these consumers hold misconceptions about shopping and banking online that leave them vulnerable to exploitation. With hackers becoming more sophisticated, anti-virus software is no longer enough to protect consumers.

Now, financial institutions can help protect the end-user with proactive endpoint security technology.

The Problem with SSL Security

Since its introduction in 1994, Secure Socket Layer (SSL) has been the de facto standard for Internet transaction security. It’s a low-cost, widely accepted technology that doesn’t require elaborate customization.

Once data has been SSL-encrypted, it’s virtually impossible to crack. SSL was specifically designed to protect information in transit only at the point where information leaves a computer.

Therefore, one of its inherent weaknesses is that it leaves information vulnerable and unprotected while it resides on the personal computer prior to encryption.

Given the tremendous effort required to break into modern corporate networks, organized cybercriminals have shifted their focus away from highly protected corporate servers and focused instead on the weakest link in the online security chain: the end user’s personal computer.

The typical computer user's failure to install and maintain even basic security measures such as antivirus software and security updates has made it increasingly easy for organized cybercriminals to steal their sensitive data for financial gain.

According to Symantec, “Antivirus and anti-spyware software, primarily reactive in nature, may have been sufficient to protect vital resources a few years ago, but not today. Proactive endpoint security measures that protect against zero-day attacks as well as unknown threats are now vital.”

Through proactive endpoint security, sensitive data is secured at the point of origin, before it ever reaches the computer, and transferred securely to an organization’s existing server.

It consists of a simple software component that’s installed on a personal computer or workstation, which interacts with the computer’s existing SSL engine to eliminate endpoint vulnerabilities and provide comprehensive protection of sensitive information during an SSL transaction.

Without requiring changes to existing systems, the technology successfully defends against man-in-the-middle and man-in-the-browser attacks, keyjacking, keylogging, spyware, malware, viruses, and other intrusions.

Next: How proactive endpoint security works

How proactive endpoint security works

In traditional SSL, sensitive data exists in plain text until the point of encryption, leaving it vulnerable to interception or tampering. Proactive endpoint security avoids this problem by ensuring that sensitive information is never present in the data stream until the point of encryption.

A credit card holder will enter his or her username and password into the appropriate fields to access personal banking information or a credit card number to make an online purchase. When the information is transmitted for verification, rather than inserting the unencrypted sensitive information, endpoint security technology inserts variables into the data stream at locations where the remote server is expecting the sensitive information.

Next, the technology securely redirects the data stream to a secure location where the sensitive information is stored, such as a smart card, USB device, mobile phone, etc., or a software location (i.e., network server or protected storage area).

Inside this secure location, the variables are replaced with actual sensitive data (credit card number, usernames, and passwords, etc.), and the data stream is encrypted.

Finally, the encrypted data stream, containing the sensitive information in the format expected by the server, is then passed to the remote server via the SSL protocol. It arrives in the standard SSL format and can be decrypted with the same SSL keys used to protect the Web session.

By leveraging proactive endpoint security, consumers’ sensitive information is never present in the data stream until the point of encryption. Any attempts to intercept the data stream and harvest the data would be useless.

Rather than obtaining the sensitive information, a malicious user would only see meaningless variables, making this the most modern and secure method to shop and bank online.

DANIEL McCANN is president and founder of NetSecure Technologies, developer of Dynamic SSL technology, an endpoint security solution, and SmartSwipe, its latest personal credit card reader for financial institutions’ credit card holders. Contact him at 306-205-3226.